Probleme virus msn

Résolu
pierre888 Messages postés 253 Statut Membre -  
pierre888 Messages postés 253 Statut Membre -
Bonjour,
bonjour a tous
voila j'ai un problème avec msn j'ai acepte sans reflechir un fichier contenant une soit disant photo de moi qui vene de mon frère :s
j'ai tente de le supprime mes j'y arrive pas
j'ai fait un scan avec avast en mode sans echec et j'ai aussi utilise msn fixe mes rien :s
voici le rapport

MSNFix 1.700

D:\Documents and Settings\clement\Bureau\MSNFix\MSNFix
Fix exécuté le 06/04/2008 - 16:16:09,57 By clement
mode normal

************************ Recherche les fichiers présents

... D:\WINDOWS\system32\%%%.exe
... D:\WINDOWS\system32\%%%.exe

************************ Recherche les dossiers présents

Aucun dossier trouvé

************************ Suppression des fichiers

.. OK ... D:\WINDOWS\system32\%.exe
.. OK ... D:\WINDOWS\system32\%.exe
/!\ ... D:\WINDOWS\system32\%%%.exe
/!\ ... D:\WINDOWS\system32\%%%.exe
/!\ ... D:\WINDOWS\system32\%%%.exe
/!\ ... D:\WINDOWS\system32\%%%.exe

************************ Nettoyage du registre

Les fichiers encore présents seront supprimés au prochain redémarrage

Aucun Fichier trouvé
.. OK ... D:\WINDOWS\system32\%.exe

************************ Fichiers suspects

Aucun Fichier trouvé

Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 06042008_16361681.zip

************************ HKLM\...\Winlogon\Userinit

Userinit = D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\%.exe

------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

merci d'avance pr toutes vos reponse
pierre:)))

--
La créativité est faites d'attention et de respect pour les petits faits de la vie.
Configuration: Windows XP
Firefox 2.0.0.13

25 réponses

  • 1
  • 2
  1. booddha
     

    Bonjour/Bonsoir
    • Ne pas surfer ailleurs que sur le site
    • Couper MSN ou tout autre connexion hormis celle sur le site
    • Appliquer exactement et dans l'ordre les procédures indiquées.
    Au cas ou plusieurs intervenants se manifestent, en choisir un et un seul.

    • Rester devant la machine en rafraichissant souvent le forum pour voir les nouvelles réponses.
    • Répondre sans attendre à toutes les questions posées dans l'ordre ou elles ont étés posées
    • Etre précis dans les réponses. Ne s'en tenir qu'au sujet et rien qu'au sujet.
    A proscrire : le language SMS.

    Ne pas quitter tant qu'il n'est pas dit explicitement que le problème est résolu ou qu'il dépasse les compétences de celui ou ceux qui vous aident.
    • Ne pas ouvrir plusieurs discussions sur le même sujet sauf si on vous le demande (Problème non résolu. Ca arrive)

    • Ne pas s'impatienter. L'analyse d'un rapport et la recherche de solutions appropriées prends un certain temps. Inutile donc de reposter le même message. Nous ne vous oublions pas, nous vous cherchons une solution

    • Ne pas oublier : nous sommes bénévoles. Nous mangeons, nous dormons, nous travaillons, nous avons une vie de famille aussi.

    • Les procédures qui vont suivre, bien que largement éprouvées, sont mises en oeuvre aux risques et périls du possesseur de la machine.


    Préparation de la machine
    • Vider la corbeille
    • Fermer toutes les applications

    ================ PareFeu XP - Vista ===================
    • Si un autre pare-feu que celui de windows est installé, vérifier qu'il est actif et passer à l'étape CCleaner

    • Sinon

    pour activer/désactiver le Pare-feu Vista
    pour activer/désactiver le Pare-feu Xp le Pare-feu Vista

    • Activer le pare-Feu si ce n'est déjà fait

    ===================== CCLEANER ========================
    Pour le petit coup de polish.
    • Appliquer la procédure ci-dessous.
    • l'outil pourra être conservé pour faire le ménage de temps en temps en appliquant la même procédure.

    • Télécharger CCLeaner et l'installer sur le bureau en refusant l'installation de la barre Yahoo.
    • Fermer toutes les applications
    • Lancer CCLeaner
    S'il n'est pas en Français cliquer sur Options, Setting, Language et sélectionner Français
    • cocher dans le menu Nettoyeur - onglet Windows :
    Internet Explorer: Fichiers Internet Temporaires, Cookies
    • Système: Vider la Poubelle, Fichiers Temporaires, Presse-papiers
    • Avancé: Vieilles données du Prefetch
    • Décocher dans le menu Options - sous-menu Avancé :
    Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures
    • Cocher dans le menu Nettoyeur - onglet Applications : Internet: Sun Java
    • Cocher , si cela est possible, dans le menu Nettoyeur - onglet Applications :
    Firefox/Mozilla: Cache Internet, Cookies
    • Click sur Analyse
    • Click sur le bouton Lancer le nettoyage dans le menu Nettoyeur.
    • Click sur Registre
    • Sélectionner tout
    • Click sur Chercher des erreurs (En bas)

    Une fois le scan terminé sélectionner tout
    • Click sur Réparer les erreurs sélectionnées

    ==================== HIJACKTHIS ======================

    HijackThis

    • Télécharger HijackThis
    • Installer HijackThis en se laissant guider (Accepter le répertoire proposé sans rien changer)
    • Fermer HijackThis
    • Télécharger sur le bureau HJTNew (Si le Pare-Feu ou l'Anti-virus se manifeste, Ignorer)
    • Fermer toutes les applications
    • Se débrancher d'Internet (Enlever le cable, c'est encore la meilleure solution)
    • Lancer HJTNew.exe (Si le Pare-Feu ou l'Anti-virus se manifeste, Ignorer)
    Ne pas s'étonner pour HJTNew, rien ne s'affiche, juste une fenêtre qui s'ouvre et se ferme aussitôt. C'est normal.
    • Click sur Do a system scan and save a logfile
    • Copier/Coller le rapport dans le prochain message
    • Supprimer HJTNew.exe (sinon l'Anti-virus risque de se manifester souvent) puis
    • Attendre les instructions
    0
  2. pierre888 Messages postés 253 Statut Membre 65
     
    re bonsoir merci booddha de bien vouloir m'aide voila dsl j'ai mis un peut de temps a repondre je pense pas avoir une reponse aussi vite maintenant je suis la pas de probleme :)))
    voici le rapport hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 02:05:58, on 07/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    D:\Program Files\Alwil Software\Avast4\ashServ.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    D:\Program Files\Bonjour\mDNSResponder.exe
    D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    D:\WINDOWS\system32\nvsvc32.exe
    D:\WINDOWS\system32\PSIService.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    D:\Program Files\WebcamMax\wcmmon.exe
    D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe
    D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    D:\Program Files\Analog Devices\Core\smax4pnp.exe
    D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    D:\WINDOWS\system32\RUNDLL32.EXE
    D:\WINDOWS\system32\LVCOMSX.EXE
    D:\Program Files\Logitech\Video\LogiTray.exe
    D:\Program Files\iTunes\iTunesHelper.exe
    D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\Program Files\Neuf\Kit\WiFi\9wifi.exe
    D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Logitech\Video\FxSvr2.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    D:\Program Files\Google\Google Updater\GoogleUpdater.exe
    D:\Program Files\iPod\bin\iPodService.exe
    D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    D:\Program Files\Windows Live\Messenger\usnsvc.exe
    D:\WINDOWS\system32\wscntfy.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\%%%.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - D:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: Traducteur - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - D:\Program Files\PRMT6\PRMTIE\prmtie.dll
    O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [WebcamMaxMoniter] "D:\Program Files\WebcamMax\wcmmon.exe" /a
    O4 - HKLM\..\Run: [vspdfprsrv.exe] D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background
    O4 - HKLM\..\Run: [TrayServer] D:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [JMB36X IDE Setup] D:\WINDOWS\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Flashget] D:\Program Files\FlashGet\FlashGet.exe /min
    O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "D:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
    O4 - HKLM\..\Run: [36X Raid Configurer] D:\WINDOWS\system32\xRaidSetup.exe boot
    O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ManyCam] "D:\Program Files\ManyCam 2.1\ManyCam.exe"
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Raccourci (2) vers chatserv.lnk = C:\chatserv4\chatserv.exe
    O4 - Startup: Raccourci (3) vers chatserv.lnk = C:\chatserv9\chatserv.exe
    O4 - Startup: Raccourci vers chatserv.lnk = C:\chatserv2\chatserv.exe
    O4 - Startup: Raccourci vers chatserv5.lnk = C:\chatserv_bleu\chatserv.exe
    O4 - Startup: TribalWeb.lnk = D:\Program Files\TribalWeb\tribalweb.exe
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - D:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Program Files\PRMT6\PRMTIE\prmtie5.htm
    O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Program Files\PRMT6\PRMTIE\prmtie5.htm
    O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Program Files\PRMT6\PRMTIE\options.htm
    O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Program Files\PRMT6\PRMTIE\options.htm
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - https://resources.flexera.com/web/installengine/engine/isetupml.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: ProtexisLicensing - Unknown owner - D:\WINDOWS\system32\PSIService.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
    0
  3. booddha
     
    ===================== MSNFix ========================

    • Télécharger MSNFix.zip (de !aur3n7 et Regis59) sur le bureau :

    Conseil : Toujours télécharger avant utilisation pour profiter des dernières mises à jour.
    Remarque: Il est possible que l'antivirus détécte un virus au téléchargement,
    il s'agit de Process.exe qui est un faux positif.


    • Décompresser (clic droit : Extraire ici).
    • A la racine du système, déplace le dossier décompressé, comme suit : C:\MSNFix.
    • L'ouvrir et double click sur le fichier MSNFix.bat. (Sous Vista l'ouvrir en tant qu'administrateur)
    • Exécutez l'option R.
    • Patienter le temps nécessaire
    • Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage.
    • Patienter le temps nécessaire, le nettoyage peut, en fonction des performances ou du nombre d'infections, prendre un certain temps
    • A la fin du scan,un message peut vous inviter à redémarrer l'ordinateur.C'est impératif pour terminer le nettoyage, si vous tardez à le faire l'infection pourrait se réinstaller d'elle même dans le système.'
    • Sauvegarder ce rapport puis en faire un copier/coller sur le forum.
    • Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt
    • Copier/Coller le rapport dans la prochaine réponse.

    Note :
    Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations.
    Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
    Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.


    Je vais me coucher
    0
  4. pierre888 Messages postés 253 Statut Membre 65
     
    re bonjour voici le rapport

    MSNFix 1.700

    D:\MSNFix
    Fix exécuté le 07/04/2008 - 5:08:34,25 By clement
    mode normal

    ************************ Recherche les fichiers présents

    ... D:\WINDOWS\system32\%%%.exe
    ... D:\WINDOWS\system32\%%%.exe
    ... D:\WINDOWS\mrofinu*.exe
    ... D:\WINDOWS\mrofinu*.exe.tmp

    ************************ Recherche les dossiers présents

    Aucun dossier trouvé

    ************************ Suppression des fichiers

    .. OK ... D:\WINDOWS\system32\%.exe
    /!\ ... D:\WINDOWS\system32\%%%.exe
    /!\ ... D:\WINDOWS\system32\%%%.exe
    /!\ ... D:\WINDOWS\system32\%%%.exe
    /!\ ... D:\WINDOWS\system32\%%%.exe
    .. OK ... D:\WINDOWS\mrofinu*.exe
    .. OK ... D:\WINDOWS\mrofinu*.exe.tmp

    ************************ Nettoyage du registre

    Les fichiers encore présents seront supprimés au prochain redémarrage

    ************************ Suppression des fichiers

    .. OK ... D:\WINDOWS\system32\real.txt
    .. OK ... D:\WINDOWS\system32\%.exe

    ************************ Fichiers suspects

    Aucun Fichier trouvé

    Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 07042008_ 5123489.zip

    ************************ HKLM\...\Winlogon\Userinit

    Userinit = D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\%.exe

    ------------------------------------------------------------------------
    Auteur : !aur3n7 Contact: https://www.ionos.fr/
    ------------------------------------------------------------------------

    --------------------------------------------- END ---------------------------------------------

    avast me la detecte au redemarage y me dit qu'un trojan ou cheuval de trois et present sur mon pc
    "win32:-jmh[trj]"mes pas moyen de le mettre en quarantaine ni de le suprime :s
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. booddha
     
    Relancer la machine et mettre un nouveau rapport HiJackThis
    0
  7. pierre888 Messages postés 253 Statut Membre 65
     
    voici le rapport de hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 07:33:05, on 07/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    D:\Program Files\Alwil Software\Avast4\ashServ.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    D:\Program Files\Bonjour\mDNSResponder.exe
    D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    D:\WINDOWS\system32\nvsvc32.exe
    D:\WINDOWS\system32\PSIService.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\WebcamMax\wcmmon.exe
    D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe
    D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    D:\Program Files\Analog Devices\Core\smax4pnp.exe
    D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    D:\WINDOWS\system32\RUNDLL32.EXE
    D:\WINDOWS\system32\LVCOMSX.EXE
    D:\Program Files\Logitech\Video\LogiTray.exe
    D:\Program Files\iTunes\iTunesHelper.exe
    D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\Program Files\Neuf\Kit\WiFi\9wifi.exe
    D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    D:\Program Files\Logitech\Video\FxSvr2.exe
    D:\Program Files\Google\Google Updater\GoogleUpdater.exe
    D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\Program Files\iPod\bin\iPodService.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    D:\Program Files\Trend Micro\HijackThis\MonJack.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\%%%.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - D:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: Traducteur - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - D:\Program Files\PRMT6\PRMTIE\prmtie.dll
    O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [WebcamMaxMoniter] "D:\Program Files\WebcamMax\wcmmon.exe" /a
    O4 - HKLM\..\Run: [vspdfprsrv.exe] D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background
    O4 - HKLM\..\Run: [TrayServer] D:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [JMB36X IDE Setup] D:\WINDOWS\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Flashget] D:\Program Files\FlashGet\FlashGet.exe /min
    O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "D:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
    O4 - HKLM\..\Run: [36X Raid Configurer] D:\WINDOWS\system32\xRaidSetup.exe boot
    O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Flash Media] D:\WINDOWS\system32\%%%.exe
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ManyCam] "D:\Program Files\ManyCam 2.1\ManyCam.exe"
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Raccourci (2) vers chatserv.lnk = C:\chatserv4\chatserv.exe
    O4 - Startup: Raccourci (3) vers chatserv.lnk = C:\chatserv9\chatserv.exe
    O4 - Startup: Raccourci vers chatserv.lnk = C:\chatserv6\chatserv.exe
    O4 - Startup: Raccourci vers chatserv5.lnk = C:\chatserv_bleu\chatserv.exe
    O4 - Startup: TribalWeb.lnk = D:\Program Files\TribalWeb\tribalweb.exe
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - D:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Program Files\PRMT6\PRMTIE\prmtie5.htm
    O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Program Files\PRMT6\PRMTIE\prmtie5.htm
    O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Program Files\PRMT6\PRMTIE\options.htm
    O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Program Files\PRMT6\PRMTIE\options.htm
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - https://resources.flexera.com/web/installengine/engine/isetupml.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: ProtexisLicensing - Unknown owner - D:\WINDOWS\system32\PSIService.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
    0
  8. booddha
     
    +ccl
    +HJT
    +MSNFIX
    SDFix
    ------------------------- Ne pas tenir compte des lignes ci-dessus


    ======================== SDFIX ========================

    • Télécharger SDFix sur le bureau
    • Double-Click sur le fichier SDFix.EXE et se laisser guider pour l'installation
    • Le programme s'installe dans le répertoire C:\SDFix

    Il est indispensable d'effectuer le nettoyage avec SDFix en mode sans échec.
    ------
    • Redémarrer en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
    • Attention, pas d’accès à internet dans ce mode. Enregistrer ou imprimer les consignes.

    • Relancer le Pc et tapoter la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
    • Avec les touches « flèches », sélectionner Mode sans échec ==> entrée ==>nom utilisateur habituel
    -------
    • Une fois en mode sans échec, cliquer sur le menu Démarrer puis Exécuter et coller la commande suivant : C:\SDFix\RunThis.bat
    • Taper Y puis appuyer sur la touche Entrée du clavier, afin de lancer le nettoyage !
    SDFix va procéder au nettoyage, patience...cela peut durer une trentaine de minutes
    • Une fenêtre indique que SDFix doit redémarrer l'ordinateur afin de terminer le nettoyage.
    -------
    • Appuyer sur une touche du clavier pour redémarrer le PC.
    • Au redémarrage du PC, SDFix indique que le nettoyage est terminé.
    • Appuyer sur une touche du clavier afin d'ouvrir le rapport créé par SDFix.
    • Il peut être enregistré si besoin, par exemple si on demande de le poster sur un forum (menu Edition / Enregistrer sous).
    • Sans quoi le rapport sera quand même sauvegardé dans le fichier suivant : Report.txt
    dans le dossier SDFix (ex : C:\SDFix\Report.txt). + un nouveau rapport HiJackThis
    0
  9. pierre888 Messages postés 253 Statut Membre 65
     
    voici le rapport de sdfix

    [b]SDFix: Version 1.167 [/b]
    Run by clement on 07/04/2008 at 07:55

    Microsoft Windows XP [version 5.1.2600]
    Running From: D:\SDFix

    [b]Checking Services [/b]:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting

    [b]Checking Files [/b]:

    Trojan Files Found:

    D:\WINDOWS\system32\real.txt - Deleted

    Could Not Remove D:\WINDOWS\system32\%%%.exe

    Removing Temp Files

    [b]ADS Check [/b]:

    [b]Final Check [/b]:

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-07 08:04:04
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    ? [1512]

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7AD87D32-4219-4107-57E8-4AFDD2ED771D}]
    "paagamekpghejfacaimfenmbgpiobkoe"=hex:6a,61,6d,6f,6a,63,66,64,6e,61,6d,64,68,70,65,6b,6a,68,66,70,00,..
    "oakgkgljafonahmiioldnlnkmchafi"=hex:6a,61,6d,6f,6a,63,66,64,6e,61,6d,64,68,70,65,6b,6a,68,66,70,00,..

    scanning hidden files ...

    scan completed successfully
    hidden processes: 1
    hidden services: 0
    hidden files: 15

    [b]Remaining Services [/b]:

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "D:\\Program Files\\FlashGet\\flashget.exe"="D:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
    "C:\\chatserv9\\chatserv.exe"="C:\\chatserv9\\chatserv.exe:*:Enabled:chatserv"
    "C:\\chatserv4\\chatserv.exe"="C:\\chatserv4\\chatserv.exe:*:Enabled:chatserv"
    "C:\\chatserv2\\chatserv.exe"="C:\\chatserv2\\chatserv.exe:*:Enabled:chatserv"
    "C:\\chat.scania\\chat.exe"="C:\\chat.scania\\chat.exe:*:Enabled:chat"
    "D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="D:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "D:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\French\\setup.exe"="D:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\French\\setup.exe:*:Enabled:Programme d'installation de Kaspersky Anti-Virus 7.0"
    "C:\\chatserv6\\chatserv.exe"="C:\\chatserv6\\chatserv.exe:*:Enabled:chatserv"
    "D:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="D:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"
    "D:\\chat.scan\\chat.exe"="D:\\chat.scan\\chat.exe:*:Enabled:chat"
    "D:\\chat.scania\\chat.exe"="D:\\chat.scania\\chat.exe:*:Enabled:chat"
    "D:\\Program Files\\eChanblard\\emule.exe"="D:\\Program Files\\eChanblard\\emule.exe:*:Enabled:eChanblard"
    "D:\\Program Files\\Morpheus\\Morpheus.exe"="D:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:Morpheus"
    "D:\\Program Files\\Internet Explorer\\iexplore.exe"="D:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
    "D:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"="D:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
    "D:\\Program Files\\Bonjour\\mDNSResponder.exe"="D:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "D:\\Program Files\\iTunes\\iTunes.exe"="D:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "D:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"="D:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home"
    "D:\\Program Files\\innotek VirtualBox\\VirtualBox.exe"="D:\\Program Files\\innotek VirtualBox\\VirtualBox.exe:*:Enabled:VirtualBox"
    "C:\\chatserv_bleu\\chatserv.exe"="C:\\chatserv_bleu\\chatserv.exe:*:Enabled:chatserv"
    "D:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"="D:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe:*:Enabled:Nero ControlCenter"
    "D:\\chatserv\\chatserv.exe"="D:\\chatserv\\chatserv.exe:*:Enabled:chatserv"
    "D:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"="D:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3"
    "D:\\Program Files\\FileZilla FTP Client\\filezilla.exe"="D:\\Program Files\\FileZilla FTP Client\\filezilla.exe:*:Enabled:FileZilla FTP Client"
    "D:\\Program Files\\TribalWeb\\tribalweb.exe"="D:\\Program Files\\TribalWeb\\tribalweb.exe:*:Enabled:tribalweb"
    "D:\\Program Files\\Yooda\\SeeUrankV3\\SeeUrank.exe"="D:\\Program Files\\Yooda\\SeeUrankV3\\SeeUrank.exe:*:Enabled:Yooda SeeUrank"
    "D:\\Documents and Settings\\clement\\Bureau\\ravenswood-js1.0.12.1\\diskw\\usr\\local\\Apache2\\bin\\Apache.exe"="D:\\Documents and Settings\\clement\\Bureau\\ravenswood-js1.0.12.1\\diskw\\usr\\local\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
    "D:\\Documents and Settings\\clement\\Bureau\\ravenswood-js1.0.12.1\\diskw\\usr\\local\\mysql\\bin\\mysqld-opt.exe"="D:\\Documents and Settings\\clement\\Bureau\\ravenswood-js1.0.12.1\\diskw\\usr\\local\\mysql\\bin\\mysqld-opt.exe:*:Enabled:mysqld-opt"
    "D:\\Program Files\\JSAS\\http_root\\usr\\local\\Apache2\\bin\\Apache.exe"="D:\\Program Files\\JSAS\\http_root\\usr\\local\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
    "D:\\Program Files\\JSAS\\http_root\\usr\\local\\mysql\\bin\\mysqld-opt.exe"="D:\\Program Files\\JSAS\\http_root\\usr\\local\\mysql\\bin\\mysqld-opt.exe:*:Enabled:mysqld-opt"
    "D:\\Documents and Settings\\clement\\Bureau\\Baobab-0.9\\diskw\\usr\\local\\Apache2\\bin\\Apache.exe"="D:\\Documents and Settings\\clement\\Bureau\\Baobab-0.9\\diskw\\usr\\local\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
    "D:\\Documents and Settings\\clement\\Bureau\\Baobab-0.9\\diskw\\usr\\local\\mysql\\bin\\mysqld-opt.exe"="D:\\Documents and Settings\\clement\\Bureau\\Baobab-0.9\\diskw\\usr\\local\\mysql\\bin\\mysqld-opt.exe:*:Enabled:mysqld-opt"
    "D:\\WINDOWS\\system32\\%%%.exe"="D:\\WINDOWS\\system32\\%%%.exe:*:Enabled:Flash Media"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="D:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    [b]Remaining Files [/b]:

    D:\WINDOWS\system32\%%%.exe Found

    File Backups: - D:\SDFix\backups\backups.zip

    [b]Files with Hidden Attributes [/b]:

    Thu 5 Jun 2003 24,576 A..H. --- "D:\Program Files\RamBoost XP\StopRam.exe"
    Mon 11 Feb 2008 88 ..SHR --- "D:\WINDOWS\system32\71FC339969.sys"
    Mon 11 Feb 2008 3,452 A.SH. --- "D:\WINDOWS\system32\KGyGaAvL.sys"
    Sun 23 Mar 2008 1,122,304 ...H. --- "D:\WINDOWS\system32\wodfamop.dll"
    Wed 13 Feb 2008 13 ...H. --- "D:\Documents and Settings\All Users\Application Data\1ޝ13.sys"
    Sun 27 Jan 2008 0 A.SH. --- "D:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\17e3f23ff72184333b78d75c8e81cda8\download\BITA3.tmp"
    Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\27efdbd68a382580fdb15dd4f797360e\download\BITAA.tmp"
    Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\29f6d57cd4efa945b402cdec2ffedddf\download\BITA5.tmp"
    Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\42526a992b20eef1df8750beb4f78f35\download\BITA8.tmp"
    Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\4ad242756613df3e539d49e3db7fff27\download\BITB1.tmp"
    Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\4cabbc33d9fa3ea879d2330766ba6ff1\download\BITA9.tmp"
    Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\598b3ea05d3c2f275520ea46f80fb98d\download\BITA4.tmp"
    Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\5d24ad19cee78bba662249a4deccb260\download\BITA7.tmp"
    Sat 12 Jan 2008 838,420 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\79dfe016119d9f9104f7a081382c2de7\download\BIT9D.tmp"
    Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\7d67df8d2fa218514bbe5a22ae12a9b3\download\BITAE.tmp"
    Sat 12 Jan 2008 5,375,291 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\90eded57e7780b832eed3339a922a322\download\BIT81.tmp"
    Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\a04a8dce324b141449b6bb4b762ae54a\download\BITA6.tmp"
    Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\a957c596efa7d0ec1b4b7fdc1e1c5705\download\BITA1.tmp"
    Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\bfd81cbd42e5265d12677c96600c0804\download\BIT9E.tmp"
    Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\c8f95ed251aedea843abb9ea5b1a52d3\download\BITAD.tmp"
    Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\cbee9c95b55c0a7f59376a89c9a3d3c1\download\BITA2.tmp"
    Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\d3d59acde4bc99f07df90298fa402c77\download\BITAF.tmp"
    Sat 12 Jan 2008 8,536,737 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\d58f7a46215418e5cd2283eb289472c2\download\BIT66.tmp"
    Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\d8cfedd5cfd3f0881276825d82978e5d\download\BITA0.tmp"
    Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\e8ac11bc9e4687d6c2a32699ff0541d6\download\BIT9F.tmp"
    Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\f32bfa5d1049b53eae766f9d37379ea6\download\BITB0.tmp"

    [b]Finished![/b]

    0
  10. booddha
     
    +ccl
    +HJT
    +-MSNFIX
    +SDFix
    MalwaresBytes
    ------------------------- Ne pas tenir compte des lignes ci-dessus

    Il y en a qui font de la résistance

    ================== MalwareBytes =====================

    Telecharger MalwareBytes

    Le Tutorial

    Attention à ce que l'option Perform Full Scan soit cochée

    Ne pas oublier de supprimer tout ce que MalwaresByte trouve. Bouton Remove Selected après avoir tout sélectionné

    Poster le rapport et un nouveau rapport HiJackThis
    0
  11. pierre888 Messages postés 253 Statut Membre 65
     
    re re voici les 2 news rapport :)))

    Malwarebytes' Anti-Malware 1.10
    Version de la base de données: 598

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 417849
    Temps écoulé: 52 minute(s), 32 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 5

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\Software\Microsoft\HID_Layer (Malware.Trace) -> No action taken.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    D:\System Volume Information\_restore{8B7BA8C9-5C1C-41A7-9FEE-A19D1BDE7FFE}\RP27\A0012419.exe (Trojan.Downloader) -> No action taken.
    D:\System Volume Information\_restore{8B7BA8C9-5C1C-41A7-9FEE-A19D1BDE7FFE}\RP27\A0012420.exe (Trojan.Downloader) -> No action taken.
    D:\System Volume Information\_restore{8B7BA8C9-5C1C-41A7-9FEE-A19D1BDE7FFE}\RP27\A0013299.exe (Trojan.Downloader) -> No action taken.
    D:\WINDOWS\mrofinu1423.exe.MSNFix (Trojan.Downloader) -> No action taken.
    D:\WINDOWS\mrofinu1423.MSNFix (Trojan.Downloader) -> No action taken.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:24:08, on 07/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    D:\Program Files\Alwil Software\Avast4\ashServ.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    D:\Program Files\Bonjour\mDNSResponder.exe
    D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    D:\WINDOWS\system32\nvsvc32.exe
    D:\WINDOWS\system32\PSIService.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\WebcamMax\wcmmon.exe
    D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe
    D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    D:\Program Files\Analog Devices\Core\smax4pnp.exe
    D:\WINDOWS\system32\RUNDLL32.EXE
    D:\WINDOWS\system32\LVCOMSX.EXE
    D:\Program Files\Logitech\Video\LogiTray.exe
    D:\Program Files\iTunes\iTunesHelper.exe
    D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\Program Files\Neuf\Kit\WiFi\9wifi.exe
    D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Logitech\Video\FxSvr2.exe
    D:\Program Files\iPod\bin\iPodService.exe
    D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    D:\Program Files\Google\Google Updater\GoogleUpdater.exe
    D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    D:\PROGRA~1\Mozilla Firefox\firefox.exe
    D:\Program Files\Windows Live\Messenger\usnsvc.exe
    D:\WINDOWS\system32\wscntfy.exe
    D:\Program Files\Trend Micro\HijackThis\MonJack.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\%%%.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - D:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: Traducteur - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - D:\Program Files\PRMT6\PRMTIE\prmtie.dll
    O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [WebcamMaxMoniter] "D:\Program Files\WebcamMax\wcmmon.exe" /a
    O4 - HKLM\..\Run: [vspdfprsrv.exe] D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background
    O4 - HKLM\..\Run: [TrayServer] D:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [JMB36X IDE Setup] D:\WINDOWS\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Flashget] D:\Program Files\FlashGet\FlashGet.exe /min
    O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "D:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
    O4 - HKLM\..\Run: [36X Raid Configurer] D:\WINDOWS\system32\xRaidSetup.exe boot
    O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ManyCam] "D:\Program Files\ManyCam 2.1\ManyCam.exe"
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Raccourci (2) vers chatserv.lnk = C:\chatserv4\chatserv.exe
    O4 - Startup: Raccourci (3) vers chatserv.lnk = C:\chatserv9\chatserv.exe
    O4 - Startup: Raccourci vers chatserv.lnk = C:\chatserv6\chatserv.exe
    O4 - Startup: Raccourci vers chatserv5.lnk = C:\chatserv_bleu\chatserv.exe
    O4 - Startup: TribalWeb.lnk = D:\Program Files\TribalWeb\tribalweb.exe
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - D:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Program Files\PRMT6\PRMTIE\prmtie5.htm
    O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Program Files\PRMT6\PRMTIE\prmtie5.htm
    O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Program Files\PRMT6\PRMTIE\options.htm
    O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Program Files\PRMT6\PRMTIE\options.htm
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - https://resources.flexera.com/web/installengine/engine/isetupml.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: ProtexisLicensing - Unknown owner - D:\WINDOWS\system32\PSIService.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
    0
  12. booddha
     
    Je suis désolé mais apparement il faut recommencer la procédure MalwaresByte
    car il n'a rien supprimé.

    Tu as du oublier de faire ceci à la fin du scan

    Bouton Remove Selected après avoir tout sélectionné


    Une fois que tu as appuyé sur ce bouton un rapport est généré, c'est ce rapport qu'il me faut + rapport HiJackThis
    0
  13. pierre888 Messages postés 253 Statut Membre 65
     
    re re
    voici les 2 news rapport :))

    Malwarebytes' Anti-Malware 1.10
    Version de la base de données: 598

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 417756
    Temps écoulé: 54 minute(s), 5 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:34:47, on 07/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    D:\Program Files\Alwil Software\Avast4\ashServ.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    D:\Program Files\Bonjour\mDNSResponder.exe
    D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    D:\WINDOWS\system32\nvsvc32.exe
    D:\WINDOWS\system32\PSIService.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\WebcamMax\wcmmon.exe
    D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe
    D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    D:\Program Files\Analog Devices\Core\smax4pnp.exe
    D:\WINDOWS\system32\RUNDLL32.EXE
    D:\WINDOWS\system32\LVCOMSX.EXE
    D:\Program Files\Logitech\Video\LogiTray.exe
    D:\Program Files\iTunes\iTunesHelper.exe
    D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\Program Files\Neuf\Kit\WiFi\9wifi.exe
    D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Logitech\Video\FxSvr2.exe
    D:\Program Files\iPod\bin\iPodService.exe
    D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    D:\Program Files\Google\Google Updater\GoogleUpdater.exe
    D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    D:\PROGRA~1\Mozilla Firefox\firefox.exe
    D:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\chatserv4\chatserv.exe
    C:\chatserv9\chatserv.exe
    C:\chatserv6\chatserv.exe
    C:\chatserv_bleu\chatserv.exe
    D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    D:\chat.scania\chat.exe
    D:\WINDOWS\system32\NOTEPAD.EXE
    D:\Program Files\Trend Micro\HijackThis\MonJack.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\%%%.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - D:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: Traducteur - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - D:\Program Files\PRMT6\PRMTIE\prmtie.dll
    O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [WebcamMaxMoniter] "D:\Program Files\WebcamMax\wcmmon.exe" /a
    O4 - HKLM\..\Run: [vspdfprsrv.exe] D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background
    O4 - HKLM\..\Run: [TrayServer] D:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [JMB36X IDE Setup] D:\WINDOWS\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Flashget] D:\Program Files\FlashGet\FlashGet.exe /min
    O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "D:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
    O4 - HKLM\..\Run: [36X Raid Configurer] D:\WINDOWS\system32\xRaidSetup.exe boot
    O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ManyCam] "D:\Program Files\ManyCam 2.1\ManyCam.exe"
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Raccourci (2) vers chatserv.lnk = C:\chatserv4\chatserv.exe
    O4 - Startup: Raccourci (3) vers chatserv.lnk = C:\chatserv9\chatserv.exe
    O4 - Startup: Raccourci vers chatserv.lnk = C:\chatserv6\chatserv.exe
    O4 - Startup: Raccourci vers chatserv5.lnk = C:\chatserv_bleu\chatserv.exe
    O4 - Startup: TribalWeb.lnk = D:\Program Files\TribalWeb\tribalweb.exe
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - D:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Program Files\PRMT6\PRMTIE\prmtie5.htm
    O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Program Files\PRMT6\PRMTIE\prmtie5.htm
    O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Program Files\PRMT6\PRMTIE\options.htm
    O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Program Files\PRMT6\PRMTIE\options.htm
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - https://resources.flexera.com/web/installengine/engine/isetupml.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: ProtexisLicensing - Unknown owner - D:\WINDOWS\system32\PSIService.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
    0
  14. booddha
     
    +ccl
    +HJT
    +-MSNFIX
    +SDFix
    +MalwaresBytes

    ------------------------- Ne pas tenir compte des lignes ci-dessus
    ========================= OTMOVE IT ===========================

    OteMoveIt

    • Télécharger : OteMoveIt
    • L'installer sur le bureau
    • Le lancer.
    • S'Assurer que la case Unregister Dll's and Ocx's soit bien cochée.
    • Copier la ou les lignes ci-dessous en gras


    D:\WINDOWS\system32\%%%.exe


    • Coller dans la fenêtre de OTMoveIt nommée Paste Standard List of Files/Folders to move.
    • Click sur MoveIt! pour lancer la suppression.
    • Si OTMoveIt propose de redémarrer le PC, accepter !
    • Lorsque un résultat apparaît dans le cadre Results, click sur Exit.
    • Copier/Coller sur le forum le rapport de OTMoveIt situé sur C:\_OTMoveIt\MovedFiles.
    0
  15. pierre888 Messages postés 253 Statut Membre 65
     
    re :)
    voici le rapport :p

    < D:\WINDOWS\system32\%%%.exe >
    File move failed. D:\WINDOWS\system32\%%%.exe scheduled to be moved on reboot.

    OTMoveIt2 by OldTimer - Version 1.0.4.0 log created on 04072008_123104

    Files moved on Reboot...
    D:\WINDOWS\system32\%%%.exe moved successfully.
    0
  16. pierre888 Messages postés 253 Statut Membre 65
     
    re
    voici le rapport :)))

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:04:08, on 07/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    D:\Program Files\Alwil Software\Avast4\ashServ.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    D:\Program Files\Bonjour\mDNSResponder.exe
    D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    D:\WINDOWS\system32\nvsvc32.exe
    D:\WINDOWS\system32\PSIService.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\notepad.exe
    D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    D:\Program Files\WebcamMax\wcmmon.exe
    D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe
    D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    D:\Program Files\Analog Devices\Core\smax4pnp.exe
    D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    D:\WINDOWS\system32\RUNDLL32.EXE
    D:\WINDOWS\system32\LVCOMSX.EXE
    D:\Program Files\Logitech\Video\LogiTray.exe
    D:\Program Files\iTunes\iTunesHelper.exe
    D:\Program Files\FlashGet\FlashGet.exe
    D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\Program Files\Neuf\Kit\WiFi\9wifi.exe
    D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    D:\Program Files\ManyCam 2.1\ManyCam.exe
    D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    D:\Program Files\Google\Google Updater\GoogleUpdater.exe
    D:\Program Files\WinZip\WZQKPICK.EXE
    D:\Program Files\Logitech\Video\FxSvr2.exe
    C:\chatserv4\chatserv.exe
    C:\chatserv9\chatserv.exe
    C:\chatserv6\chatserv.exe
    D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    C:\chatserv_bleu\chatserv.exe
    D:\Program Files\TribalWeb\tribalweb.exe
    D:\Program Files\iPod\bin\iPodService.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    D:\Program Files\Windows Live\Messenger\usnsvc.exe
    D:\PROGRA~1\Mozilla Firefox\firefox.exe
    D:\Program Files\Windows Live\Messenger\msnmsgr.exe
    D:\Program Files\Windows Live\Mail\wlmail.exe
    D:\Program Files\Trend Micro\HijackThis\MonJack.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\%%%.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - D:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: Traducteur - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - D:\Program Files\PRMT6\PRMTIE\prmtie.dll
    O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [WebcamMaxMoniter] "D:\Program Files\WebcamMax\wcmmon.exe" /a
    O4 - HKLM\..\Run: [vspdfprsrv.exe] D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background
    O4 - HKLM\..\Run: [TrayServer] D:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [JMB36X IDE Setup] D:\WINDOWS\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Flashget] D:\Program Files\FlashGet\FlashGet.exe /min
    O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "D:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
    O4 - HKLM\..\Run: [36X Raid Configurer] D:\WINDOWS\system32\xRaidSetup.exe boot
    O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Flash Media] D:\WINDOWS\system32\%%%.exe
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ManyCam] "D:\Program Files\ManyCam 2.1\ManyCam.exe"
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Raccourci (2) vers chatserv.lnk = C:\chatserv4\chatserv.exe
    O4 - Startup: Raccourci (3) vers chatserv.lnk = C:\chatserv9\chatserv.exe
    O4 - Startup: Raccourci vers chatserv.lnk = C:\chatserv6\chatserv.exe
    O4 - Startup: Raccourci vers chatserv5.lnk = C:\chatserv_bleu\chatserv.exe
    O4 - Startup: TribalWeb.lnk = D:\Program Files\TribalWeb\tribalweb.exe
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - D:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Program Files\PRMT6\PRMTIE\prmtie5.htm
    O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Program Files\PRMT6\PRMTIE\prmtie5.htm
    O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Program Files\PRMT6\PRMTIE\options.htm
    O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Program Files\PRMT6\PRMTIE\options.htm
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - https://resources.flexera.com/web/installengine/engine/isetupml.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: ProtexisLicensing - Unknown owner - D:\WINDOWS\system32\PSIService.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
    0
  17. booddha
     
    C'est un phoenix

    ===================== COMBOFIX =======================
    </gras>
    • Imprimer ou sauvegarder avec le bloc-note cette procédure car la suite va se dérouler sans accès à Internet.
    • Installer ComboFix sur le bureau
    Note :
    Le serveur de téléchargement peut être en surcharge et renvoyer une page d'erreur. Il faut insister.

    • Renommer COMBOFIX.EXE en COMBO-FIX.EXE
    ------
    • Redémarrer en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
    • Attention, pas d’accès à internet dans ce mode. Enregistrer ou imprimer les consignes.

    • Relancer le Pc et tapoter la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
    • Avec les touches « flèches », sélectionner Mode sans échec ==> entrée ==>nom utilisateur habituel
    -------
    • Désactiver seulement pendant l'utilisation de ComboFix, la protection de l'antivirus et de l'antispyware ceux-ci pouvant entraver le bon fonctionnement de combofix
    • Fermer toutes les applications en cours
    • Double-click sur l'icône qui s'est installé sur le bureau
    • Appuyer sur la touche 1 puis sur entrée:
    • Laisser Combofix travailler sans se servir de la machine.
    • Si ComboFix a besoin de redémarrer la machine, laisser faire sinon redémarrer en mode normal.
    • Copier/Coller le rapport généré dans le bloc-note dans le prochain message
    (Ce fichier est automatiquement généré et enregistré sous C:\Combofix.txt) + Rapport HiJackThis
    0
  18. pierre888 Messages postés 253 Statut Membre 65
     
    re
    voici les 2 rapportss

    ComboFix 08-04-06.1 - clement 2008-04-07 14:36:13.7 - NTFSx86 MINIMAL
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.2653 [GMT 2:00]
    Endroit: D:\Documents and Settings\clement\Bureau\COMBO-FIX.EXE

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .
    TimedOut: progfile.dat

    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-07 to 2008-04-07 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-07 14:27 . 2008-04-07 14:28 <REP> d-------- D:\ComboFix
    2008-04-07 12:31 . 2008-04-07 12:31 9,296 --a------ D:\WINDOWS\system32\bzjccg.exe
    2008-04-07 12:31 . 2008-04-07 12:31 244 --ah----- D:\sqmnoopt01.sqm
    2008-04-07 12:31 . 2008-04-07 12:31 232 --ah----- D:\sqmdata01.sqm
    2008-04-07 08:20 . 2008-04-07 08:20 <REP> d-------- D:\Program Files\Malwarebytes' Anti-Malware
    2008-04-07 08:20 . 2008-04-07 08:20 <REP> d-------- D:\Documents and Settings\clement\Application Data\Malwarebytes
    2008-04-07 08:20 . 2008-04-07 08:20 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-07 07:52 . 2008-04-07 07:52 <REP> d-------- D:\WINDOWS\ERUNT
    2008-04-07 07:46 . 2008-04-07 08:08 <REP> d-------- D:\SDFix
    2008-04-07 07:29 . 2008-04-07 07:29 9,296 --a------ D:\WINDOWS\system32\yfhuwc.exe
    2008-04-07 07:29 . 2008-04-07 07:29 244 --ah----- D:\sqmnoopt00.sqm
    2008-04-07 07:29 . 2008-04-07 07:29 232 --ah----- D:\sqmdata00.sqm
    2008-04-07 05:10 . 2008-04-07 05:10 9,296 --a------ D:\WINDOWS\system32\ipwftr.exe
    2008-04-07 05:08 . 2008-04-07 05:12 <REP> d-------- D:\MSNFix
    2008-04-07 05:08 . 2008-04-07 05:07 447,902 --a------ D:\MSNFix.zip
    2008-04-06 16:55 . 2008-04-06 16:55 <REP> d-------- D:\Program Files\Live-Prod
    2008-04-05 13:04 . 2008-04-05 13:15 <REP> d-------- D:\Program Files\Abacre Photo Downloader
    2008-04-05 10:09 . 2008-04-05 10:09 <REP> d-------- D:\WINDOWS\JSAS
    2008-04-05 10:09 . 2008-04-05 10:09 <REP> d-------- D:\Program Files\JSAS
    2008-04-04 23:05 . 2008-03-29 19:31 75,856 --a------ D:\WINDOWS\system32\drivers\aswSP.sys
    2008-04-04 23:05 . 2008-03-29 19:35 20,560 --a------ D:\WINDOWS\system32\drivers\aswFsBlk.sys
    2008-03-26 18:56 . 2008-03-26 18:56 <REP> d-------- D:\Program Files\Synapse Développement
    2008-03-26 18:56 . 2008-03-26 18:56 24,276 --a------ D:\WINDOWS\system\axd99cab.dll
    2008-03-26 18:07 . 2008-03-26 18:07 23 --a------ D:\WINDOWS\system32\dp48x.hlx
    2008-03-26 17:56 . 2008-03-26 17:56 <REP> d-------- D:\Program Files\Yooda
    2008-03-26 17:35 . 2008-03-26 17:59 <REP> d-------- D:\Program Files\TRELLIAN
    2008-03-26 05:49 . 2008-03-26 05:58 <REP> d-------- D:\Program Files\Ref Hotkey
    2008-03-26 02:50 . 2008-04-06 14:50 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Google Updater
    2008-03-26 00:31 . 2008-03-26 00:31 <REP> d-------- D:\Program Files\IVCsoft
    2008-03-26 00:13 . 2008-03-26 00:13 <REP> d-------- D:\Program Files\BulletProofSoft.com
    2008-03-22 00:20 . 2008-03-22 00:20 <REP> d-------- D:\Program Files\TribalWeb
    2008-03-22 00:20 . 2008-04-06 17:13 <REP> d-------- D:\Documents and Settings\clement\Application Data\TribalWeb
    2008-03-20 02:51 . 2008-03-20 03:16 <REP> d-------- D:\Program Files\SecondLife
    2008-03-20 02:51 . 2008-03-20 02:58 <REP> d-------- D:\Documents and Settings\clement\Application Data\SecondLife
    2008-03-16 21:13 . 2008-04-02 09:01 <REP> d-------- D:\Program Files\RamBoost XP
    2008-03-15 17:39 . 2008-03-15 17:39 <REP> d-------- D:\Program Files\Apache Software Foundation
    2008-03-15 02:26 . 2008-03-15 02:26 0 --a------ D:\WINDOWS\nsreg.dat
    2008-03-15 01:18 . 2008-03-29 19:43 <REP> d-------- D:\Program Files\FileZilla FTP Client
    2008-03-15 01:12 . 2008-03-15 01:15 <REP> d-------- D:\Documents and Settings\clement\Application Data\Sites
    2008-03-15 01:12 . 2008-03-15 01:12 <REP> d-------- D:\Documents and Settings\clement\Application Data\Dynamique
    2008-03-15 01:12 . 2008-03-15 01:12 <REP> d-------- D:\Documents and Settings\clement\Application Data\Classes de site
    2008-03-15 01:11 . 2008-03-15 01:11 <REP> d-------- D:\Program Files\vmntoolbar
    2008-03-15 01:11 . 2008-03-15 01:11 <REP> d-------- D:\Program Files\Visicom Media
    2008-03-15 01:11 . 2008-04-07 13:53 <REP> d-------- D:\Documents and Settings\clement\Application Data\vmntoolbar
    2008-03-14 14:55 . 2008-03-14 14:55 <REP> d-------- D:\Program Files\Vista Buttons Trial
    2008-03-14 00:28 . 2008-03-14 00:28 <REP> d-------- D:\Program Files\PRMT6
    2008-03-14 00:28 . 2008-03-14 00:28 <REP> d-------- D:\Program Files\Fichiers communs\PROject MT
    2008-03-14 00:28 . 2008-03-14 00:28 <REP> d-------- D:\Documents and Settings\clement\Application Data\PROject MT
    2008-03-14 00:28 . 2008-03-14 00:28 <REP> d-------- D:\Documents and Settings\All Users\Application Data\PROject MT
    2008-03-13 23:57 . 2008-03-13 23:57 <REP> d-------- D:\Program Files\ThiWeb Live 2
    2008-03-13 23:44 . 2008-03-13 23:44 <REP> d-------- D:\Program Files\Antadis
    2008-03-13 15:36 . 2008-03-13 15:36 <REP> d-------- D:\Program Files\Pierre Le Muzic - Editeur Fichier CSS
    2008-03-13 09:51 . 2008-03-13 09:51 <REP> d-------- D:\Program Files\directx
    2008-03-13 09:46 . 2008-03-13 09:46 <REP> d-------- D:\Program Files\Micro Application
    2008-03-13 09:46 . 2008-03-13 09:46 40 --a------ D:\WINDOWS\NAVIGMA.INI
    2008-03-11 09:54 . 2008-03-11 10:08 <REP> d-------- D:\Documents and Settings\All Users\Application Data\WinZip
    2008-03-09 19:26 . 2008-03-09 19:26 <REP> d-------- D:\Program Files\innotek VirtualBox
    2008-03-09 16:43 . 2008-03-09 16:50 <REP> d-------- D:\Program Files\MSN Spy 2004
    2008-03-09 07:31 . 2008-04-07 12:34 54,156 --ah----- D:\WINDOWS\QTFont.qfn
    2008-03-09 07:31 . 2008-03-09 07:31 1,409 --a------ D:\WINDOWS\QTFont.for
    2008-03-08 17:58 . 2008-03-08 17:58 <REP> d-------- D:\_OTMoveIt
    2008-03-08 07:18 . 2008-03-09 07:45 <REP> d-------- D:\WINDOWS\BDOSCAN8
    2008-03-07 17:12 . 2008-03-09 19:03 <REP> d-------- D:\Program Files\Navilog1
    2008-03-07 16:13 . 2008-03-07 16:13 <REP> d-------- D:\Program Files\Trend Micro
    2008-03-07 15:40 . 2008-03-07 16:04 <REP> d-------- D:\Program Files\Lopxp

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-07 12:25 --------- d-----w D:\Program Files\FlashGet
    2008-04-07 00:03 --------- d-----w D:\Program Files\ManyCam 2.1
    2008-04-06 23:03 --------- d-----w D:\Program Files\DynDNS Updater
    2008-04-06 14:26 --------- d-----w D:\Program Files\AxBx
    2008-04-06 13:18 --------- d-----w D:\Documents and Settings\clement\Application Data\FileZilla
    2008-03-29 17:45 1,146,232 ----a-w D:\WINDOWS\system32\aswBoot.exe
    2008-03-29 17:35 94,544 ----a-w D:\WINDOWS\system32\drivers\aswmon2.sys
    2008-03-29 17:29 23,152 ----a-w D:\WINDOWS\system32\drivers\aswRdr.sys
    2008-03-29 17:27 42,912 ----a-w D:\WINDOWS\system32\drivers\aswTdi.sys
    2008-03-29 17:26 26,944 ----a-w D:\WINDOWS\system32\drivers\aavmker4.sys
    2008-03-29 17:23 95,608 ----a-w D:\WINDOWS\system32\AvastSS.scr
    2008-03-29 04:38 --------- d-----w D:\Documents and Settings\clement\Application Data\teamspeak2
    2008-03-28 17:23 --------- d-----w D:\Program Files\eChanblard
    2008-03-26 16:56 --------- d--h--w D:\Program Files\InstallShield Installation Information
    2008-03-26 10:47 --------- d-----w D:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-03-26 00:51 --------- d-----w D:\Program Files\Google
    2008-03-23 20:26 --------- d-----w D:\Program Files\Messenger Plus! Live
    2008-03-23 18:39 1,122,304 ---h--w D:\WINDOWS\system32\wodfamop.dll
    2008-03-13 19:47 --------- d-----w D:\Program Files\Java
    2008-03-07 08:16 --------- d-----w D:\Program Files\SUPERAntiSpyware
    2008-03-07 08:16 --------- d-----w D:\Documents and Settings\clement\Application Data\SUPERAntiSpyware.com
    2008-03-06 10:31 --------- d-----w D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-03-05 13:29 --------- d-----w D:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-03-05 13:21 --------- d-----w D:\Program Files\Opera
    2008-03-04 09:24 --------- d-----w D:\Documents and Settings\All Users\Application Data\HP
    2008-03-04 09:23 --------- d-----w D:\Program Files\Fichiers communs\HP
    2008-03-04 09:22 --------- d-----w D:\Program Files\HP
    2008-03-04 09:22 --------- d-----w D:\Program Files\Hewlett-Packard
    2008-03-04 09:21 --------- d-----w D:\Program Files\Fichiers communs\Hewlett-Packard
    2008-03-04 03:22 --------- d-----w D:\Program Files\ISO Commander
    2008-03-02 01:29 --------- d-----w D:\Program Files\Fichiers communs\Macromedia
    2008-03-02 01:28 --------- d-----w D:\Program Files\Macromedia
    2008-03-01 10:48 --------- d-----w D:\Documents and Settings\invite\Application Data\Webcammax
    2008-03-01 10:48 --------- d-----w D:\Documents and Settings\invite\Application Data\Nero
    2008-03-01 10:48 --------- d-----w D:\Documents and Settings\invite\Application Data\Grisoft
    2008-03-01 08:58 --------- d-----w D:\Documents and Settings\Administrateur\Application Data\Grisoft
    2008-02-27 22:14 --------- d-----w D:\Documents and Settings\clement\Application Data\dvdcss
    2008-02-27 16:17 --------- d-----w D:\Program Files\ABC Amber XML Converter
    2008-02-26 03:26 --------- d-----w D:\Program Files\CCleaner
    2008-02-26 03:22 --------- d-----w D:\Program Files\Morpheus
    2008-02-25 22:51 --------- d-----w D:\Program Files\Paltalk Messenger
    2008-02-25 22:51 --------- d-----w D:\Documents and Settings\clement\Application Data\Paltalk
    2008-02-25 17:09 --------- d-----w D:\Documents and Settings\clement\Application Data\LimeWire
    2008-02-25 03:08 --------- d-----w D:\Documents and Settings\clement\Application Data\blaxxun interactive
    2008-02-25 03:03 --------- d-----w D:\Program Files\AskPBar
    2008-02-24 00:07 --------- d-----w D:\Program Files\WebcamMax
    2008-02-23 15:11 --------- d-----w D:\Documents and Settings\clement\Application Data\OtakuSoftware
    2008-02-22 21:46 --------- d-----w D:\Program Files\Fichiers communs\DVDVideoSoft
    2008-02-22 21:46 --------- d-----w D:\Program Files\DVDVideoSoft
    2008-02-22 21:45 --------- d-----w D:\Program Files\OneStopSoft.com
    2008-02-22 21:34 --------- d-----w D:\Program Files\MAGIX
    2008-02-22 21:34 --------- d-----w D:\Documents and Settings\clement\Application Data\MAGIX
    2008-02-22 21:33 --------- d-----w D:\Program Files\Fichiers communs\MAGIX Shared
    2008-02-22 21:33 --------- d-----w D:\Documents and Settings\All Users\Application Data\MAGIX
    2008-02-20 19:17 40,928 ----a-w D:\WINDOWS\system32\drivers\VBoxDrv.sys
    2008-02-20 19:17 27,776 ----a-w D:\WINDOWS\system32\drivers\VBoxUSBMon.sys
    2008-02-20 08:18 --------- d-----w D:\Program Files\CommentCaMarche
    2008-02-14 22:03 --------- d-----w D:\Documents and Settings\clement\Application Data\eXPert PDF Editor
    2008-02-14 21:52 --------- d-----w D:\Documents and Settings\All Users\Application Data\eXPert PDF 5
    2008-02-14 21:48 --------- d-----w D:\Program Files\Fichiers communs\Nero
    2008-02-14 21:48 --------- d-----w D:\Documents and Settings\clement\Application Data\Nero
    2008-02-14 21:47 --------- d-----w D:\Program Files\Nero
    2008-02-14 21:47 --------- d-----w D:\Documents and Settings\All Users\Application Data\Nero
    2008-02-14 21:40 --------- d-----w D:\Program Files\Visagesoft
    2008-02-14 21:40 --------- d-----w D:\Documents and Settings\All Users\Application Data\eXPert PDF Jobs
    2008-02-14 21:40 --------- d-----w D:\Documents and Settings\All Users\Application Data\eXPert PDF
    2008-02-14 21:37 --------- d-----w D:\Program Files\MOVAVI
    2008-02-14 21:37 --------- d-----w D:\Program Files\ConvertMovie 5.0
    2008-02-14 00:49 --------- d-----w D:\Documents and Settings\clement\Application Data\Dev-Cpp
    2008-02-13 17:34 --------- d-----w D:\Program Files\PhotoFiltre
    2008-02-13 13:36 13 ---h--w D:\Documents and Settings\All Users\Application Data\1ÌØ13.sys
    2008-02-13 13:36 --------- d-----w D:\Program Files\CoffeeCup Software
    2008-02-13 12:38 --------- d-----w D:\Program Files\Microsoft Visual Studio .NET
    2008-02-13 12:38 --------- d-----w D:\Program Files\Gdot
    2008-02-13 12:38 --------- d-----w D:\Program Files\Fichiers communs\Crystal Decisions
    2008-02-13 07:42 --------- d-----w D:\Program Files\Alwil Software
    2008-02-12 22:56 --------- d-----w D:\Program Files\PDFCreator
    2008-02-12 19:20 --------- d-----w D:\Program Files\PDFapps Convert PDF to HTML 2.0
    2008-02-12 13:19 --------- d-----w D:\Documents and Settings\clement\Application Data\Nvu
    2008-02-11 20:52 --------- d-----w D:\Program Files\LimeWire
    2008-02-11 02:00 --------- d-----w D:\Program Files\MSXML 4.0
    2008-02-10 22:19 3,452 --sha-w D:\WINDOWS\system32\KGyGaAvL.sys
    2008-02-10 22:18 --------- d-----w D:\Documents and Settings\clement\Application Data\Corel
    2008-02-10 18:21 --------- d-----w D:\Program Files\iTunes
    2008-02-10 18:21 --------- d-----w D:\Program Files\iPod
    2008-02-10 18:21 --------- d-----w D:\Program Files\Bonjour
    2008-02-10 18:21 --------- d-----w D:\Documents and Settings\clement\Application Data\Apple Computer
    2008-02-10 18:21 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-02-10 18:20 --------- d-----w D:\Program Files\QuickTime
    2008-02-10 18:19 --------- d-----w D:\Program Files\Apple Software Update
    2008-02-10 18:18 --------- d-----w D:\Program Files\Fichiers communs\Apple
    2008-02-10 18:18 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple
    2008-02-10 11:03 --------- d-----w D:\Documents and Settings\All Users\Application Data\Corel
    2008-02-10 11:02 --------- d-----w D:\Program Files\Fichiers communs\Corel
    2008-02-10 11:02 --------- d-----w D:\Program Files\Corel
    2008-02-09 03:32 --------- d-----w D:\Program Files\Teleport Pro
    2008-02-09 02:00 --------- d-----w D:\Program Files\MSXML 6.0
    2008-02-08 19:36 --------- d-----w D:\Program Files\WinHTTrack
    2008-02-08 19:30 --------- d-----w D:\Program Files\MorpheusBar
    2008-02-08 12:33 --------- d-----w D:\Program Files\ParallelGraphics
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]
    2007-10-24 16:27 1918936 --a------ D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{A057A204-BACC-4D26-8287-79A187E26987}"= "D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL" [2007-10-24 16:27 1918936]

    [HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
    [HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{A057A204-BACC-4D26-8287-79A187E26987}"= D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL [2007-10-24 16:27 1918936]

    [HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
    [HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="D:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-11-06 16:03 5724184]
    "ManyCam"="D:\Program Files\ManyCam 2.1\ManyCam.exe" [2007-08-20 12:44 1515520]
    "LogitechSoftwareUpdate"="D:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 18:07 196608]
    "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 20:10 1688872]
    "CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "!AVG Anti-Spyware"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
    "WebcamMaxMoniter"="D:\Program Files\WebcamMax\wcmmon.exe" [2007-09-16 07:15 450048]
    "vspdfprsrv.exe"="D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe" [2007-07-02 20:58 966656]
    "TrayServer"="D:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe" [2007-07-17 14:58 90112]
    "SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "SoundMAXPnP"="D:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 22:34 868352]
    "SoundMAX"="D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 08:12 729088]
    "QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2008-02-10 19:59 385024]
    "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 D:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
    "NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
    "NeroFilterCheck"="D:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
    "NBKeyScan"="D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 15:21 2213160]
    "LVCOMSX"="D:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 12:52 221184]
    "LogitechVideoTray"="D:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 18:37 217088]
    "LogitechVideoRepair"="D:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 18:47 458752]
    "JMB36X IDE Setup"="D:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 15:36 36864]
    "iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 15:18 267048]
    "Flashget"="D:\Program Files\FlashGet\FlashGet.exe" [2007-09-25 10:10 2007088]
    "avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
    "Autoconfigurateur WiFi Neuf"="D:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2007-02-14 13:06 181752]
    "36X Raid Configurer"="D:\WINDOWS\system32\xRaidSetup.exe" [2007-03-21 17:23 1953792]
    "HP Software Update"="D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 16:49 49152]
    "Flash Media"="D:\WINDOWS\system32\%%%.exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
    "DWQueuedReporting"="D:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 17:38 39264]
    "msnmsgr"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-11-06 16:03 5724184]

    D:\Documents and Settings\clement\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma.lnk - D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
    Raccourci (2) vers chatserv.lnk - C:\chatserv4\chatserv.exe [2007-12-30 12:36:29 1855526]
    Raccourci (3) vers chatserv.lnk - C:\chatserv9\chatserv.exe [2007-12-30 12:36:39 1855526]
    Raccourci vers chatserv.lnk - C:\chatserv6\chatserv.exe [2007-12-30 12:36:34 1855526]
    Raccourci vers chatserv5.lnk - C:\chatserv_bleu\chatserv.exe [2008-02-20 14:49:16 1855526]
    TribalWeb.lnk - D:\Program Files\TribalWeb\tribalweb.exe [2008-03-22 00:20:37 1077248]

    D:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    D‚marrage rapide du logiciel HP Image Zone.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 20:50:52 53248]
    HP Digital Imaging Monitor.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 20:28:24 258048]
    Outil de mise … jour Google.lnk - D:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-26 02:50:34 124400]
    WinZip Quick Pick.lnk - D:\Program Files\WinZip\WZQKPICK.EXE [2007-06-06 12:10:02 394856]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.I420"= lvcodec2.dll
    "MSVideo"= vfwwdm32.dll
    "MSVideo8"= VfWWDM32.dll
    "vidc.tscc"= tsccvid.dll
    "vidc.LEAD"= LCODCCMP.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "iPod Service"=3 (0x3)
    "gusvc"=3 (0x3)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "D:\\Program Files\\FlashGet\\flashget.exe"=
    "C:\\chatserv9\\chatserv.exe"=
    "C:\\chatserv4\\chatserv.exe"=
    "C:\\chatserv2\\chatserv.exe"=
    "C:\\chat.scania\\chat.exe"=
    "D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "D:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\French\\setup.exe"=
    "C:\\chatserv6\\chatserv.exe"=
    "D:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
    "D:\\chat.scan\\chat.exe"=
    "D:\\chat.scania\\chat.exe"=
    "D:\\Program Files\\eChanblard\\emule.exe"=
    "D:\\Program Files\\Morpheus\\Morpheus.exe"=
    "D:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "D:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
    "D:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "D:\\Program Files\\iTunes\\iTunes.exe"=
    "D:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
    "D:\\Program Files\\innotek VirtualBox\\VirtualBox.exe"=
    "C:\\chatserv_bleu\\chatserv.exe"=
    "D:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"=
    "D:\\chatserv\\chatserv.exe"=
    "D:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
    "D:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
    "D:\\Program Files\\TribalWeb\\tribalweb.exe"=
    "D:\\Program Files\\Yooda\\SeeUrankV3\\SeeUrank.exe"=
    "D:\\Program Files\\JSAS\\http_root\\usr\\local\\Apache2\\bin\\Apache.exe"=
    "D:\\Program Files\\JSAS\\http_root\\usr\\local\\mysql\\bin\\mysqld-opt.exe"=
    "D:\\WINDOWS\\system32\\%%%.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "7890:TCP"= 7890:TCP:e3
    "7890:UDP"= 7890:UDP:e4

    S1 aswSP;avast! Self Protection;D:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
    S1 VBoxDrv;VirtualBox Service;D:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2008-02-20 21:17]
    S1 VBoxUSBMon;VirtualBox USB Monitor Driver;D:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2008-02-20 21:17]
    S2 aswFsBlk;aswFsBlk;D:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
    S2 CamthWDM;WebcamMax, WDM Video Capture;D:\WINDOWS\system32\DRIVERS\CamthWDM.sys [2007-10-06 10:38]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 16:18]
    S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;D:\WINDOWS\system32\DRIVERS\ManyCam.sys [2007-03-22 14:17]
    S3 PCASp50;PCASp50 NDIS Protocol Driver;D:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 03:13]
    S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;D:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-06-16 16:30]
    S3 SjyPkt;SjyPkt;D:\WINDOWS\System32\Drivers\SjyPkt.sys [2006-03-31 05:39]
    S3 VBoxTAP;VirtualBox TAP Adapter;D:\WINDOWS\system32\DRIVERS\VBoxTAP.sys [2007-09-03 18:19]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa35ab71-c10a-11dc-8d72-806d6172696f}]
    \Shell\AutoRun\command - E:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5a2d3a6-c126-11dc-97b0-00146c722b84}]
    \Shell\AutoRun\command - setupSNK.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-04-02 20:08:00 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - D:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-04-07 05:43:19 D:\WINDOWS\Tasks\User_Feed_Synchronization-{25E3F2BE-EC8D-4DBB-AF4F-599536C5B7CB}.job"
    - D:\WINDOWS\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-07 14:37:34
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-07 14:38:02
    ComboFix-quarantined-files.txt 2008-04-07 12:37:55
    ComboFix2.txt 2008-04-07 12:34:08
    ComboFix3.txt 2008-03-08 15:50:59
    ComboFix4.txt 2008-03-08 09:38:01
    ComboFix5.txt 2008-03-08 09:35:08
    Pre-Run: 104,612,876,288 octets libres
    Post-Run: 104,599,052,288 octets libres
    .
    2008-03-12 07:03:31 --- E O F ---

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:42:23, on 07/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    D:\Program Files\Alwil Software\Avast4\ashServ.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    D:\Program Files\Bonjour\mDNSResponder.exe
    D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    D:\WINDOWS\system32\nvsvc32.exe
    D:\WINDOWS\system32\PSIService.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    D:\Program Files\WebcamMax\wcmmon.exe
    D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe
    D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    D:\Program Files\Analog Devices\Core\smax4pnp.exe
    D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    D:\WINDOWS\system32\RUNDLL32.EXE
    D:\WINDOWS\system32\LVCOMSX.EXE
    D:\Program Files\Logitech\Video\LogiTray.exe
    D:\Program Files\iTunes\iTunesHelper.exe
    D:\Program Files\FlashGet\FlashGet.exe
    D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\Program Files\Neuf\Kit\WiFi\9wifi.exe
    D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    D:\Program Files\ManyCam 2.1\ManyCam.exe
    D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    D:\Program Files\Google\Google Updater\GoogleUpdater.exe
    D:\Program Files\Logitech\Video\FxSvr2.exe
    D:\Program Files\WinZip\WZQKPICK.EXE
    C:\chatserv4\chatserv.exe
    C:\chatserv9\chatserv.exe
    C:\chatserv6\chatserv.exe
    D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    C:\chatserv_bleu\chatserv.exe
    D:\Program Files\TribalWeb\tribalweb.exe
    D:\Program Files\iPod\bin\iPodService.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\Program Files\Windows Live\Messenger\usnsvc.exe
    D:\WINDOWS\system32\NOTEPAD.EXE
    D:\Program Files\Trend Micro\HijackThis\MonJack.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - D:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: Traducteur - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - D:\Program Files\PRMT6\PRMTIE\prmtie.dll
    O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [WebcamMaxMoniter] "D:\Program Files\WebcamMax\wcmmon.exe" /a
    O4 - HKLM\..\Run: [vspdfprsrv.exe] D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background
    O4 - HKLM\..\Run: [TrayServer] D:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [JMB36X IDE Setup] D:\WINDOWS\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Flashget] D:\Program Files\FlashGet\FlashGet.exe /min
    O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "D:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
    O4 - HKLM\..\Run: [36X Raid Configurer] D:\WINDOWS\system32\xRaidSetup.exe boot
    O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [Flash Media] D:\WINDOWS\system32\%%%.exe
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ManyCam] "D:\Program Files\ManyCam 2.1\ManyCam.exe"
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Raccourci (2) vers chatserv.lnk = C:\chatserv4\chatserv.exe
    O4 - Startup: Raccourci (3) vers chatserv.lnk = C:\chatserv9\chatserv.exe
    O4 - Startup: Raccourci vers chatserv.lnk = C:\chatserv6\chatserv.exe
    O4 - Startup: Raccourci vers chatserv5.lnk = C:\chatserv_bleu\chatserv.exe
    O4 - Startup: TribalWeb.lnk = D:\Program Files\TribalWeb\tribalweb.exe
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - D:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Program Files\PRMT6\PRMTIE\prmtie5.htm
    O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Program Files\PRMT6\PRMTIE\prmtie5.htm
    O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Program Files\PRMT6\PRMTIE\options.htm
    O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Program Files\PRMT6\PRMTIE\options.htm
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - https://resources.flexera.com/web/installengine/engine/isetupml.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: ProtexisLicensing - Unknown owner - D:\WINDOWS\system32\PSIService.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
    0
  19. booddha
     
    ---------------- CORRECTION COMBOFIX ------------------

    fais ceci :

    • Copier le texte ci-dessous :


    File::
    d:\windows\system32\%%%.exe

    Registry::
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Flash Media"=-


    • Ouvrir le Bloc-Notes puis coller le texte copié. (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    • Sauvegarder ce fichier sous le nom de CFScript.txt.
    • Glisser maintenant le fichier CFScript.txt dans Combofix.exe comme montré ici
    • Cela va relancer Combofix,
    • Une fenêtre bleue va apparaître: un message qui apparait ( Type 1 to continue, or 2 to abort)
    • taper 1 puis valider.

    • Patienter le temps du scan. Le bureau va disparaitre à plusieurs reprises: c'est normal!
    • Ne toucher à rien tant que le scan n'est pas terminé.

    • Après redémarrage, copier/coller le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de redémarrage, redémarrer et poster les rapports.
    0
  20. pierre888 Messages postés 253 Statut Membre 65
     
    re
    voici les rapports

    ComboFix 08-04-06.1 - clement 2008-04-07 15:12:28.9 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.2385 [GMT 2:00]
    Endroit: D:\Documents and Settings\clement\Bureau\COMBO-FIX.EXE
    Command switches used :: D:\Documents and Settings\clement\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

    FILE ::
    d:\windows\system32\%%%.exe
    .
    TimedOut: progfile.dat

    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-07 to 2008-04-07 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-07 14:27 . 2008-04-07 14:28 <REP> d-------- D:\ComboFix
    2008-04-07 12:31 . 2008-04-07 12:31 9,296 --a------ D:\WINDOWS\system32\bzjccg.exe
    2008-04-07 12:31 . 2008-04-07 12:31 244 --ah----- D:\sqmnoopt01.sqm
    2008-04-07 12:31 . 2008-04-07 12:31 232 --ah----- D:\sqmdata01.sqm
    2008-04-07 08:20 . 2008-04-07 08:20 <REP> d-------- D:\Program Files\Malwarebytes' Anti-Malware
    2008-04-07 08:20 . 2008-04-07 08:20 <REP> d-------- D:\Documents and Settings\clement\Application Data\Malwarebytes
    2008-04-07 08:20 . 2008-04-07 08:20 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-04-07 07:52 . 2008-04-07 07:52 <REP> d-------- D:\WINDOWS\ERUNT
    2008-04-07 07:46 . 2008-04-07 08:08 <REP> d-------- D:\SDFix
    2008-04-07 07:29 . 2008-04-07 07:29 9,296 --a------ D:\WINDOWS\system32\yfhuwc.exe
    2008-04-07 07:29 . 2008-04-07 07:29 244 --ah----- D:\sqmnoopt00.sqm
    2008-04-07 07:29 . 2008-04-07 07:29 232 --ah----- D:\sqmdata00.sqm
    2008-04-07 05:10 . 2008-04-07 05:10 9,296 --a------ D:\WINDOWS\system32\ipwftr.exe
    2008-04-07 05:08 . 2008-04-07 05:12 <REP> d-------- D:\MSNFix
    2008-04-07 05:08 . 2008-04-07 05:07 447,902 --a------ D:\MSNFix.zip
    2008-04-06 16:55 . 2008-04-06 16:55 <REP> d-------- D:\Program Files\Live-Prod
    2008-04-05 13:04 . 2008-04-05 13:15 <REP> d-------- D:\Program Files\Abacre Photo Downloader
    2008-04-05 10:09 . 2008-04-05 10:09 <REP> d-------- D:\WINDOWS\JSAS
    2008-04-05 10:09 . 2008-04-05 10:09 <REP> d-------- D:\Program Files\JSAS
    2008-04-04 23:05 . 2008-03-29 19:31 75,856 --a------ D:\WINDOWS\system32\drivers\aswSP.sys
    2008-04-04 23:05 . 2008-03-29 19:35 20,560 --a------ D:\WINDOWS\system32\drivers\aswFsBlk.sys
    2008-03-26 18:56 . 2008-03-26 18:56 <REP> d-------- D:\Program Files\Synapse Développement
    2008-03-26 18:56 . 2008-03-26 18:56 24,276 --a------ D:\WINDOWS\system\axd99cab.dll
    2008-03-26 18:07 . 2008-03-26 18:07 23 --a------ D:\WINDOWS\system32\dp48x.hlx
    2008-03-26 17:56 . 2008-03-26 17:56 <REP> d-------- D:\Program Files\Yooda
    2008-03-26 17:35 . 2008-03-26 17:59 <REP> d-------- D:\Program Files\TRELLIAN
    2008-03-26 05:49 . 2008-03-26 05:58 <REP> d-------- D:\Program Files\Ref Hotkey
    2008-03-26 02:50 . 2008-04-06 14:50 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Google Updater
    2008-03-26 00:31 . 2008-03-26 00:31 <REP> d-------- D:\Program Files\IVCsoft
    2008-03-26 00:13 . 2008-03-26 00:13 <REP> d-------- D:\Program Files\BulletProofSoft.com
    2008-03-22 00:20 . 2008-03-22 00:20 <REP> d-------- D:\Program Files\TribalWeb
    2008-03-22 00:20 . 2008-04-06 17:13 <REP> d-------- D:\Documents and Settings\clement\Application Data\TribalWeb
    2008-03-20 02:51 . 2008-03-20 03:16 <REP> d-------- D:\Program Files\SecondLife
    2008-03-20 02:51 . 2008-03-20 02:58 <REP> d-------- D:\Documents and Settings\clement\Application Data\SecondLife
    2008-03-16 21:13 . 2008-04-02 09:01 <REP> d-------- D:\Program Files\RamBoost XP
    2008-03-15 17:39 . 2008-03-15 17:39 <REP> d-------- D:\Program Files\Apache Software Foundation
    2008-03-15 02:26 . 2008-03-15 02:26 0 --a------ D:\WINDOWS\nsreg.dat
    2008-03-15 01:18 . 2008-03-29 19:43 <REP> d-------- D:\Program Files\FileZilla FTP Client
    2008-03-15 01:12 . 2008-03-15 01:15 <REP> d-------- D:\Documents and Settings\clement\Application Data\Sites
    2008-03-15 01:12 . 2008-03-15 01:12 <REP> d-------- D:\Documents and Settings\clement\Application Data\Dynamique
    2008-03-15 01:12 . 2008-03-15 01:12 <REP> d-------- D:\Documents and Settings\clement\Application Data\Classes de site
    2008-03-15 01:11 . 2008-03-15 01:11 <REP> d-------- D:\Program Files\vmntoolbar
    2008-03-15 01:11 . 2008-03-15 01:11 <REP> d-------- D:\Program Files\Visicom Media
    2008-03-15 01:11 . 2008-04-07 13:53 <REP> d-------- D:\Documents and Settings\clement\Application Data\vmntoolbar
    2008-03-14 14:55 . 2008-03-14 14:55 <REP> d-------- D:\Program Files\Vista Buttons Trial
    2008-03-14 00:28 . 2008-03-14 00:28 <REP> d-------- D:\Program Files\PRMT6
    2008-03-14 00:28 . 2008-03-14 00:28 <REP> d-------- D:\Program Files\Fichiers communs\PROject MT
    2008-03-14 00:28 . 2008-03-14 00:28 <REP> d-------- D:\Documents and Settings\clement\Application Data\PROject MT
    2008-03-14 00:28 . 2008-03-14 00:28 <REP> d-------- D:\Documents and Settings\All Users\Application Data\PROject MT
    2008-03-13 23:57 . 2008-03-13 23:57 <REP> d-------- D:\Program Files\ThiWeb Live 2
    2008-03-13 23:44 . 2008-03-13 23:44 <REP> d-------- D:\Program Files\Antadis
    2008-03-13 15:36 . 2008-03-13 15:36 <REP> d-------- D:\Program Files\Pierre Le Muzic - Editeur Fichier CSS
    2008-03-13 09:51 . 2008-03-13 09:51 <REP> d-------- D:\Program Files\directx
    2008-03-13 09:46 . 2008-03-13 09:46 <REP> d-------- D:\Program Files\Micro Application
    2008-03-13 09:46 . 2008-03-13 09:46 40 --a------ D:\WINDOWS\NAVIGMA.INI
    2008-03-11 09:54 . 2008-03-11 10:08 <REP> d-------- D:\Documents and Settings\All Users\Application Data\WinZip
    2008-03-09 19:26 . 2008-03-09 19:26 <REP> d-------- D:\Program Files\innotek VirtualBox
    2008-03-09 16:43 . 2008-03-09 16:50 <REP> d-------- D:\Program Files\MSN Spy 2004
    2008-03-09 07:31 . 2008-04-07 15:08 54,156 --ah----- D:\WINDOWS\QTFont.qfn
    2008-03-09 07:31 . 2008-03-09 07:31 1,409 --a------ D:\WINDOWS\QTFont.for
    2008-03-08 17:58 . 2008-03-08 17:58 <REP> d-------- D:\_OTMoveIt
    2008-03-08 07:18 . 2008-03-09 07:45 <REP> d-------- D:\WINDOWS\BDOSCAN8
    2008-03-07 17:12 . 2008-03-09 19:03 <REP> d-------- D:\Program Files\Navilog1
    2008-03-07 16:13 . 2008-03-07 16:13 <REP> d-------- D:\Program Files\Trend Micro
    2008-03-07 15:40 . 2008-03-07 16:04 <REP> d-------- D:\Program Files\Lopxp

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-07 13:08 --------- d-----w D:\Program Files\ManyCam 2.1
    2008-04-07 13:00 --------- d-----w D:\Program Files\FlashGet
    2008-04-06 23:03 --------- d-----w D:\Program Files\DynDNS Updater
    2008-04-06 14:26 --------- d-----w D:\Program Files\AxBx
    2008-04-06 13:18 --------- d-----w D:\Documents and Settings\clement\Application Data\FileZilla
    2008-03-29 17:45 1,146,232 ----a-w D:\WINDOWS\system32\aswBoot.exe
    2008-03-29 17:35 94,544 ----a-w D:\WINDOWS\system32\drivers\aswmon2.sys
    2008-03-29 17:29 23,152 ----a-w D:\WINDOWS\system32\drivers\aswRdr.sys
    2008-03-29 17:27 42,912 ----a-w D:\WINDOWS\system32\drivers\aswTdi.sys
    2008-03-29 17:26 26,944 ----a-w D:\WINDOWS\system32\drivers\aavmker4.sys
    2008-03-29 17:23 95,608 ----a-w D:\WINDOWS\system32\AvastSS.scr
    2008-03-29 04:38 --------- d-----w D:\Documents and Settings\clement\Application Data\teamspeak2
    2008-03-28 17:23 --------- d-----w D:\Program Files\eChanblard
    2008-03-26 16:56 --------- d--h--w D:\Program Files\InstallShield Installation Information
    2008-03-26 10:47 --------- d-----w D:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-03-26 00:51 --------- d-----w D:\Program Files\Google
    2008-03-23 20:26 --------- d-----w D:\Program Files\Messenger Plus! Live
    2008-03-23 18:39 1,122,304 ---h--w D:\WINDOWS\system32\wodfamop.dll
    2008-03-13 19:47 --------- d-----w D:\Program Files\Java
    2008-03-07 08:16 --------- d-----w D:\Program Files\SUPERAntiSpyware
    2008-03-07 08:16 --------- d-----w D:\Documents and Settings\clement\Application Data\SUPERAntiSpyware.com
    2008-03-06 10:31 --------- d-----w D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-03-05 13:29 --------- d-----w D:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-03-05 13:21 --------- d-----w D:\Program Files\Opera
    2008-03-04 09:24 --------- d-----w D:\Documents and Settings\All Users\Application Data\HP
    2008-03-04 09:23 --------- d-----w D:\Program Files\Fichiers communs\HP
    2008-03-04 09:22 --------- d-----w D:\Program Files\HP
    2008-03-04 09:22 --------- d-----w D:\Program Files\Hewlett-Packard
    2008-03-04 09:21 --------- d-----w D:\Program Files\Fichiers communs\Hewlett-Packard
    2008-03-04 03:22 --------- d-----w D:\Program Files\ISO Commander
    2008-03-02 01:29 --------- d-----w D:\Program Files\Fichiers communs\Macromedia
    2008-03-02 01:28 --------- d-----w D:\Program Files\Macromedia
    2008-03-01 10:48 --------- d-----w D:\Documents and Settings\invite\Application Data\Webcammax
    2008-03-01 10:48 --------- d-----w D:\Documents and Settings\invite\Application Data\Nero
    2008-03-01 10:48 --------- d-----w D:\Documents and Settings\invite\Application Data\Grisoft
    2008-03-01 08:58 --------- d-----w D:\Documents and Settings\Administrateur\Application Data\Grisoft
    2008-02-27 22:14 --------- d-----w D:\Documents and Settings\clement\Application Data\dvdcss
    2008-02-27 16:17 --------- d-----w D:\Program Files\ABC Amber XML Converter
    2008-02-26 03:26 --------- d-----w D:\Program Files\CCleaner
    2008-02-26 03:22 --------- d-----w D:\Program Files\Morpheus
    2008-02-25 22:51 --------- d-----w D:\Program Files\Paltalk Messenger
    2008-02-25 22:51 --------- d-----w D:\Documents and Settings\clement\Application Data\Paltalk
    2008-02-25 17:09 --------- d-----w D:\Documents and Settings\clement\Application Data\LimeWire
    2008-02-25 03:08 --------- d-----w D:\Documents and Settings\clement\Application Data\blaxxun interactive
    2008-02-25 03:03 --------- d-----w D:\Program Files\AskPBar
    2008-02-24 00:07 --------- d-----w D:\Program Files\WebcamMax
    2008-02-23 15:11 --------- d-----w D:\Documents and Settings\clement\Application Data\OtakuSoftware
    2008-02-22 21:46 --------- d-----w D:\Program Files\Fichiers communs\DVDVideoSoft
    2008-02-22 21:46 --------- d-----w D:\Program Files\DVDVideoSoft
    2008-02-22 21:45 --------- d-----w D:\Program Files\OneStopSoft.com
    2008-02-22 21:34 --------- d-----w D:\Program Files\MAGIX
    2008-02-22 21:34 --------- d-----w D:\Documents and Settings\clement\Application Data\MAGIX
    2008-02-22 21:33 --------- d-----w D:\Program Files\Fichiers communs\MAGIX Shared
    2008-02-22 21:33 --------- d-----w D:\Documents and Settings\All Users\Application Data\MAGIX
    2008-02-20 19:17 40,928 ----a-w D:\WINDOWS\system32\drivers\VBoxDrv.sys
    2008-02-20 19:17 27,776 ----a-w D:\WINDOWS\system32\drivers\VBoxUSBMon.sys
    2008-02-20 08:18 --------- d-----w D:\Program Files\CommentCaMarche
    2008-02-14 22:03 --------- d-----w D:\Documents and Settings\clement\Application Data\eXPert PDF Editor
    2008-02-14 21:52 --------- d-----w D:\Documents and Settings\All Users\Application Data\eXPert PDF 5
    2008-02-14 21:48 --------- d-----w D:\Program Files\Fichiers communs\Nero
    2008-02-14 21:48 --------- d-----w D:\Documents and Settings\clement\Application Data\Nero
    2008-02-14 21:47 --------- d-----w D:\Program Files\Nero
    2008-02-14 21:47 --------- d-----w D:\Documents and Settings\All Users\Application Data\Nero
    2008-02-14 21:40 --------- d-----w D:\Program Files\Visagesoft
    2008-02-14 21:40 --------- d-----w D:\Documents and Settings\All Users\Application Data\eXPert PDF Jobs
    2008-02-14 21:40 --------- d-----w D:\Documents and Settings\All Users\Application Data\eXPert PDF
    2008-02-14 21:37 --------- d-----w D:\Program Files\MOVAVI
    2008-02-14 21:37 --------- d-----w D:\Program Files\ConvertMovie 5.0
    2008-02-14 00:49 --------- d-----w D:\Documents and Settings\clement\Application Data\Dev-Cpp
    2008-02-13 17:34 --------- d-----w D:\Program Files\PhotoFiltre
    2008-02-13 13:36 13 ---h--w D:\Documents and Settings\All Users\Application Data\1ÌØ13.sys
    2008-02-13 13:36 --------- d-----w D:\Program Files\CoffeeCup Software
    2008-02-13 12:38 --------- d-----w D:\Program Files\Microsoft Visual Studio .NET
    2008-02-13 12:38 --------- d-----w D:\Program Files\Gdot
    2008-02-13 12:38 --------- d-----w D:\Program Files\Fichiers communs\Crystal Decisions
    2008-02-13 07:42 --------- d-----w D:\Program Files\Alwil Software
    2008-02-12 22:56 --------- d-----w D:\Program Files\PDFCreator
    2008-02-12 19:20 --------- d-----w D:\Program Files\PDFapps Convert PDF to HTML 2.0
    2008-02-12 13:19 --------- d-----w D:\Documents and Settings\clement\Application Data\Nvu
    2008-02-11 20:52 --------- d-----w D:\Program Files\LimeWire
    2008-02-11 02:00 --------- d-----w D:\Program Files\MSXML 4.0
    2008-02-10 22:19 3,452 --sha-w D:\WINDOWS\system32\KGyGaAvL.sys
    2008-02-10 22:18 --------- d-----w D:\Documents and Settings\clement\Application Data\Corel
    2008-02-10 18:21 --------- d-----w D:\Program Files\iTunes
    2008-02-10 18:21 --------- d-----w D:\Program Files\iPod
    2008-02-10 18:21 --------- d-----w D:\Program Files\Bonjour
    2008-02-10 18:21 --------- d-----w D:\Documents and Settings\clement\Application Data\Apple Computer
    2008-02-10 18:21 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-02-10 18:20 --------- d-----w D:\Program Files\QuickTime
    2008-02-10 18:19 --------- d-----w D:\Program Files\Apple Software Update
    2008-02-10 18:18 --------- d-----w D:\Program Files\Fichiers communs\Apple
    2008-02-10 18:18 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple
    2008-02-10 11:03 --------- d-----w D:\Documents and Settings\All Users\Application Data\Corel
    2008-02-10 11:02 --------- d-----w D:\Program Files\Fichiers communs\Corel
    2008-02-10 11:02 --------- d-----w D:\Program Files\Corel
    2008-02-09 03:32 --------- d-----w D:\Program Files\Teleport Pro
    2008-02-09 02:00 --------- d-----w D:\Program Files\MSXML 6.0
    2008-02-08 19:36 --------- d-----w D:\Program Files\WinHTTrack
    2008-02-08 19:30 --------- d-----w D:\Program Files\MorpheusBar
    2008-02-08 12:33 --------- d-----w D:\Program Files\ParallelGraphics
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]
    2007-10-24 16:27 1918936 --a------ D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{A057A204-BACC-4D26-8287-79A187E26987}"= "D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL" [2007-10-24 16:27 1918936]

    [HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
    [HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{A057A204-BACC-4D26-8287-79A187E26987}"= D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL [2007-10-24 16:27 1918936]

    [HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
    [HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="D:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-11-06 16:03 5724184]
    "ManyCam"="D:\Program Files\ManyCam 2.1\ManyCam.exe" [2007-08-20 12:44 1515520]
    "LogitechSoftwareUpdate"="D:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 18:07 196608]
    "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 20:10 1688872]
    "CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "!AVG Anti-Spyware"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
    "WebcamMaxMoniter"="D:\Program Files\WebcamMax\wcmmon.exe" [2007-09-16 07:15 450048]
    "vspdfprsrv.exe"="D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe" [2007-07-02 20:58 966656]
    "TrayServer"="D:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe" [2007-07-17 14:58 90112]
    "SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "SoundMAXPnP"="D:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 22:34 868352]
    "SoundMAX"="D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 08:12 729088]
    "QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2008-02-10 19:59 385024]
    "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 D:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
    "NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
    "NeroFilterCheck"="D:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
    "NBKeyScan"="D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 15:21 2213160]
    "LVCOMSX"="D:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 12:52 221184]
    "LogitechVideoTray"="D:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 18:37 217088]
    "LogitechVideoRepair"="D:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 18:47 458752]
    "JMB36X IDE Setup"="D:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 15:36 36864]
    "iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 15:18 267048]
    "Flashget"="D:\Program Files\FlashGet\FlashGet.exe" [2007-09-25 10:10 2007088]
    "avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
    "Autoconfigurateur WiFi Neuf"="D:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2007-02-14 13:06 181752]
    "36X Raid Configurer"="D:\WINDOWS\system32\xRaidSetup.exe" [2007-03-21 17:23 1953792]
    "HP Software Update"="D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 16:49 49152]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
    "DWQueuedReporting"="D:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 17:38 39264]
    "msnmsgr"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-11-06 16:03 5724184]

    D:\Documents and Settings\clement\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma.lnk - D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
    Raccourci (2) vers chatserv.lnk - C:\chatserv4\chatserv.exe [2007-12-30 12:36:29 1855526]
    Raccourci (3) vers chatserv.lnk - C:\chatserv9\chatserv.exe [2007-12-30 12:36:39 1855526]
    Raccourci vers chatserv.lnk - C:\chatserv6\chatserv.exe [2007-12-30 12:36:34 1855526]
    Raccourci vers chatserv5.lnk - C:\chatserv_bleu\chatserv.exe [2008-02-20 14:49:16 1855526]
    TribalWeb.lnk - D:\Program Files\TribalWeb\tribalweb.exe [2008-03-22 00:20:37 1077248]

    D:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    D‚marrage rapide du logiciel HP Image Zone.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 20:50:52 53248]
    HP Digital Imaging Monitor.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 20:28:24 258048]
    Outil de mise … jour Google.lnk - D:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-26 02:50:34 124400]
    WinZip Quick Pick.lnk - D:\Program Files\WinZip\WZQKPICK.EXE [2007-06-06 12:10:02 394856]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.I420"= lvcodec2.dll
    "MSVideo"= vfwwdm32.dll
    "MSVideo8"= VfWWDM32.dll
    "vidc.tscc"= tsccvid.dll
    "vidc.LEAD"= LCODCCMP.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "iPod Service"=3 (0x3)
    "gusvc"=3 (0x3)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "D:\\Program Files\\FlashGet\\flashget.exe"=
    "C:\\chatserv9\\chatserv.exe"=
    "C:\\chatserv4\\chatserv.exe"=
    "C:\\chatserv2\\chatserv.exe"=
    "C:\\chat.scania\\chat.exe"=
    "D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "D:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\French\\setup.exe"=
    "C:\\chatserv6\\chatserv.exe"=
    "D:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
    "D:\\chat.scan\\chat.exe"=
    "D:\\chat.scania\\chat.exe"=
    "D:\\Program Files\\eChanblard\\emule.exe"=
    "D:\\Program Files\\Morpheus\\Morpheus.exe"=
    "D:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "D:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
    "D:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "D:\\Program Files\\iTunes\\iTunes.exe"=
    "D:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
    "D:\\Program Files\\innotek VirtualBox\\VirtualBox.exe"=
    "C:\\chatserv_bleu\\chatserv.exe"=
    "D:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"=
    "D:\\chatserv\\chatserv.exe"=
    "D:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
    "D:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
    "D:\\Program Files\\TribalWeb\\tribalweb.exe"=
    "D:\\Program Files\\Yooda\\SeeUrankV3\\SeeUrank.exe"=
    "D:\\Program Files\\JSAS\\http_root\\usr\\local\\Apache2\\bin\\Apache.exe"=
    "D:\\Program Files\\JSAS\\http_root\\usr\\local\\mysql\\bin\\mysqld-opt.exe"=
    "D:\\WINDOWS\\system32\\%%%.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "7890:TCP"= 7890:TCP:e3
    "7890:UDP"= 7890:UDP:e4

    R1 aswSP;avast! Self Protection;D:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
    R1 VBoxDrv;VirtualBox Service;D:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2008-02-20 21:17]
    R1 VBoxUSBMon;VirtualBox USB Monitor Driver;D:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2008-02-20 21:17]
    R2 aswFsBlk;aswFsBlk;D:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
    R2 CamthWDM;WebcamMax, WDM Video Capture;D:\WINDOWS\system32\DRIVERS\CamthWDM.sys [2007-10-06 10:38]
    R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;D:\WINDOWS\system32\DRIVERS\ManyCam.sys [2007-03-22 14:17]
    R3 PCASp50;PCASp50 NDIS Protocol Driver;D:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 03:13]
    R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;D:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-06-16 16:30]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 16:18]
    S3 SjyPkt;SjyPkt;D:\WINDOWS\System32\Drivers\SjyPkt.sys [2006-03-31 05:39]
    S3 VBoxTAP;VirtualBox TAP Adapter;D:\WINDOWS\system32\DRIVERS\VBoxTAP.sys [2007-09-03 18:19]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa35ab71-c10a-11dc-8d72-806d6172696f}]
    \Shell\AutoRun\command - E:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5a2d3a6-c126-11dc-97b0-00146c722b84}]
    \Shell\AutoRun\command - setupSNK.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-04-02 20:08:00 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - D:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-04-07 05:43:19 D:\WINDOWS\Tasks\User_Feed_Synchronization-{25E3F2BE-EC8D-4DBB-AF4F-599536C5B7CB}.job"
    - D:\WINDOWS\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-07 15:15:14
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-07 15:17:28
    ComboFix-quarantined-files.txt 2008-04-07 13:17:26
    ComboFix2.txt 2008-04-07 12:38:03
    ComboFix3.txt 2008-04-07 12:34:08
    ComboFix4.txt 2008-03-08 15:50:59
    ComboFix5.txt 2008-03-08 09:38:01
    Pre-Run: 104,544,759,808 octets libres
    Post-Run: 104,530,518,016 octets libres
    .
    2008-03-12 07:03:31 --- E O F ---

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:24:05, on 07/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    D:\Program Files\Alwil Software\Avast4\ashServ.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    D:\Program Files\Bonjour\mDNSResponder.exe
    D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    D:\WINDOWS\system32\nvsvc32.exe
    D:\WINDOWS\system32\PSIService.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    D:\Program Files\WebcamMax\wcmmon.exe
    D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe
    D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    D:\Program Files\Analog Devices\Core\smax4pnp.exe
    D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    D:\WINDOWS\system32\RUNDLL32.EXE
    D:\WINDOWS\system32\LVCOMSX.EXE
    D:\Program Files\Logitech\Video\LogiTray.exe
    D:\Program Files\iTunes\iTunesHelper.exe
    D:\Program Files\FlashGet\FlashGet.exe
    D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\Program Files\Neuf\Kit\WiFi\9wifi.exe
    D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    D:\Program Files\ManyCam 2.1\ManyCam.exe
    D:\Program Files\Logitech\Video\FxSvr2.exe
    D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    D:\Program Files\Google\Google Updater\GoogleUpdater.exe
    D:\Program Files\WinZip\WZQKPICK.EXE
    D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    C:\chatserv4\chatserv.exe
    C:\chatserv9\chatserv.exe
    C:\chatserv6\chatserv.exe
    C:\chatserv_bleu\chatserv.exe
    D:\Program Files\TribalWeb\tribalweb.exe
    D:\Program Files\iPod\bin\iPodService.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\Program Files\Windows Live\Messenger\usnsvc.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\Program Files\Trend Micro\HijackThis\MonJack.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - D:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: Traducteur - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - D:\Program Files\PRMT6\PRMTIE\prmtie.dll
    O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [WebcamMaxMoniter] "D:\Program Files\WebcamMax\wcmmon.exe" /a
    O4 - HKLM\..\Run: [vspdfprsrv.exe] D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background
    O4 - HKLM\..\Run: [TrayServer] D:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [JMB36X IDE Setup] D:\WINDOWS\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Flashget] D:\Program Files\FlashGet\FlashGet.exe /min
    O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "D:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
    O4 - HKLM\..\Run: [36X Raid Configurer] D:\WINDOWS\system32\xRaidSetup.exe boot
    O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ManyCam] "D:\Program Files\ManyCam 2.1\ManyCam.exe"
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Raccourci (2) vers chatserv.lnk = C:\chatserv4\chatserv.exe
    O4 - Startup: Raccourci (3) vers chatserv.lnk = C:\chatserv9\chatserv.exe
    O4 - Startup: Raccourci vers chatserv.lnk = C:\chatserv6\chatserv.exe
    O4 - Startup: Raccourci vers chatserv5.lnk = C:\chatserv_bleu\chatserv.exe
    O4 - Startup: TribalWeb.lnk = D:\Program Files\TribalWeb\tribalweb.exe
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - D:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Program Files\PRMT6\PRMTIE\prmtie5.htm
    O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Program Files\PRMT6\PRMTIE\prmtie5.htm
    O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Program Files\PRMT6\PRMTIE\options.htm
    O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Program Files\PRMT6\PRMTIE\options.htm
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - https://resources.flexera.com/web/installengine/engine/isetupml.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: ProtexisLicensing - Unknown owner - D:\WINDOWS\system32\PSIService.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
    0
  • 1
  • 2