Infecté par BAGLE

kalliste2b Messages postés 128 Statut Membre -  
 booddha -
Salut,

Mon antivirus NORTON n'est plus actif
le mode sans echec ne fonctionne plus
certains programmes anti spywares et autres tel que AVG anti virus, spybot etc ... ne s'ouvrent plus
Mon PC s'eteint et redemarre
Je n'arrive plus à lire les PPS

Toutes ces anomalies me semblent symptomatiques à la
présence désatreuse de BAGLE

Je mets sur ce forum différents rapports
rapport ELIBAGLA https://www.sendspace.com/file/smtggb
rapport Hijackthis http://www.sendspace.com/delete/95aqpx/56vtn
rapport combifix https://www.sendspace.com/file/doqa8n
rapport navilog https://www.sendspace.com/file/j63kod
rapport clean part 1 https://www.sendspace.com/file/yj9me6
rapport clean part 2 https://www.sendspace.com/file/ym3dum

Je suis tres perturbé devant tous ces problemes
J'espere qu'une solution me sera proposée
dans cette attente merci infiniment
Configuration: Windows XP
Internet Explorer 7.0

5 réponses

  1. booddha
     
    Bonsoir

    Je pense que tu ne penses pas que l'on va aller cliquer sur tes liens.

    Il est plus simple de copier/coller tes rapports ici.
    0
  2. kalliste2b Messages postés 128 Statut Membre
     
    Ok tu as raison
    rapport ELIBAGLA

    Sat Mar 29 23:13:52 2008
    EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):
    C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
    Por favor, envienos una muestra del fichero
    C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
    a "virus@satinfo.es". Gracias.
    C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.

    Sun Mar 30 00:06:37 2008
    EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):
    C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle (rootkit)
    Por favor, envienos una muestra del fichero
    C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.20
    a "virus@satinfo.es". Gracias.
    C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Eliminado Bagle
    Restaurada Clave: "SafeBoot\Minimal y Network"

    Sun Mar 30 00:06:44 2008
    EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando Unidad C:\
    C:\system volume information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP302\A0067053.EXE --> Eliminado Bagle
    C:\system volume information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP302\A0067054.EXE --> Eliminado Bagle
    C:\system volume information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP304\A0068430.SYS --> Eliminado Bagle (rootkit)
    C:\system volume information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP304\A0068453.SYS --> Eliminado Bagle (rootkit)

    Nº Total de Directorios: 11753
    Nº Total de Ficheros: 125448
    Nº de Ficheros Analizados: 14487
    Nº de Ficheros Infectados: 4
    Nº de Ficheros Limpiados: 4

    Sun Mar 30 00:15:24 2008
    EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):

    Sun Mar 30 00:15:37 2008
    EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando Unidad L:\

    Sun Mar 30 00:16:27 2008
    EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Acción Directa):

    Sun Mar 30 00:16:36 2008
    EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando Unidad M:\

    Nº Total de Directorios: 687
    Nº Total de Ficheros: 7447
    Nº de Ficheros Analizados: 1073
    Nº de Ficheros Infectados: 0
    Nº de Ficheros Limpiados: 0

    Sun Mar 30 00:17:06 2008
    EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando Unidad N:\

    Nº Total de Directorios: 7
    Nº Total de Ficheros: 44
    Nº de Ficheros Analizados: 0
    Nº de Ficheros Infectados: 0
    Nº de Ficheros Limpiados: 0

    Sun Mar 30 00:17:16 2008
    EliBagle v11.20 (c)2008 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando Unidad L:\

    RAPPORT Hijackthis
    Logfile of HijackThis v1.99.1
    Scan saved at 20:38:01, on 29/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Virtual Magnifying Glass\Magnifying Glass.exe
    C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
    C:\Program Files\IncrediMail\bin\ImApp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
    C:\Program Files\IncrediMail\bin\IncMail.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.liberad.com/_index.asp?lg=fr&dem=1&id=9052
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://portail.free.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb126\Dealio.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [Magnifying Glass] "C:\Program Files\Virtual Magnifying Glass\Magnifying Glass.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\yves\Application Data\Dealio\kb126\res\DealioSearch.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
    O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    rapport combofix
    ComboFix 08-03-29.1 - yves 2008-03-29 21:38:51.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.342 [GMT 1:00]
    Endroit: C:\Documents and Settings\yves\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\yves\Menu Démarrer\Programmes\Uninstall.lnk
    C:\WINDOWS\system32\drivers\down
    C:\WINDOWS\system32\drivers\down\100140.exe
    C:\WINDOWS\system32\drivers\down\100953.exe
    C:\WINDOWS\system32\drivers\down\101078.exe
    C:\WINDOWS\system32\drivers\down\101187.exe
    C:\WINDOWS\system32\drivers\down\102375.exe
    C:\WINDOWS\system32\drivers\down\102828.exe
    C:\WINDOWS\system32\drivers\down\103093.exe
    C:\WINDOWS\system32\drivers\down\103234.exe
    C:\WINDOWS\system32\drivers\down\105093.exe
    C:\WINDOWS\system32\drivers\down\105484.exe
    C:\WINDOWS\system32\drivers\down\107406.exe
    C:\WINDOWS\system32\drivers\down\108046.exe
    C:\WINDOWS\system32\drivers\down\110218.exe
    C:\WINDOWS\system32\drivers\down\110796.exe
    C:\WINDOWS\system32\drivers\down\113859.exe
    C:\WINDOWS\system32\drivers\down\113890.exe
    C:\WINDOWS\system32\drivers\down\115359.exe
    C:\WINDOWS\system32\drivers\down\116531.exe
    C:\WINDOWS\system32\drivers\down\117140.exe
    C:\WINDOWS\system32\drivers\down\119390.exe
    C:\WINDOWS\system32\drivers\down\119906.exe
    C:\WINDOWS\system32\drivers\down\122234.exe
    C:\WINDOWS\system32\drivers\down\125640.exe
    C:\WINDOWS\system32\drivers\down\127859.exe
    C:\WINDOWS\system32\drivers\down\128578.exe
    C:\WINDOWS\system32\drivers\down\129171.exe
    C:\WINDOWS\system32\drivers\down\131031.exe
    C:\WINDOWS\system32\drivers\down\131156.exe
    C:\WINDOWS\system32\drivers\down\132828.exe
    C:\WINDOWS\system32\drivers\down\134093.exe
    C:\WINDOWS\system32\drivers\down\134625.exe
    C:\WINDOWS\system32\drivers\down\135718.exe
    C:\WINDOWS\system32\drivers\down\136687.exe
    C:\WINDOWS\system32\drivers\down\136968.exe
    C:\WINDOWS\system32\drivers\down\137953.exe
    C:\WINDOWS\system32\drivers\down\139078.exe
    C:\WINDOWS\system32\drivers\down\141796.exe
    C:\WINDOWS\system32\drivers\down\142593.exe
    C:\WINDOWS\system32\drivers\down\142937.exe
    C:\WINDOWS\system32\drivers\down\143468.exe
    C:\WINDOWS\system32\drivers\down\145156.exe
    C:\WINDOWS\system32\drivers\down\146437.exe
    C:\WINDOWS\system32\drivers\down\147093.exe
    C:\WINDOWS\system32\drivers\down\147765.exe
    C:\WINDOWS\system32\drivers\down\149046.exe
    C:\WINDOWS\system32\drivers\down\150937.exe
    C:\WINDOWS\system32\drivers\down\151125.exe
    C:\WINDOWS\system32\drivers\down\153046.exe
    C:\WINDOWS\system32\drivers\down\153328.exe
    C:\WINDOWS\system32\drivers\down\154281.exe
    C:\WINDOWS\system32\drivers\down\157546.exe
    C:\WINDOWS\system32\drivers\down\157859.exe
    C:\WINDOWS\system32\drivers\down\158875.exe
    C:\WINDOWS\system32\drivers\down\160296.exe
    C:\WINDOWS\system32\drivers\down\160484.exe
    C:\WINDOWS\system32\drivers\down\163265.exe
    C:\WINDOWS\system32\drivers\down\163500.exe
    C:\WINDOWS\system32\drivers\down\163656.exe
    C:\WINDOWS\system32\drivers\down\164562.exe
    C:\WINDOWS\system32\drivers\down\166078.exe
    C:\WINDOWS\system32\drivers\down\169015.exe
    C:\WINDOWS\system32\drivers\down\169828.exe
    C:\WINDOWS\system32\drivers\down\170109.exe
    C:\WINDOWS\system32\drivers\down\171828.exe
    C:\WINDOWS\system32\drivers\down\172703.exe
    C:\WINDOWS\system32\drivers\down\173468.exe
    C:\WINDOWS\system32\drivers\down\173593.exe
    C:\WINDOWS\system32\drivers\down\174750.exe
    C:\WINDOWS\system32\drivers\down\176312.exe
    C:\WINDOWS\system32\drivers\down\178046.exe
    C:\WINDOWS\system32\drivers\down\179156.exe
    C:\WINDOWS\system32\drivers\down\179250.exe
    C:\WINDOWS\system32\drivers\down\179640.exe
    C:\WINDOWS\system32\drivers\down\179984.exe
    C:\WINDOWS\system32\drivers\down\180984.exe
    C:\WINDOWS\system32\drivers\down\181828.exe
    C:\WINDOWS\system32\drivers\down\182125.exe
    C:\WINDOWS\system32\drivers\down\184453.exe
    C:\WINDOWS\system32\drivers\down\184906.exe
    C:\WINDOWS\system32\drivers\down\185250.exe
    C:\WINDOWS\system32\drivers\down\186031.exe
    C:\WINDOWS\system32\drivers\down\187656.exe
    C:\WINDOWS\system32\drivers\down\188046.exe
    C:\WINDOWS\system32\drivers\down\189406.exe
    C:\WINDOWS\system32\drivers\down\191062.exe
    C:\WINDOWS\system32\drivers\down\193187.exe
    C:\WINDOWS\system32\drivers\down\195421.exe
    C:\WINDOWS\system32\drivers\down\195625.exe
    C:\WINDOWS\system32\drivers\down\196734.exe
    C:\WINDOWS\system32\drivers\down\196796.exe
    C:\WINDOWS\system32\drivers\down\198609.exe
    C:\WINDOWS\system32\drivers\down\200296.exe
    C:\WINDOWS\system32\drivers\down\200421.exe
    C:\WINDOWS\system32\drivers\down\201046.exe
    C:\WINDOWS\system32\drivers\down\202234.exe
    C:\WINDOWS\system32\drivers\down\204578.exe
    C:\WINDOWS\system32\drivers\down\206171.exe
    C:\WINDOWS\system32\drivers\down\206546.exe
    C:\WINDOWS\system32\drivers\down\208265.exe
    C:\WINDOWS\system32\drivers\down\208406.exe
    C:\WINDOWS\system32\drivers\down\209406.exe
    C:\WINDOWS\system32\drivers\down\210718.exe
    C:\WINDOWS\system32\drivers\down\211250.exe
    C:\WINDOWS\system32\drivers\down\211953.exe
    C:\WINDOWS\system32\drivers\down\213453.exe
    C:\WINDOWS\system32\drivers\down\214203.exe
    C:\WINDOWS\system32\drivers\down\214562.exe
    C:\WINDOWS\system32\drivers\down\215281.exe
    C:\WINDOWS\system32\drivers\down\217859.exe
    C:\WINDOWS\system32\drivers\down\218312.exe
    C:\WINDOWS\system32\drivers\down\223031.exe
    C:\WINDOWS\system32\drivers\down\224390.exe
    C:\WINDOWS\system32\drivers\down\226343.exe
    C:\WINDOWS\system32\drivers\down\230421.exe
    C:\WINDOWS\system32\drivers\down\231968.exe
    C:\WINDOWS\system32\drivers\down\232265.exe
    C:\WINDOWS\system32\drivers\down\233312.exe
    C:\WINDOWS\system32\drivers\down\235640.exe
    C:\WINDOWS\system32\drivers\down\237421.exe
    C:\WINDOWS\system32\drivers\down\241781.exe
    C:\WINDOWS\system32\drivers\down\244734.exe
    C:\WINDOWS\system32\drivers\down\245250.exe
    C:\WINDOWS\system32\drivers\down\251171.exe
    C:\WINDOWS\system32\drivers\down\251328.exe
    C:\WINDOWS\system32\drivers\down\257281.exe
    C:\WINDOWS\system32\drivers\down\258984.exe
    C:\WINDOWS\system32\drivers\down\265984.exe
    C:\WINDOWS\system32\drivers\down\267250.exe
    C:\WINDOWS\system32\drivers\down\273093.exe
    C:\WINDOWS\system32\drivers\down\277296.exe
    C:\WINDOWS\system32\drivers\down\66171.exe
    C:\WINDOWS\system32\drivers\down\67734.exe
    C:\WINDOWS\system32\drivers\down\68515.exe
    C:\WINDOWS\system32\drivers\down\68875.exe
    C:\WINDOWS\system32\drivers\down\69921.exe
    C:\WINDOWS\system32\drivers\down\71890.exe
    C:\WINDOWS\system32\drivers\down\72640.exe
    C:\WINDOWS\system32\drivers\down\73109.exe
    C:\WINDOWS\system32\drivers\down\75000.exe
    C:\WINDOWS\system32\drivers\down\79937.exe
    C:\WINDOWS\system32\drivers\down\83156.exe
    C:\WINDOWS\system32\drivers\down\87421.exe
    C:\WINDOWS\system32\drivers\down\88218.exe
    C:\WINDOWS\system32\drivers\down\91968.exe
    C:\WINDOWS\system32\drivers\down\92875.exe
    C:\WINDOWS\system32\drivers\down\95593.exe
    C:\WINDOWS\system32\drivers\down\97781.exe
    C:\WINDOWS\system32\drivers\down\97843.exe
    C:\WINDOWS\system32\drivers\down\98515.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_SROSA

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-02-28 to 2008-03-29 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-29 19:50 . 2008-03-29 19:50 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-03-29 18:46 . 2008-03-29 18:46 <REP> d-------- C:\Muestras
    2008-03-29 17:49 . 2008-03-29 17:49 <REP> d-------- C:\Program Files\CCleaner
    2008-03-29 12:40 . 2008-03-29 13:46 <REP> d-------- C:\Program Files\CDex_170b2
    2008-03-29 12:30 . 2008-03-29 12:30 <REP> d-------- C:\Documents and Settings\yves\Application Data\AccurateRip
    2008-03-29 12:30 . 2008-03-29 12:30 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.bmp
    2008-03-29 12:30 . 2008-03-29 12:30 12,915 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
    2008-03-28 20:39 . 2008-03-28 20:39 <REP> d--h----- C:\WINDOWS\PIF
    2008-03-28 14:01 . 2008-03-28 14:02 <REP> d-------- C:\Documents and Settings\yves\Application Data\Sites
    2008-03-28 14:01 . 2008-03-28 14:02 <REP> d-------- C:\Documents and Settings\yves\Application Data\Dynamique
    2008-03-28 14:01 . 2008-03-28 14:02 <REP> d-------- C:\Documents and Settings\yves\Application Data\Classes de site
    2008-03-28 14:00 . 2008-03-28 18:48 <REP> d-------- C:\Program Files\vmntoolbar
    2008-03-28 14:00 . 2008-03-28 14:05 <REP> d-------- C:\Program Files\Visicom Media
    2008-03-28 13:28 . 2008-03-28 13:31 <REP> d-------- C:\Program Files\Crystal FTP Free
    2008-03-28 13:28 . 2008-03-28 13:28 <REP> d-------- C:\Documents and Settings\yves\Application Data\Crystal FTP
    2008-03-26 13:16 . 2008-03-26 15:40 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-03-26 13:16 . 2008-03-26 13:16 3,120 --a------ C:\WINDOWS\MF_C421.lfa
    2008-03-26 13:16 . 2008-03-26 13:16 3,120 --a------ C:\WINDOWS\MF_C420.lfa
    2008-03-26 13:15 . 2008-03-26 20:28 <REP> d-------- C:\Program Files\Blaze Media Pro
    2008-03-25 21:41 . 2008-03-25 21:44 <REP> d-------- C:\Program Files\Monkey's Audio
    2008-03-25 20:23 . 2008-03-29 12:29 4,230,520 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
    2008-03-25 20:23 . 2008-03-25 21:37 27,958 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Monkeys Audio Codec.bmp
    2008-03-25 20:23 . 2008-03-25 21:38 2,275 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Monkeys Audio Codec.dat
    2008-03-24 11:02 . 2008-03-24 11:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NtiDvdCopy
    2008-03-22 18:28 . 2008-03-22 18:28 <REP> d-------- C:\Program Files\Fichiers communs\DVDVIDEOSOFT
    2008-03-22 18:28 . 2008-03-22 18:28 <REP> d-------- C:\Program Files\DVDVIDEOSOFT
    2008-03-22 18:24 . 2008-03-22 18:24 <REP> d-------- C:\Documents and Settings\yves\Application Data\Search Settings
    2008-03-22 17:54 . 2008-03-22 17:54 <REP> d-------- C:\Program Files\Search Settings
    2008-03-22 17:53 . 2008-03-22 18:24 <REP> d-------- C:\Program Files\Free FLV Converter
    2008-03-22 17:53 . 2008-03-22 17:54 <REP> d-------- C:\Program Files\Dealio
    2008-03-22 17:53 . 2007-06-18 23:22 364,544 --a------ C:\WINDOWS\system32\PropertyGrid.ocx
    2008-03-22 17:53 . 2005-10-13 13:42 208,500 --a------ C:\WINDOWS\system32\ReyXpBasics.tlb
    2008-03-22 17:53 . 2004-03-09 00:00 84,512 --a------ C:\WINDOWS\system32\PICCLP32.OCX
    2008-03-22 17:53 . 2005-09-28 01:31 24,576 --a------ C:\WINDOWS\system32\ControlSubX.ocx
    2008-03-22 17:53 . 1998-07-13 00:00 9,728 --a------ C:\WINDOWS\system32\PCCLPFR.DLL
    2008-03-21 20:54 . 2008-03-21 20:54 <REP> d-------- C:\Program Files\LimeWire
    2008-03-21 20:54 . 2008-03-21 21:56 <REP> d-------- C:\Documents and Settings\yves\Application Data\LimeWire
    2008-03-21 13:30 . 2008-03-21 13:30 <REP> d-------- C:\Program Files\Alcohol Soft
    2008-03-20 12:07 . 2008-03-20 12:07 <REP> d--hs---- C:\WINDOWS\ftpcache
    2008-03-20 12:06 . 2008-03-20 12:06 <REP> d-------- C:\Program Files\Vente Flash
    2008-03-18 11:41 . 2008-03-18 11:41 <REP> d-------- C:\Program Files\ExplorerXP
    2008-03-18 10:15 . 2008-03-18 10:43 <REP> d-------- C:\Program Files\Windows scrabble
    2008-03-13 08:38 . 2008-03-13 08:38 <REP> d-------- C:\Program Files\Stardock
    2008-03-13 08:38 . 2008-03-13 08:38 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\{A850D4D9-871B-4234-908D-21C457767270}
    2008-03-12 17:28 . 2008-03-12 17:30 <REP> d-------- C:\Program Files\Virtual Magnifying Glass
    2008-03-12 14:34 . 2008-03-12 14:53 <REP> d-------- C:\Documents and Settings\yves\Application Data\gtk-2.0
    2008-03-12 14:34 . 2008-03-12 14:34 <REP> d-------- C:\Documents and Settings\yves\.thumbnails
    2008-03-12 14:31 . 2008-03-12 14:55 <REP> d-------- C:\Documents and Settings\yves\.gimp-2.4
    2008-03-12 14:30 . 2008-03-12 14:30 <REP> d-------- C:\Program Files\GIMP-2.0
    2008-03-11 18:57 . 2008-03-11 18:57 <REP> d-------- C:\Program Files\Conjugaison
    2008-03-10 22:54 . 2008-03-14 17:09 <REP> d-------- C:\Program Files\OCCT
    2008-03-09 21:49 . 2008-03-09 21:49 <REP> d-------- C:\Documents and Settings\yves\Application Data\Ulead Systems
    2008-03-09 21:43 . 2008-03-09 21:43 <REP> d-------- C:\Program Files\Fichiers communs\Ulead Systems
    2008-03-09 21:43 . 2008-03-09 21:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
    2008-03-06 11:19 . 2008-03-06 11:19 <REP> d-------- C:\Program Files\SFRWidget
    2008-03-01 09:51 . 2008-03-01 09:51 <REP> d-------- C:\Program Files\IObit

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-29 19:37 --------- d-----w C:\Program Files\Hijackthis Version Française
    2008-03-29 18:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-03-29 15:38 --------- d-----w C:\Program Files\Unlocker
    2008-03-29 14:21 --------- d-----w C:\Program Files\eMule
    2008-03-29 13:38 --------- d-----w C:\Program Files\ZGuideTV
    2008-03-29 13:07 --------- d-----w C:\Documents and Settings\yves\Application Data\FileZilla
    2008-03-29 13:05 --------- d-----w C:\Program Files\FileZilla Client
    2008-03-29 11:32 --------- d-----w C:\Program Files\dBpowerAMP
    2008-03-28 17:46 --------- d-----w C:\Documents and Settings\yves\Application Data\Dealio
    2008-03-27 13:19 --------- d-----w C:\Program Files\MediaCoder
    2008-03-26 23:10 --------- d-----w C:\Documents and Settings\yves\Application Data\XnView
    2008-03-26 18:04 --------- d-----w C:\Documents and Settings\yves\Application Data\U3
    2008-03-26 08:35 --------- d-----w C:\Program Files\Radio Fr Solo
    2008-03-26 05:07 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-03-25 12:40 --------- d-----w C:\Documents and Settings\yves\Application Data\Image Zone Express
    2008-03-21 12:18 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2008-03-17 18:31 --------- d-----w C:\Documents and Settings\yves\Application Data\Simple Sudoku
    2008-03-12 08:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-03-09 20:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-09 20:43 --------- d-----w C:\Program Files\Ulead Systems
    2008-03-09 20:43 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-03-07 09:55 --------- d-----w C:\Program Files\IncrediMail
    2008-03-06 21:00 --------- d-----w C:\Program Files\Micro Application
    2008-03-06 13:03 --------- d-----w C:\Program Files\7-Zip
    2008-02-28 18:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\IM
    2008-02-28 18:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\IncrediMail
    2008-02-24 12:28 --------- d-----w C:\Program Files\Simple Sudoku
    2008-02-24 12:28 --------- d-----w C:\Program Files\Nvu
    2008-02-24 12:28 --------- d-----w C:\Program Files\ExtracteurIcones
    2008-02-24 12:28 --------- d-----w C:\Program Files\EnveloppesEditor1.09
    2008-02-24 12:28 --------- d-----w C:\Program Files\CartaGoGo
    2008-02-24 12:26 --------- d-----w C:\Documents and Settings\yves\Application Data\GlarySoft
    2008-02-24 12:17 --------- d-----w C:\Program Files\Glary Utilities
    2008-02-22 18:54 --------- d-----w C:\Program Files\Fichiers communs\Vbox
    2008-02-22 18:54 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-02-21 20:06 --------- d-----w C:\Program Files\Logiciels Sebastien GRENIER
    2008-02-21 08:31 --------- d-----w C:\Documents and Settings\yves\Application Data\AchrafCherti
    2008-02-21 08:28 --------- d-----w C:\Program Files\UltraSplitter
    2008-02-20 11:15 --------- d-----w C:\Program Files\XnView
    2008-02-20 11:08 --------- d-----w C:\Program Files\KC Softwares
    2008-02-16 19:22 --------- d-----w C:\Documents and Settings\yves\Application Data\Ashampoo
    2008-02-16 19:10 --------- d-----w C:\Program Files\Ashampoo
    2008-02-16 17:35 --------- d-----w C:\Program Files\scrabbleproB1.0.7
    2008-02-15 16:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\espionServerData
    2008-02-15 16:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-02-15 16:30 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared
    2008-02-15 16:26 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
    2008-02-14 19:14 --------- d-----w C:\Documents and Settings\yves\Application Data\Leadertech
    2008-02-12 15:43 --------- d-----w C:\Program Files\Photodex Presenter
    2008-02-12 15:43 --------- d-----w C:\Program Files\Photodex
    2008-02-11 19:48 --------- d-----w C:\Program Files\Photo Story 3 for Windows
    2008-02-11 12:48 --------- d-----w C:\Program Files\Fichiers communs\Micro Application Shared
    2008-02-10 09:54 --------- d-----w C:\Program Files\NCH Software
    2008-02-10 08:28 --------- d-----w C:\Program Files\IVCsoft
    2008-02-09 23:00 --------- d-----w C:\Program Files\Konvertor
    2008-02-07 10:15 --------- d-----w C:\Documents and Settings\yves\Application Data\COWON
    2008-02-05 08:02 --------- d-----w C:\Program Files\FDSoftware
    2008-02-01 07:39 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2008-02-01 07:39 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2008-02-01 07:39 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2008-02-01 07:39 --------- d-----w C:\Program Files\Symantec
    2008-01-21 15:47 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
    2008-01-21 15:47 253,952 ------w C:\WINDOWS\Setup1.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 09:42 495616]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 21:00 15360]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-02-03 10:22 160568]
    "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-02-25 13:07 243072]
    "Magnifying Glass"="C:\Program Files\Virtual Magnifying Glass\Magnifying Glass.exe" [2006-06-06 18:42 441344]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2004-06-18 06:05 659456]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-03-29 20:07 52840]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-11 23:19 7626752]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveSearch"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Acer Empowering Technology.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acer Empowering Technology.lnk
    backup=C:\WINDOWS\pss\Acer Empowering Technology.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Acer WLAN 11g USB Dongle.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acer WLAN 11g USB Dongle.lnk
    backup=C:\WINDOWS\pss\Acer WLAN 11g USB Dongle.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
    --a------ 2006-04-18 18:54 49152 C:\WINDOWS\system32\SysMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
    --a------ 2007-09-25 22:26 69632 C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    --a------ 2005-05-03 03:43 69632 C:\WINDOWS\Alcmtr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cloneur Expert Monitor]
    --a------ 2007-09-25 22:26 439211 C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    --a------ 2004-08-10 21:00 15360 C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    --a------ 2006-11-12 11:48 157592 C:\Program Files\DAEMON Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
    --a------ 2006-03-17 14:00 345088 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
    --a------ 2005-09-29 13:01 67584 C:\WINDOWS\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
    --a------ 2006-06-01 13:40 413696 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
    --a------ 2004-08-10 21:00 44032 C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    --a------ 2004-08-10 21:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
    --a------ 2008-02-25 13:07 243072 C:\Program Files\IncrediMail\bin\IncMail.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --a------ 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
    --a------ 2004-08-10 21:00 59392 C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
    --a------ 2005-05-11 16:15 45056 c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    --a------ 2006-07-11 23:19 7626752 C:\WINDOWS\system32\NvCpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    --a------ 2006-07-11 23:19 86016 C:\WINDOWS\system32\NvMcTray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a------ 2006-07-11 23:19 1519616 C:\WINDOWS\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    --a------ 2004-08-10 21:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    --a------ 2004-08-10 21:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    --a------ 2006-06-01 01:48 16208384 C:\WINDOWS\RTHDCPL.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
    --a------ 2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2007-07-12 03:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
    --a------ 2006-09-23 12:08 61440 C:\Acer\WR_PopUp\WarReg_PopUp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Radio Fr Solo\\Radio_Fr_Solo.exe"=
    "C:\\Program Files\\Radio Fr Solo\\RFSUpdate.exe"=
    "C:\\Program Files\\Radio Fr Solo\\RFScheduler.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Adobe\\Photoshop Elements 6.0\\AdobePhotoshopElementsMediaServer.exe"=
    "C:\\Program Files\\Logiciels Sebastien GRENIER\\Sudoku\\sudoku.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
    "C:\\Program Files\\Crystal FTP Free\\crystalftp.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "58787:TCP"= 58787:TCP:Pando P2P TCP Listening Port
    "58787:UDP"= 58787:UDP:Pando P2P UDP Listening Port

    R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 00:45]
    R2 KeyP;KeyP;C:\WINDOWS\system32\DRIVERS\KeyP.sys [1996-02-22 08:10]
    R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2008-01-07 12:09]
    S3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 13:46]
    S3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys [2006-04-07 19:17]
    S3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys [2006-03-08 16:10]
    S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 10:38]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f9e75f2f-de0b-11dc-bc9e-001921514e5a}]
    \Shell\AutoRun\command - N:\LaunchU3.exe -a

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-03-28 21:02:00 C:\WINDOWS\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - yves.job"

    rapport navilog
    Search Navipromo version 3.5.1 commencé le 2008-03-29 à 22:04:42.25

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1
    Session actuelle : "yves"

    Mise à jour le 23.03.2008 à 22h00 par IL-MAFIOSO

    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 7.0.5730.11
    Système de fichiers : NTFS

    Executé en mode normal

    *** Recherche Programmes installés ***

    *** Recherche dossiers dans C:\WINDOWS ***

    *** Recherche dossiers dans C:\Program Files ***

    *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***

    *** Recherche dossiers dans "C:\Documents and Settings\yves\applic~1" ***

    *** Recherche dossiers dans "C:\Documents and Settings\yves\locals~1\applic~1" ***

    *** Recherche dossiers dans "C:\Documents and Settings\yves\menudm~1\progra~1" ***

    *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***

    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net

    Aucun Fichier trouvé

    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans C:\WINDOWS\system32 *

    * Recherche dans "C:\Documents and Settings\yves\locals~1\applic~1" *

    * Recherche dans "C:\docume~1\Administrateur\locals~1\applic~1" *

    *** Recherche fichiers ***

    *** Recherche clés spécifiques dans le Registre ***

    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche nouveaux fichiers Instant Access :

    2)Recherche Heuristique :

    * Dans C:\WINDOWS\system32 :

    * Dans "C:\Documents and Settings\yves\locals~1\applic~1" :

    * Dans "C:\docume~1\Administrateur\locals~1\applic~1" :

    3)Recherche Certificats :

    Certificat Egroup absent !
    Certificat Electronic-Group absent !
    Certificat OOO-Favorit absent !
    Certificat Sunny-Day-Design-Ltd absent !

    4)Recherche fichiers connus :

    *** Analyse terminée le 2008-03-29 à 22:10:12.50 ***

    rapport clean part 1
    C:\WINDOWS\System32\nvapps.xml -->2008-03-29 20:35:06
    C:\WINDOWS\System32\wpa.dbl -->2008-03-29 16:32:58
    C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat -->2008-03-29 12:30:40
    C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.bmp -->2008-03-29 12:30:20
    C:\WINDOWS\System32\SpoonUninstall.exe -->2008-03-29 12:29:14
    C:\WINDOWS\System32\FNTCACHE.DAT -->2008-03-29 09:36:31
    C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Monkeys Audio Codec.dat -->2008-03-25 21:38:39
    C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Monkeys Audio Codec.bmp -->2008-03-25 21:37:24
    C:\WINDOWS\System32\BASSMOD.dll -->2008-03-07 00:07:45
    C:\WINDOWS\System32\MRT.exe -->2008-03-05 17:30:54
    C:\WINDOWS\System32\pxafs.dll -->2008-02-15 17:26:38
    C:\WINDOWS\System32\pxdrv.dll -->2008-02-15 17:26:37
    C:\WINDOWS\System32\pxcpyi64.exe -->2008-02-15 17:26:37
    C:\WINDOWS\System32\pxcpya64.exe -->2008-02-15 17:26:37
    C:\WINDOWS\System32\pxsfs.dll -->2008-02-15 17:26:36
    C:\WINDOWS\System32\pxmas.dll -->2008-02-15 17:26:36
    C:\WINDOWS\System32\pxinsi64.exe -->2008-02-15 17:26:36
    C:\WINDOWS\System32\pxinsa64.exe -->2008-02-15 17:26:36
    C:\WINDOWS\System32\pxhpinst.exe -->2008-02-15 17:26:36
    C:\WINDOWS\System32\pxwave.dll -->2008-02-15 17:26:35
    C:\WINDOWS\System32\px.dll -->2008-02-15 17:26:32
    C:\WINDOWS\System32\PerfStringBackup.INI -->2008-02-06 09:06:03
    C:\WINDOWS\System32\perfh00C.dat -->2008-02-06 09:06:03
    C:\WINDOWS\System32\perfh009.dat -->2008-02-06 09:06:03
    C:\WINDOWS\System32\perfc00C.dat -->2008-02-06 09:06:03

    C:\WINDOWS\0.log -->2008-03-29 21:42:49
    C:\WINDOWS\ModemLog_PCI SoftV92 Modem.txt -->2008-03-29 21:42:48
    C:\WINDOWS\WindowsUpdate.log -->2008-03-29 21:42:43
    C:\WINDOWS\wiadebug.log -->2008-03-29 21:42:41
    C:\WINDOWS\wiaservc.log -->2008-03-29 21:42:40
    C:\WINDOWS\system.ini -->2008-03-29 21:42:20
    C:\WINDOWS\bootstat.dat -->2008-03-29 21:42:09
    C:\WINDOWS\SchedLgU.Txt -->2008-03-29 21:41:23
    C:\WINDOWS\setupapi.log -->2008-03-29 20:09:59
    C:\WINDOWS\ntbtlog.txt -->2008-03-29 19:14:39
    C:\WINDOWS\PR1V2.INI -->2008-03-29 18:12:08
    C:\WINDOWS\MF_C421.lfa -->2008-03-26 13:16:33
    C:\WINDOWS\MF_C420.lfa -->2008-03-26 13:16:33
    C:\WINDOWS\Radio_Fr.ini -->2008-03-26 09:35:41
    C:\WINDOWS\ULEAD32.INI -->2008-03-08 09:45:09

    rapport clean part 2
    C:\WINDOWS\System32\SpoonUninstall.exe -->2008-03-29 12:29:14
    C:\WINDOWS\System32\MRT.exe -->2008-03-05 17:30:54
    C:\WINDOWS\System32\pxcpyi64.exe -->2008-02-15 17:26:37
    C:\WINDOWS\System32\pxcpya64.exe -->2008-02-15 17:26:37
    C:\WINDOWS\System32\pxinsi64.exe -->2008-02-15 17:26:36
    C:\WINDOWS\System32\pxinsa64.exe -->2008-02-15 17:26:36
    C:\WINDOWS\System32\pxhpinst.exe -->2008-02-15 17:26:36
    C:\WINDOWS\System32\BASSMOD.dll -->2008-03-07 00:07:45
    C:\WINDOWS\System32\pxafs.dll -->2008-02-15 17:26:38
    C:\WINDOWS\System32\pxdrv.dll -->2008-02-15 17:26:37
    C:\WINDOWS\System32\pxsfs.dll -->2008-02-15 17:26:36
    C:\WINDOWS\System32\pxmas.dll -->2008-02-15 17:26:36
    C:\WINDOWS\System32\pxwave.dll -->2008-02-15 17:26:35
    C:\WINDOWS\System32\px.dll -->2008-02-15 17:26:32

    Besoin d'aide
    merci a tous
    0
  3. booddha
     
    Supprime ton hijackthis qui est obsolète

    ==================== HIJACKTHIS ======================

    HijackThis

    • Télécharger HijackThis
    • Installer HijackThis en se laissant guider (Accepter le répertoire proposé sans rien changer)
    • Fermer HijackThis
    • Télécharger sur le bureau HJTNew (Si le Pare-Feu ou l'Anti-virus se manifeste, Ignorer)
    • Fermer toutes les applications
    • Se débrancher d'Internet (Enlever le cable, c'est encore la meilleure solution)
    • Lancer HJTNew.exe (Si le Pare-Feu ou l'Anti-virus se manifeste, Ignorer)
    Ne pas s'étonner pour HJTNew, rien ne s'affiche, juste une fenêtre qui s'ouvre et se ferme aussitôt. C'est normal.
    • Click sur Do a system scan and save a logfile
    • Copier/Coller le rapport dans le prochain message
    • Supprimer HJTNew.exe (sinon l'Anti-virus risque de se manifester souvent) puis
    • Attendre la suite
    _
    0
  4. kalliste2b Messages postés 128 Statut Membre
     
    Bonjour,

    j'ai suivi tes instructions
    voici le nouveau rapport hijackthis
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 08:30, on 2008-03-30
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Virtual Magnifying Glass\Magnifying Glass.exe
    C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
    C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Trend Micro\HijackThis\MonJack.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.liberad.com/_index.asp?lg=fr&dem=1&id=9052
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://portail.free.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb126\Dealio.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [Magnifying Glass] "C:\Program Files\Virtual Magnifying Glass\Magnifying Glass.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] E:\prhyper.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\yves\Application Data\Dealio\kb126\res\DealioSearch.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
    O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. booddha
     
    ======================= BT Fix ==========================

    • Téléchargez BTFix (par bibi26)
    • Décompresser l'archive (clique droit sur l'archive -> extraire tout) sur le Bureau.
    Il doit y avoir maintenant un dossier du nom de BTFix.
    • Sur le Bureau, ouvrir le dossier BTFix.
    • Double-click sur le fichier BTFix.exe.
    • Click sur Rechercher
    • En fin de procédure il affiche le rapport.
    • Copier/Coller le rapport dans le prochain message

    -------- Désinfection

    • Ouvrir BTFix.
    • Cliquer sur Nettoyer.
    • Un rapport va apparaitre, le copier/coller dans la prochaine réponse.
    • Copier/coller un nouveau rapport HiJackThis
    0