Sujet Précédent Sujet Suivant

System Alerte

Résolu
AshleySam Messages postés 135 Statut Membre -  
g!rly Messages postés 18462 Statut Contributeur -
Bonjour,

J'ai un message "System Alert" qui tout le temps depuis 2 jours. Il y a une croix blanche dans un rond rouge en bas de l'écran et des fois 3 program s'affiche sur mon bureau et le papier peint change tout seule.

Pouvez vous m'aider.

PS: J'ai trouvé certaine réponse sur le forum, mais quand j'applique les options il est dit de demander l'avais d'un pro car chaque problème est différents, donc je vous demande.

9 réponses

Réponse 1 / 9
g!rly Messages postés 18462 Statut Contributeur 406
 
salut,

post un rapport hijack this stp

Télécharge HijackThis ici :

-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)

-> http://pageperso.aol.fr/balltrap34/Hijenr.gif

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

Post le rapport généré ici stp...

@+
0
Réponse 2 / 9
AshleySam Messages postés 135 Statut Membre 20
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:42, on 10/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\wanmpsvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\AOL\1207504784\ee\AOLSoftware.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\APPS\SMP\SmpSys.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\AOL 9.0a\aoltray.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\AOL 9.0a\waol.exe
C:\Program Files\AOL 9.0a\shellmon.exe
C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = file://C:\APPS\IE\offline\fr.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DVA Media - {566C6071-FBB6-490C-A333-E489DDE9424D} - C:\WINDOWS\temlxopqrxg.dll (file missing)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Afficher Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: vnbptxlf - {4126A715-7157-459A-BE7F-D19C9770E169} - C:\WINDOWS\vnbptxlf.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1207504784\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-836209080-1763190458-1314662409-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Brigitte')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O17 - HKLM\System\CCS\Services\Tcpip\..\{120F0465-EA91-4A41-BFFD-DB92C7134485}: NameServer = 205.188.146.145
O17 - HKLM\System\CS3\Services\Tcpip\..\{120F0465-EA91-4A41-BFFD-DB92C7134485}: NameServer = 205.188.146.145
O21 - SSODL: WinCD - {2fa055ed-fe0b-471f-bdf6-04637515eb9e} - C:\WINDOWS\Resources\WinCD.dll
O21 - SSODL: mgsvflkw - {941D0DEA-6F65-42CE-8D63-51F14D9A02DF} - C:\WINDOWS\mgsvflkw.dll (file missing)
O21 - SSODL: qdnkewfa - {7860EDD8-E261-450B-A9F7-23928D94FFFF} - C:\WINDOWS\qdnkewfa.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
0
Réponse 3 / 9
g!rly Messages postés 18462 Statut Contributeur 406
 
salut passe ceci:

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

+ un nouveau rapport hijack this stp

@+
0
Réponse 4 / 9
AshleySam Messages postés 135 Statut Membre 20
 
ComboFix 08-04-09.8 - Amélie 2008-04-10 11:48:55.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.514 [GMT 2:00]
Endroit: D:\Documents and Settings\Amélie.115201340319\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.exe
C:\Program Files\Inet Delivery
C:\Program Files\Inet Delivery\inetdl.exe
C:\Program Files\Inet Delivery\intdel.exe
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mslagent
C:\WINDOWS\mslagent\2_mslagent.dll
C:\WINDOWS\mslagent\mslagent.exe
C:\WINDOWS\mslagent\uninstall.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\system32akttzn.exe
C:\WINDOWS\system32anticipator.dll
C:\WINDOWS\system32awtoolb.dll
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32bsva-egihsg52.exe
C:\WINDOWS\system32dpcproxy.exe
C:\WINDOWS\system32emesx.dll
C:\WINDOWS\system32h@tkeysh@@k.dll
C:\WINDOWS\system32hoproxy.dll
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\system32hxiwlgpm.exe
C:\WINDOWS\system32medup012.dll
C:\WINDOWS\system32medup020.dll
C:\WINDOWS\system32msgp.exe
C:\WINDOWS\system32msnbho.dll
C:\WINDOWS\system32mssecu.exe
C:\WINDOWS\system32msvchost.exe
C:\WINDOWS\system32mtr2.exe
C:\WINDOWS\system32mwin32.exe
C:\WINDOWS\system32netode.exe
C:\WINDOWS\system32newsd32.exe
C:\WINDOWS\system32ps1.exe
C:\WINDOWS\system32psof1.exe
C:\WINDOWS\system32psoft1.exe
C:\WINDOWS\system32regc64.dll
C:\WINDOWS\system32regm64.dll
C:\WINDOWS\system32Rundl1.exe
C:\WINDOWS\system32smp
C:\WINDOWS\system32smp\msrc.exe
C:\WINDOWS\system32sncntr.exe
C:\WINDOWS\system32ssurf022.dll
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32ssvchost.exe
C:\WINDOWS\system32sysreq.exe
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32taack.exe
C:\WINDOWS\system32temp#01.exe
C:\WINDOWS\system32thun.dll
C:\WINDOWS\system32thun32.dll
C:\WINDOWS\system32VBIEWER.OCX
C:\WINDOWS\system32vbsys2.dll
C:\WINDOWS\system32vcatchpi.dll
C:\WINDOWS\system32winlogonpc.exe
C:\WINDOWS\system32winsystem.exe
C:\WINDOWS\system32WINWGPX.EXE
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\Web\def.htm
C:\WINDOWS\winsystem.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp
D:\Documents and Settings\Adeline.115201340319\Bureaublackbird.jpg
D:\Documents and Settings\Adeline.115201340319\BureauEditorFKWP1.5.exe
D:\Documents and Settings\Adeline.115201340319\BureauEditorFKWP2.0.exe
D:\Documents and Settings\Adeline.115201340319\Bureaufilemanagerclient.exe
D:\Documents and Settings\Adeline.115201340319\Bureaufkwp1.5.exe
D:\Documents and Settings\Adeline.115201340319\Bureaufkwp2.0.exe
D:\Documents and Settings\Adeline.115201340319\Bureaufwebd.exe
D:\Documents and Settings\Adeline.115201340319\BureauFWebdEditor.exe
D:\Documents and Settings\Adeline.115201340319\BureauTrojan.Win32.BlackBird.exe
D:\Documents and Settings\Adeline.115201340319\Bureauvirii
D:\Documents and Settings\Amélie.115201340319\Bureaublackbird.jpg
D:\Documents and Settings\Amélie.115201340319\BureauEditorFKWP1.5.exe
D:\Documents and Settings\Amélie.115201340319\BureauEditorFKWP2.0.exe
D:\Documents and Settings\Amélie.115201340319\Bureaufilemanagerclient.exe
D:\Documents and Settings\Amélie.115201340319\Bureaufkwp1.5.exe
D:\Documents and Settings\Amélie.115201340319\Bureaufkwp2.0.exe
D:\Documents and Settings\Amélie.115201340319\Bureaufwebd.exe
D:\Documents and Settings\Amélie.115201340319\BureauFWebdEditor.exe
D:\Documents and Settings\Amélie.115201340319\BureauTrojan.Win32.BlackBird.exe
D:\Documents and Settings\Amélie.115201340319\Bureauvirii
D:\Documents and Settings\Amélie.115201340319\Favoris\Error Cleaner.url
D:\Documents and Settings\Amélie.115201340319\Favoris\Privacy Protector.url
D:\Documents and Settings\Amélie.115201340319\Favoris\Spyware&Malware Protection.url
D:\Documents and Settings\Amélie.vouin\Application Data\FunWebProducts
D:\Documents and Settings\Amélie.vouin\Application Data\FunWebProducts\Data\Amélie\avatar.dat
D:\Documents and Settings\Amélie.vouin\Application Data\FunWebProducts\Data\Amélie\zbucks.dat
D:\Documents and Settings\Amélie.vouin\Application Data\ShoppingReport
D:\Documents and Settings\Amélie.vouin\Application Data\ShoppingReport\cs\Config.xml
D:\Documents and Settings\Amélie.vouin\Application Data\ShoppingReport\cs\db\Aliases.dbs
D:\Documents and Settings\Amélie.vouin\Application Data\ShoppingReport\cs\db\Sites.dbs
D:\Documents and Settings\Amélie.vouin\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
D:\Documents and Settings\Amélie.vouin\Application Data\ShoppingReport\cs\report\aggr_storage.xml
D:\Documents and Settings\Amélie.vouin\Application Data\ShoppingReport\cs\report\send_storage.xml
D:\Documents and Settings\Amélie.vouin\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
D:\Documents and Settings\Amélie.vouin\Local Settings\Application Data\fqwvjmtwq.dat
D:\Documents and Settings\Amélie.vouin\Local Settings\Application Data\fqwvjmtwq.exe
D:\Documents and Settings\Amélie.vouin\Local Settings\Application Data\fqwvjmtwq_nav.dat
D:\Documents and Settings\Amélie.vouin\Local Settings\Application Data\fqwvjmtwq_navps.dat
D:\Documents and Settings\Amélie\Application Data\tmp1A5.tmp.exe
D:\Documents and Settings\Amélie\Application Data\tmp4402.tmp.exe
D:\Documents and Settings\Amélie\Local Settings\Application Data\xsqmppz.dat
D:\Documents and Settings\Amélie\Local Settings\Application Data\xsqmppz_nav.dat
D:\Documents and Settings\Amélie\Local Settings\Application Data\xsqmppz_navps.dat
D:\Documents and Settings\Anaïs\Application Data\ShoppingReport
D:\Documents and Settings\Anaïs\Application Data\ShoppingReport\cs\persist.dbs
D:\Documents and Settings\Brigitte.115201340319\Bureau\Error Cleaner.url
D:\Documents and Settings\Brigitte.115201340319\Bureau\Privacy Protector.url
D:\Documents and Settings\Brigitte.115201340319\Bureau\Spyware&Malware Protection.url
D:\Documents and Settings\Brigitte.115201340319\Bureaublackbird.jpg
D:\Documents and Settings\Brigitte.115201340319\BureauEditorFKWP1.5.exe
D:\Documents and Settings\Brigitte.115201340319\BureauEditorFKWP2.0.exe
D:\Documents and Settings\Brigitte.115201340319\Bureaufilemanagerclient.exe
D:\Documents and Settings\Brigitte.115201340319\Bureaufkwp1.5.exe
D:\Documents and Settings\Brigitte.115201340319\Bureaufkwp2.0.exe
D:\Documents and Settings\Brigitte.115201340319\Bureaufwebd.exe
D:\Documents and Settings\Brigitte.115201340319\BureauFWebdEditor.exe
D:\Documents and Settings\Brigitte.115201340319\BureauTrojan.Win32.BlackBird.exe
D:\Documents and Settings\Brigitte.115201340319\Bureauvirii
D:\Documents and Settings\Brigitte.115201340319\Favoris\Error Cleaner.url
D:\Documents and Settings\Brigitte.115201340319\Favoris\Privacy Protector.url
D:\Documents and Settings\Brigitte.115201340319\Favoris\Spyware&Malware Protection.url
D:\Documents and Settings\Brigitte\Application Data\macromedia\Flash Player\#SharedObjects\JYUTUYAN\www.broadcaster.com
D:\Documents and Settings\Brigitte\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
D:\Documents and Settings\Brigitte\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
D:\Documents and Settings\Brigitte\Application Data\ShoppingReport
D:\Documents and Settings\Brigitte\Application Data\ShoppingReport\cs\Config.xml
D:\Documents and Settings\Brigitte\Application Data\ShoppingReport\cs\db\Aliases.dbs
D:\Documents and Settings\Brigitte\Application Data\ShoppingReport\cs\db\Sites.dbs
D:\Documents and Settings\Brigitte\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
D:\Documents and Settings\Brigitte\Application Data\ShoppingReport\cs\persist.dbs
D:\Documents and Settings\Brigitte\Application Data\ShoppingReport\cs\report\aggr_storage.xml
D:\Documents and Settings\Brigitte\Application Data\ShoppingReport\cs\report\send_storage.xml
D:\Documents and Settings\Brigitte\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
D:\Documents and Settings\Brigitte\Application Data\tmp154.tmp.exe
D:\Documents and Settings\Brigitte\Application Data\tmp38B6.tmp.exe
D:\Documents and Settings\Ilia\Application Data\ShoppingReport
D:\Documents and Settings\Ilia\Application Data\ShoppingReport\cs\Config.xml
D:\Documents and Settings\Ilia\Application Data\ShoppingReport\cs\db\Aliases.dbs
D:\Documents and Settings\Ilia\Application Data\ShoppingReport\cs\db\Sites.dbs
D:\Documents and Settings\Ilia\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
D:\Documents and Settings\Ilia\Application Data\ShoppingReport\cs\persist.dbs
D:\Documents and Settings\Ilia\Application Data\ShoppingReport\cs\report\aggr_storage.xml
D:\Documents and Settings\Ilia\Application Data\ShoppingReport\cs\report\send_storage.xml
D:\Documents and Settings\Ilia\Application Data\ShoppingReport\cs\res2\WhiteList.dbs

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-10 to 2008-04-10 ))))))))))))))))))))))))))))))))))))
.

2008-04-10 11:38 . 2008-04-10 11:38 <REP> d-------- C:\Hija
2008-04-10 11:35 . 2008-04-10 11:35 <REP> d-------- C:\Program Files\Trend Micro
2008-04-10 10:36 . 2008-04-10 10:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-10 10:36 . 2008-04-10 10:36 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-10 10:26 . 2008-04-10 11:50 <REP> d-------- D:\Documents and Settings\Brigitte.115201340319\Contacts
2008-04-10 08:40 . 2008-04-10 08:40 197 --a------ C:\WINDOWS\system32\MRT.INI
2008-04-10 08:39 . 2008-04-10 08:50 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-04-10 08:38 . 2008-04-10 08:38 <REP> d-------- D:\Documents and Settings\Brigitte.115201340319\Application Data\Grisoft
2008-04-09 19:59 . 2008-04-09 19:59 <REP> d-------- D:\Documents and Settings\Adeline.115201340319\Application Data\Grisoft
2008-04-09 19:59 . 2008-04-09 19:59 <REP> d-------- D:\Documents and Settings\Adeline.115201340319\Application Data\AOL
2008-04-09 19:58 . 2008-04-09 19:58 102,400 --a------ C:\WINDOWS\system32\potuvczi.exe
2008-04-09 19:57 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\Adeline.115201340319\Voisinage réseau
2008-04-09 19:57 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\Adeline.115201340319\Voisinage d'impression
2008-04-09 19:57 . 2008-04-05 00:11 <REP> d--h----- D:\Documents and Settings\Adeline.115201340319\Modèles
2008-04-09 19:57 . 2008-04-09 19:58 <REP> dr------- D:\Documents and Settings\Adeline.115201340319\Mes documents
2008-04-09 19:57 . 2008-04-05 00:11 <REP> dr------- D:\Documents and Settings\Adeline.115201340319\Menu Démarrer
2008-04-09 19:57 . 2008-04-09 19:58 <REP> dr------- D:\Documents and Settings\Adeline.115201340319\Favoris
2008-04-09 19:57 . 2008-04-09 19:58 <REP> dr------- D:\Documents and Settings\Adeline.115201340319\Bureau
2008-04-09 19:57 . 2008-04-05 00:11 <REP> d-------- D:\Documents and Settings\Adeline.115201340319\Application Data\You've Got Pictures Screensaver
2008-04-09 19:57 . 2006-03-16 13:22 <REP> d-------- D:\Documents and Settings\Adeline.115201340319\Application Data\Symantec
2008-04-09 19:31 . 2008-04-10 11:23 <REP> d-------- C:\Program Files\Navilog1
2008-04-09 18:48 . 2008-04-09 18:53 <REP> d-------- D:\Documents and Settings\Amélie.115201340319\Application Data\ma-config.com
2008-04-09 18:48 . 2008-04-09 18:48 <REP> d-------- C:\Program Files\ma-config.com
2008-04-09 15:48 . 2008-04-09 15:48 <REP> d-------- D:\Documents and Settings\Amélie.115201340319\Application Data\Grisoft
2008-04-09 15:48 . 2008-04-09 15:48 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-09 15:48 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-09 13:21 . 2008-04-09 13:21 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-09 12:57 . 2008-04-09 12:57 <REP> d-------- C:\Program Files\Yahoo!
2008-04-09 12:57 . 2008-04-09 12:58 <REP> d-------- C:\Program Files\CCleaner
2008-04-08 21:20 . 2008-04-08 21:20 244 --ah----- C:\sqmnoopt00.sqm
2008-04-08 21:20 . 2008-04-08 21:20 232 --ah----- C:\sqmdata00.sqm
2008-04-08 21:17 . 2008-04-08 21:17 <REP> d-------- D:\Documents and Settings\Brigitte.115201340319\Application Data\TmpRecentIcons
2008-04-08 19:31 . 2008-04-09 13:00 <REP> d-------- D:\Documents and Settings\Amélie.115201340319\Application Data\TmpRecentIcons
2008-04-08 17:02 . 2008-04-10 08:40 <REP> d-------- D:\Documents and Settings\All Users\Application Data\fejansjm
2008-04-08 16:39 . 2008-04-09 14:53 <REP> d-------- C:\Program Files\7-Zip
2008-04-08 15:54 . 2008-04-08 15:54 <REP> d-------- C:\Program Files\LG Electronics
2008-04-08 15:53 . 2008-04-08 15:53 <REP> d-------- C:\Program Files\LGGSM
2008-04-08 15:53 . 2005-09-05 11:33 81,920 -ra------ C:\WINDOWS\system32\srctrl.dll
2008-04-08 13:17 . 2008-04-08 13:17 <REP> d-------- D:\Documents and Settings\Amélie.115201340319\Application Data\Media Player Classic
2008-04-08 13:01 . 2008-04-08 13:01 <REP> d-------- C:\Program Files\GamesBar
2008-04-08 13:01 . 2008-04-08 13:16 <REP> d-------- C:\Program Files\Gamenext
2008-04-08 10:31 . 2008-04-08 10:32 <REP> d-------- C:\Program Files\PhotoFiltre Studio
2008-04-08 10:31 . 2008-04-08 10:31 45 ---h----- C:\WINDOWS\dhdd2691.dat
2008-04-07 18:48 . 2008-04-07 18:48 <REP> d-------- C:\Program Files\Fichiers communs\HP
2008-04-07 18:43 . 2008-04-07 18:43 <REP> d-------- C:\Program Files\Hewlett-Packard
2008-04-07 18:40 . 2008-04-07 18:40 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard
2008-04-07 17:53 . 2008-04-07 17:53 <REP> d-------- D:\Documents and Settings\Amélie.115201340319\Application Data\HP
2008-04-07 17:53 . 2008-04-07 18:59 113,493 --a------ C:\WINDOWS\hpoins07.dat
2008-04-07 17:53 . 2005-05-24 08:50 21,124 --------- C:\WINDOWS\hpomdl07.dat
2008-04-06 21:03 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-04-06 21:03 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-04-06 21:03 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-04-06 21:03 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-04-06 21:03 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-04-06 21:03 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-04-06 21:03 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-06 21:03 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-06 21:00 . 2008-04-07 18:48 <REP> d-------- C:\Program Files\HP
2008-04-06 20:57 . 2008-04-06 20:57 <REP> d-------- D:\Documents and Settings\Brigitte.115201340319\Application Data\HP
2008-04-06 20:00 . 2003-08-27 10:29 65,536 --a------ C:\WINDOWS\wanmpsvc.exe
2008-04-06 18:24 . 2001-08-17 22:00 2,944 --a------ C:\WINDOWS\system32\drivers\msmpu401.sys
2008-04-06 18:24 . 2001-08-17 22:00 2,944 --a------ C:\WINDOWS\system32\dllcache\msmpu401.sys
2008-04-06 17:40 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-06 17:25 . 2008-04-06 17:25 <REP> d-------- C:\Program Files\MSXML 6.0
2008-04-06 17:19 . 2008-04-06 17:19 <REP> d-------- C:\Program Files\MSBuild
2008-04-06 17:02 . 2008-04-06 17:23 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-06 17:00 . 2008-04-06 17:00 <REP> d-------- C:\Program Files\Reference Assemblies
2008-04-06 16:57 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-06 16:55 . 2006-10-04 16:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-04-06 16:55 . 2006-10-04 16:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-04-06 16:55 . 2006-10-04 16:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-04-06 16:54 . 2008-04-06 16:54 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-04-06 16:50 . 2008-04-06 16:50 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-04-06 16:50 . 2008-04-06 16:52 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-06 16:33 . 2005-01-28 13:44 224,768 --a------ C:\WINDOWS\system32\setb1.tmp
2008-04-06 16:32 . 2005-01-28 13:44 396,528 --a------ C:\WINDOWS\system32\setb0.tmp
2008-04-06 13:04 . 2008-04-06 13:04 <REP> d-------- D:\Documents and Settings\Amélie.115201340319\Application Data\TheScruffs
2008-04-06 13:03 . 2008-04-06 13:03 <REP> d-------- D:\Documents and Settings\Amélie.115201340319\Application Data\Zylom
2008-04-06 13:03 . 2008-04-06 13:03 <REP> d--hs---- C:\WINDOWS\ftpcache
2008-04-06 12:21 . 2008-04-06 17:32 <REP> d-------- C:\Program Files\Zylom Games
2008-04-06 12:15 . 2008-04-06 12:17 <REP> d-------- C:\Program Files\Windows Live
2008-04-06 12:15 . 2008-04-06 12:16 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-04-06 10:24 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-06 10:24 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-06 10:24 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-05 19:27 . 2008-04-05 19:28 <REP> d-------- D:\Documents and Settings\Amélie.115201340319\Contacts
2008-04-05 19:27 . 2008-04-05 19:28 <REP> d-------- D:\Documents and Settings\Amélie.115201340319\Contacts
2008-04-05 19:27 . 2008-04-05 19:27 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-04-05 19:26 . 2008-04-09 12:55 <REP> d-------- C:\Program Files\Windows Live Toolbar
2008-04-05 19:25 . 2008-04-06 12:17 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-05 18:41 . 2008-04-05 18:41 <REP> d-------- D:\Documents and Settings\Amélie.115201340319\Application Data\MSNInstaller
2008-04-05 09:43 . 2008-04-06 18:39 <REP> d-------- D:\Documents and Settings\Amélie.115201340319\Application Data\AdobeUM
2008-04-05 08:42 . 2008-04-05 08:42 <REP> d-------- D:\Documents and Settings\Brigitte.115201340319\Application Data\AOL
2008-04-05 08:41 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\Brigitte.115201340319\Voisinage réseau
2008-04-05 08:41 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\Brigitte.115201340319\Voisinage d'impression
2008-04-05 08:41 . 2008-04-05 00:11 <REP> d--h----- D:\Documents and Settings\Brigitte.115201340319\Modèles
2008-04-05 08:41 . 2008-04-10 10:26 <REP> dr------- D:\Documents and Settings\Brigitte.115201340319\Mes documents
2008-04-05 08:41 . 2008-04-05 00:11 <REP> dr------- D:\Documents and Settings\Brigitte.115201340319\Menu Démarrer
2008-04-05 08:41 . 2008-04-10 11:53 <REP> dr------- D:\Documents and Settings\Brigitte.115201340319\Favoris
2008-04-05 08:41 . 2008-04-10 11:53 <REP> dr------- D:\Documents and Settings\Brigitte.115201340319\Bureau

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-10 09:54 --------- d-----w D:\Documents and Settings\All Users\Application Data\Symantec
2008-04-08 14:47 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2008-04-08 13:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-06 18:06 --------- d-----w C:\Program Files\Fichiers communs\AOL
2008-04-06 15:40 --------- d-----w C:\Program Files\Java
2008-04-06 10:15 --------- d-----w D:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-05 07:12 0 ----a-w C:\Program Files\temp01
2008-04-04 22:08 --------- d-----w C:\Program Files\ShowTime
2008-04-04 22:07 --------- d-----w C:\Program Files\Services en ligne
2008-04-04 22:06 --------- d-----w C:\Program Files\QuickTime
2008-04-04 15:09 --------- d-----w C:\Program Files\AOL Compagnon
2008-04-04 15:00 --------- d-----w C:\Program Files\Fichiers communs\aolshare
2008-04-04 14:59 --------- d-----w D:\Documents and Settings\All Users\Application Data\AOL
2008-04-04 14:44 --------- d-----w C:\Program Files\AOL 9.0
2008-04-01 15:13 --------- d-----w D:\Documents and Settings\Amélie.vouin\Application Data\PlayFirst
2008-04-01 15:13 --------- d-----w D:\Documents and Settings\All Users\Application Data\PlayFirst
2008-03-27 13:20 --------- d-----w D:\Documents and Settings\Amélie.vouin\Application Data\Zylom
2008-03-25 15:04 --------- d-----w D:\Documents and Settings\Amélie.vouin\Application Data\GameHouse
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-06 19:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-06 19:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-06 19:32 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-03-03 19:59 --------- d-----w D:\Documents and Settings\Brigitte.vouin\Application Data\Corel
2008-03-01 16:28 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-28 14:23 --------- d-----w D:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-02-25 17:56 --------- d-----w D:\Documents and Settings\Amélie.vouin\Application Data\Fuzzy Games
2008-02-22 10:52 --------- d-----w D:\Documents and Settings\Bruno.vouin\Application Data\Talkback
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-16 15:28 --------- d-----w D:\Documents and Settings\Adeline\Application Data\Corel
2008-02-15 08:36 --------- d-----w D:\Documents and Settings\Amélie.vouin\Application Data\iWinArcade
2008-02-15 08:35 --------- d-----w D:\Documents and Settings\All Users\Application Data\iWin Games
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-09-20 11:11 5,072 ----a-w D:\Documents and Settings\Anaïs\Singles2Patch_1_2.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{566C6071-FBB6-490C-A333-E489DDE9424D}]
C:\WINDOWS\temlxopqrxg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 21:51 316784 --a------ C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-04-04 17:32 116088 --a------ C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-24 21:51 316784]
"{4126A715-7157-459A-BE7F-D19C9770E169}"= "C:\WINDOWS\vnbptxlf.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CLASSES_ROOT\clsid\{4126a715-7157-459a-be7f-d19c9770e169}]
[HKEY_CLASSES_ROOT\vnbptxlf.1]
[HKEY_CLASSES_ROOT\TypeLib\{CF66D2CE-E013-450D-939C-A1C12375A840}]
[HKEY_CLASSES_ROOT\vnbptxlf]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 21:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="C:\APPS\SMP\SmpSys.exe" [2005-11-17 10:51 975360]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 09:18 307200]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 15:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 15:00 455168]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-08-02 17:35 7110656]
"nwiz"="nwiz.exe" [2005-08-02 17:35 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-08-02 17:35 86016]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" []
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 16:55 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 13:25 14720000 C:\WINDOWS\RTHDCPL.EXE]
"Vade Retro Outlook Express"="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 14:03 310272]
"Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 12:43 90112]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 14:48 127118]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 15:00 208952]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31 24576]
"AOLSAV"="C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe" [2004-03-15 12:39 73728]
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2007-06-21 12:01 70952]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-08-24 23:07 51048]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 22:53 714608]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-03-16 20:26 180269]
"HostManager"="C:\Program Files\Fichiers communs\AOL\1207504784\ee\AOLSoftware.exe" [2006-09-26 02:52 50736]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-16 20:21 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15:00 15360]

D:\Documents and Settings\Brigitte\Menu D‚marrer\Programmes\D‚marrage\
OFFICE One 6.5.lnk - D:\OFFICE One6.5\user\program\quickstart.exe [2004-03-08 07:00:00 36864]

D:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
AOL 9.0 Ic“ne AOL.lnk - C:\Program Files\AOL 9.0a\aoltray.exe [2008-04-04 16:59:43 156784]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WinCD"= {2fa055ed-fe0b-471f-bdf6-04637515eb9e} - C:\WINDOWS\Resources\WinCD.dll [2008-04-08 17:01 12330]
"mgsvflkw"= {941D0DEA-6F65-42CE-8D63-51F14D9A02DF} - C:\WINDOWS\mgsvflkw.dll [ ]
"qdnkewfa"= {7860EDD8-E261-450B-A9F7-23928D94FFFF} - C:\WINDOWS\qdnkewfa.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AOL 9.0a\\waol.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\1207504784\\ee\\aolsoftware.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon []
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]

*Newly Created Service* - ATWPKT2
*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-10 09:30:00 C:\WINDOWS\Tasks\Configurer mon PC.job"
- C:\Apps\SMP\PCSETUP.EXE
"2008-04-10 09:30:00 C:\WINDOWS\Tasks\Extension de garantie.job"
- C:\APPS\SMP\PBCARNOT.EXE
"2008-04-10 09:30:00 C:\WINDOWS\Tasks\Master CD_DVD Creator.job"
- C:\Apps\SMP\MCDCHECK.EXE
"2008-04-07 18:55:10 C:\WINDOWS\Tasks\Norton Internet Security - Effectuer une analyse complète du système - Amélie.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
"2008-04-04 14:27:54 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-04-04 14:27:54 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-04-10 09:13:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 11:54:36
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AOLSAV = C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe?in.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\Resources\WinCD.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\Resources\WinCD.dll
.
Temps d'accomplissement: 2008-04-10 11:56:37
ComboFix-quarantined-files.txt 2008-04-10 09:56:14
Pre-Run: 21,180,604,416 octets libres
Post-Run: 21,162,663,936 octets libres
.
2008-04-10 06:51:01 --- E O F ---
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 9
g!rly Messages postés 18462 Statut Contributeur 406
 
ok

post un nouveau rapport hijack this stp

@+
0
Réponse 6 / 9
AshleySam Messages postés 135 Statut Membre 20
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:35, on 10/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\wanmpsvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\AOL\1207504784\ee\AOLSoftware.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\APPS\SMP\SmpSys.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\AOL 9.0a\aoltray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\sol.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = file://C:\APPS\IE\offline\fr.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DVA Media - {566C6071-FBB6-490C-A333-E489DDE9424D} - C:\WINDOWS\temlxopqrxg.dll (file missing)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Afficher Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: vnbptxlf - {4126A715-7157-459A-BE7F-D19C9770E169} - C:\WINDOWS\vnbptxlf.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1207504784\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-836209080-1763190458-1314662409-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Brigitte')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O21 - SSODL: WinCD - {2fa055ed-fe0b-471f-bdf6-04637515eb9e} - C:\WINDOWS\Resources\WinCD.dll
O21 - SSODL: mgsvflkw - {941D0DEA-6F65-42CE-8D63-51F14D9A02DF} - C:\WINDOWS\mgsvflkw.dll (file missing)
O21 - SSODL: qdnkewfa - {7860EDD8-E261-450B-A9F7-23928D94FFFF} - C:\WINDOWS\qdnkewfa.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
0
Réponse 7 / 9
g!rly Messages postés 18462 Statut Contributeur 406
 
ok

norton est-il bien actif, il me parait etre en hibernation ?!

A l´aide de hijack this coche et fix les lignes suivantes :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
O2 - BHO: DVA Media - {566C6071-FBB6-490C-A333-E489DDE9424D} - C:\WINDOWS\temlxopqrxg.dll (file missing)
O3 - Toolbar: vnbptxlf - {4126A715-7157-459A-BE7F-D19C9770E169} - C:\WINDOWS\vnbptxlf.dll (file missing)
O21 - SSODL: mgsvflkw - {941D0DEA-6F65-42CE-8D63-51F14D9A02DF} - C:\WINDOWS\mgsvflkw.dll (file missing)
O21 - SSODL: qdnkewfa - {7860EDD8-E261-450B-A9F7-23928D94FFFF} - C:\WINDOWS\qdnkewfa.dll (file missing)

comment fixer :

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

puis

ta version de acrobat reader n´est pas a jour, tu veux la version 8.1 derniere en date alors desinstale ta version par le panneau de configuration / ajoue et suppression de programme

et instale la derniere :

https://get2.adobe.com/reader/otherversions/

ou oublie completement acrobat reader et instales foxit plus léger a la place:

https://www.clubic.com/telecharger-fiche13808-foxit-reader.html

puis

Fais un scan avec cet antispyware :

Telecharge malwarebytes + tutoriel :

-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.

@+
0
Réponse 8 / 9
AshleySam Messages postés 135 Statut Membre 20
 
Désolé , je ne pouvais pas venir avant, mon problème à disparue, mon problème est donc réglé, merci de votre aide.
0
Réponse 9 / 9
g!rly Messages postés 18462 Statut Contributeur 406
 
tres bien;-)
0

Discussions similaires

Rétrodiffusion "Mail Delivery System"
baissaoui -
baissaoui -

0 réponse
comment faire si on a un mail delivery system
angeldu5954 -
angeldu5954 -

5 réponses
Avast HNS-SELF-WAN-ACCESS-IPV6
Astafor99 -
Astafor99 -

4 réponses
Ma messagerie est envahie de "mail delivery system"
noelotte -
Malekal_morte- -

2 réponses
System Fan (90B)
MaryMoumou -
G7 -

17 réponses