Problèmes avec l'ordi, virus?

Résolu
lilangel Messages postés 21 Date d'inscription   Statut Membre -  
 lilangel -
Bonjour,

Depuis quelques mois j'ai des problèmes avec mon ordinateur (pas trop grave) mais depuis plusieurs jours, sa situation empire: il y a beaucoup de sites internet auquels je ne peux pas accéder (hotmail, yahoo, google, laposte, ...), l'ordi et très lent, tous mes logiciels beuguent souvent. Pour y remédier, j'ai téléchargé divers logiciels conseillé (AVG 8.0 Anti-virus, AVG anti-spyware, Ad-Aware 2007) et j'ai fais des scans. Au début ils me trouvaient quelques virus que j'ai fait réparer. Maintenant, même avec des scans complets et lents de tout le disque, ils ne trouvent plus de fichiers infectés. J'ai aussi fait un scan en ligne (kasperky ou quelque chose comme ca) et il ne trouve rien d'anormal non plus. J'ai aussi défragmenté mon ordi en me disant que c'était peut-être à cause de ça la lenteur. je suis passée de 44% défragmenté à 11%. Malgré tout cela mon ordinateur ne va pas mieux. Que me conseillez-vous?

Merci d'avance.

Lilangel
Configuration: Windows XP
Firefox 2.0.0.3

79 réponses

  • 1
  • 2
  • 3
  • 4
Résumé de la discussion

La discussion porte sur une machine sous Windows XP confrontée à une lenteur générale et à l'impossibilité d'accéder à de nombreux sites web, malgré des scans antivirus. Plusieurs solutions proposées ciblent les infections et les entrées malveillantes, avec des outils comme SDFix ou OTMoveIt2 pour nettoyer le registre, les services et les fichiers suspects. D'autres méthodes évoquent des scans plus approfondis, la désactivation puis la réactivation de la restauration système, et l'intervention via des outils de diagnostic et des rapports détaillés. Une nuance utile est que certains scripts peuvent réapparaître après le redémarrage si des éléments persistent, ce qui justifie une vérification des services et des éléments autorun après nettoyage.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. lilangel Messages postés 21 Date d'inscription   Statut Membre
     
    Avec Multi Virus Cleaner 2008, je ne trouve aucune infection non plus.
    Aidez moi s'il vous plait!
    0
  2. Utilisateur anonyme
     
    Salut !

    → Télécharge TrendMicro™ HijackThis™

    Place le dans ' C:\programmes\ ' Une fois cela fait , merci de renommer l'icône ( clique droit > renommer )' Hijackthis.exe 'située dans le dossier dans C:\ , en ' HJT.exe ' <<<<<<<<< Important !!! <<<<<<<

    Le chemin d'accés du programme doit être ressemblant à celui-ci : C:\Programme\Trend Micro\Hijackthis\HJT.exe

    Ne pas renommer l'icône du raccourci sur le bureau bien entendu ...

    /!\ Ferme toute les fenêtres encore ouvertes , et déconnecte toi du web /!\

    → Puis lance-le et choisi l'option '' do a system scan and save a logfile '' et poste moi le rapport ( qui apparait sur le bloc-note )

    (CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    Tuto si tu n'y arrive pas : http://pageperso.aol.fr/balltrap34/demohijack.htm

    A+
    0
    1. lilangel Messages postés 21 Date d'inscription   Statut Membre
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 17:40:45, on 16/04/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.5730.0011)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\Program Files\Fichiers communs\Virtual Token\vtserver.exe
      C:\WINDOWS\system32\ibmpmsvc.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
      C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\IPSSVC.EXE
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
      C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
      C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
      C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
      C:\WINDOWS\system32\tcpsvcs.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\PROGRA~1\AVG\AVG8\avgam.exe
      C:\PROGRA~1\AVG\AVG8\avgrsx.exe
      C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\AVG\AVG8\avgnsx.exe
      C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
      C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
      C:\WINDOWS\System32\TPHDEXLG.EXE
      C:\WINDOWS\system32\TpKmpSVC.exe
      C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
      C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
      C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
      C:\WINDOWS\system32\UStorSrv.exe
      C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
      C:\WINDOWS\system32\TpShocks.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      C:\PROGRA~1\AVG\AVG8\avgtray.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\WINDOWS\system32\Rundll32.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
      C:\Program Files\Digital Line Detect\DLG.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
      C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\Program Files\Trend Micro\HijackThis\HJT.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Mistral\LOCALS~1\Temp\services.exe
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {1cf769ef-d491-496f-ad6d-ceb0bd3786be} - (no file)
      O2 - BHO: (no name) - {3366718F-5DBE-4E95-B8C3-A9103D458C8E} - (no file)
      O2 - BHO: {34dd5d05-696b-ad09-8874-407f2becf583} - {385fceb2-f704-4788-90da-b69650d5dd43} - (no file)
      O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
      O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - (no file)
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
      O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
      O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
      O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
      O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
      O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
      O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
      O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
      O4 - HKLM\..\Run: [BMf750a693] Rundll32.exe "C:\WINDOWS\system32\fwufsury.dll",s
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: BTTray.lnk = ?
      O4 - Global Startup: Digital Line Detect.lnk = ?
      O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
      O9 - Extra button: Mise à jour de logiciels ThinkPad - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O11 - Options group: [JAVA_IBM] Java (IBM)
      O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
      O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
      O12 - Plugin for .mut: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
      O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
      O15 - Trusted Zone: http://a248.e.akamai.net
      O15 - Trusted Zone: http://*.bitdefender.com
      O15 - Trusted Zone: http://ssl-hints.netflame.cc
      O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
      O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
      O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{36480FE8-4CA6-46A8-8C1F-911374E6A7FA}: NameServer = 192.168.1.1,192.168.2.1
      O17 - HKLM\System\CCS\Services\Tcpip\..\{85CF80E0-6F20-4649-BD89-E4D0280D98B8}: NameServer = 192.168.1.1
      O17 - HKLM\System\CCS\Services\Tcpip\..\{984C6453-2795-4A2A-BAD9-F018B3C31D09}: NameServer = 192.168.3.1,192.168.4.1
      O17 - HKLM\System\CS1\Services\Tcpip\..\{36480FE8-4CA6-46A8-8C1F-911374E6A7FA}: NameServer = 192.168.1.1,192.168.2.1
      O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
      O20 - AppInit_DLLs: avgrsstx.dll
      O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
      O20 - Winlogon Notify: fsmvil - fsmvil.dll (file missing)
      O20 - Winlogon Notify: mljihii - mljihii.dll (file missing)
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
      O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
      O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
      O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
      O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
      O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
      O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
      O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qwerty12.exe (file missing)
      O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Service de base IPS (IPSSVC) - Lenovo Ltd. - C:\WINDOWS\system32\IPSSVC.EXE
      O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
      O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
      O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
      O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
      O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
      O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
      O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
      O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
      O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
      O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
      O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
      O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Fichiers communs\Virtual Token\vtserver.exe
      O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\WinVNC.exe (file missing)
      0
  3. Utilisateur anonyme
     
    Bonjour à toi aussi ...

    → Télécharge SDFix et sauvegarde le sur ton Bureau.

    → Redémarre en MSE

    Autre tutorials pour MSE :

    https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php
    http://www.coupdepoucepc.com/modules/news/article.php?storyid=253

    → Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd ( ou Runthis.bat ) pour lancer le scrïpt.
    → Appuie sur Y pour commencer le processus de nettoyage.
    → Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    → Appuie sur une touche pour redémarrer le PC.
    → Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    → Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    → Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.
    → Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    Poste moi le rapport.

    (CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    a+
    0
    1. lilangel Messages postés 21 Date d'inscription   Statut Membre
       
      Désolée... Bonjour,

      oki je vais faire ca, merci de m'aider. Je risque d'en avoir pour un moment vu que déjà d'habitude il met 15 min pour s'allumer^^ Je poste ca tout de suite après.

      A+
      0
  4. lilangel Messages postés 21 Date d'inscription   Statut Membre
     
    Voila c'est fait:

    [b]SDFix: Version 1.171 [/b]
    Run by Mistral on 16/04/2008 at 18:10

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\SDFix

    [b]Checking Services [/b]:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting

    [b]Checking Files [/b]:

    Trojan Files Found:

    C:\WINDOWS\system32\tmp275.tmp.dll - Deleted
    C:\WINDOWS\system32\real.txt - Deleted

    Removing Temp Files

    [b]ADS Check [/b]:

    [b]Final Check [/b]:

    catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-16 18:44:11
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 182

    [b]Remaining Services [/b]:

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe"="C:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe:*:Enabled:ThinkVantage System Update"
    "C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
    "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
    "C:\\Program Files\\Fichiers communs\\AOL\\1167670222\\ee\\aolsoftware.exe"="C:\\Program Files\\Fichiers communs\\AOL\\1167670222\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
    "C:\\Program Files\\Fichiers communs\\AOL\\1167670222\\ee\\aim6.exe"="C:\\Program Files\\Fichiers communs\\AOL\\1167670222\\ee\\aim6.exe:*:Enabled:AIM"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\DOCUME~1\\Mistral\\LOCALS~1\\Temp\\tmp318.tmp.exe"="C:\\DOCUME~1\\Mistral\\LOCALS~1\\Te"
    "C:\\WINDOWS\\system32\\qwerty12.exe"="C:\\WINDOWS\\system32\\qwe"
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
    "C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe"="C:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe:*:Enabled:ThinkVantage System Update"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    [b]Remaining Files [/b]:

    File Backups: - C:\SDFix\backups\backups.zip

    [b]Files with Hidden Attributes [/b]:

    Sun 13 May 2007 2,840,184 ..SH. --- "C:\WINDOWS\bbdddd.tmp"
    Fri 8 Jun 2007 963,739 ..SH. --- "C:\WINDOWS\defilm.tmp"
    Tue 25 Dec 2007 2,309,891 ..SH. --- "C:\WINDOWS\uttwyb.tmp"
    Tue 25 Jul 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Fri 1 Feb 2008 8,914,432 ...H. --- "C:\Documents and Settings\Mistral\Bureau\~WRL3626.tmp"
    Mon 1 Jan 2007 1,603 ...H. --- "C:\Program Files\Fichiers communs\AOL\IPHSend\IPH.BAK"
    Sat 29 Dec 2007 337,920 A..H. --- "C:\Documents and Settings\Mistral\Bureau\usb\TPE\~WRL0005.tmp"
    Sun 30 Dec 2007 350,208 A..H. --- "C:\Documents and Settings\Mistral\Bureau\usb\TPE\~WRL0192.tmp"
    Sun 30 Dec 2007 337,920 A..H. --- "C:\Documents and Settings\Mistral\Bureau\usb\TPE\~WRL0298.tmp"
    Sun 30 Dec 2007 349,696 A..H. --- "C:\Documents and Settings\Mistral\Bureau\usb\TPE\~WRL0411.tmp"
    Sun 30 Dec 2007 349,696 A..H. --- "C:\Documents and Settings\Mistral\Bureau\usb\TPE\~WRL1626.tmp"
    Sun 30 Dec 2007 349,184 A..H. --- "C:\Documents and Settings\Mistral\Bureau\usb\TPE\~WRL2903.tmp"
    Thu 20 Dec 2007 360,448 A..H. --- "C:\Documents and Settings\Mistral\Bureau\usb\TPE\~WRL3222.tmp"
    Thu 1 Nov 2007 6,707,200 A..H. --- "C:\Documents and Settings\Mistral\Bureau\usb\TPE\~WRL3436.tmp"
    Sun 30 Dec 2007 337,920 A..H. --- "C:\Documents and Settings\Mistral\Bureau\usb\TPE\~WRL3515.tmp"
    Sun 30 Dec 2007 350,208 A..H. --- "C:\Documents and Settings\Mistral\Bureau\usb\TPE\~WRL3994.tmp"
    Sun 30 Dec 2007 349,696 A..H. --- "C:\Documents and Settings\Mistral\Bureau\usb\TPE\~WRL4018.tmp"
    Thu 20 Dec 2007 360,448 A..H. --- "C:\Documents and Settings\Mistral\Bureau\usb\TPE1\~WRL3222.tmp"

    [b]Finished![/b]

    A+
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    Tu me reposte un rapport Hijackthis stp ?

    ++
    0
    1. lilangel Messages postés 21 Date d'inscription   Statut Membre
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 19:31:39, on 16/04/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.5730.0011)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\Program Files\Fichiers communs\Virtual Token\vtserver.exe
      C:\WINDOWS\system32\ibmpmsvc.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
      C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\IPSSVC.EXE
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
      C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
      C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
      C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
      C:\WINDOWS\system32\tcpsvcs.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\AVG\AVG8\avgam.exe
      C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
      C:\PROGRA~1\AVG\AVG8\avgrsx.exe
      C:\PROGRA~1\AVG\AVG8\avgnsx.exe
      C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
      C:\WINDOWS\System32\TPHDEXLG.EXE
      C:\WINDOWS\system32\TpKmpSVC.exe
      C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
      C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
      C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
      C:\WINDOWS\system32\UStorSrv.exe
      C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
      C:\WINDOWS\system32\notepad.exe
      C:\WINDOWS\system32\TpShocks.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      C:\PROGRA~1\AVG\AVG8\avgtray.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\WINDOWS\system32\Rundll32.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
      C:\Program Files\Digital Line Detect\DLG.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\Program Files\Trend Micro\HijackThis\HJT.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {1cf769ef-d491-496f-ad6d-ceb0bd3786be} - (no file)
      O2 - BHO: (no name) - {3366718F-5DBE-4E95-B8C3-A9103D458C8E} - (no file)
      O2 - BHO: {34dd5d05-696b-ad09-8874-407f2becf583} - {385fceb2-f704-4788-90da-b69650d5dd43} - (no file)
      O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
      O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - (no file)
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
      O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
      O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
      O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
      O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
      O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
      O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
      O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
      O4 - HKLM\..\Run: [BMf750a693] Rundll32.exe "C:\WINDOWS\system32\fwufsury.dll",s
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: BTTray.lnk = ?
      O4 - Global Startup: Digital Line Detect.lnk = ?
      O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
      O9 - Extra button: Mise à jour de logiciels ThinkPad - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O11 - Options group: [JAVA_IBM] Java (IBM)
      O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
      O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
      O12 - Plugin for .mut: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
      O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
      O15 - Trusted Zone: http://a248.e.akamai.net
      O15 - Trusted Zone: http://*.bitdefender.com
      O15 - Trusted Zone: http://ssl-hints.netflame.cc
      O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
      O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
      O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{36480FE8-4CA6-46A8-8C1F-911374E6A7FA}: NameServer = 192.168.1.1,192.168.2.1
      O17 - HKLM\System\CCS\Services\Tcpip\..\{85CF80E0-6F20-4649-BD89-E4D0280D98B8}: NameServer = 192.168.1.1
      O17 - HKLM\System\CCS\Services\Tcpip\..\{984C6453-2795-4A2A-BAD9-F018B3C31D09}: NameServer = 192.168.3.1,192.168.4.1
      O17 - HKLM\System\CS1\Services\Tcpip\..\{36480FE8-4CA6-46A8-8C1F-911374E6A7FA}: NameServer = 192.168.1.1,192.168.2.1
      O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
      O20 - AppInit_DLLs: avgrsstx.dll
      O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
      O20 - Winlogon Notify: fsmvil - fsmvil.dll (file missing)
      O20 - Winlogon Notify: mljihii - mljihii.dll (file missing)
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
      O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
      O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
      O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
      O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
      O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
      O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
      O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qwerty12.exe (file missing)
      O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Service de base IPS (IPSSVC) - Lenovo Ltd. - C:\WINDOWS\system32\IPSSVC.EXE
      O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
      O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
      O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
      O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
      O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
      O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
      O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
      O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
      O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
      O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
      O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
      O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Fichiers communs\Virtual Token\vtserver.exe
      O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\WinVNC.exe (file missing)
      0
  7. Utilisateur anonyme
     
    Re ,

    Y a du ménage à faire. Beaucoup même.

    *****************************************************

    → Relance hijackthis , en menu principal choisis ' Do a system scan ' Et fixe ces/cette ligne(s) : ( coche la case à leurs gauches )

    O2 - BHO: (no name) - {1cf769ef-d491-496f-ad6d-ceb0bd3786be} - (no file)
    O2 - BHO: (no name) - {3366718F-5DBE-4E95-B8C3-A9103D458C8E} - (no file)
    O2 - BHO: {34dd5d05-696b-ad09-8874-407f2becf583} - {385fceb2-f704-4788-90da-b69650d5dd43} - (no file)
    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - (no file)
    O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
    O20 - Winlogon Notify: fsmvil - fsmvil.dll (file missing)
    O20 - Winlogon Notify: mljihii - mljihii.dll (file missing)


    Ferme toutes les fenêtres (hormis Hijackthis), y compris ton navigateur web.

    → clique sur ' fixchecked '

    ***********************************************

    /!\ Outils très puissant , ne pas reproduire la manip ci-dessous sur son pc sans y avoir été autorisé par une personne compétente /!\

    Désactive ta restauration système
    Clic sur « Démarrer »
    Clic droit sur « Poste de travail », puis sur « Propriétés »,
    Vas sur l’onglet « Restauration système »
    Tu y coches la case « Désactiver la restauration »
    Termine par [Appliquer] [OK]


    Télécharge ComboFix ici → http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    Et enregistre le sur le bureau >>> /!\ IMPORTANT /!\

    Regardes ici, si tu souhaites te familiariser avec son utilisation: https://www.google.fr/?gws_rd=ssl

    AVANT d'utiliser ComboFix :
    → Déconnecte ton PC d'Internet et referme les fenêtres de tous les programmes en cours. /!\
    → Désactive provisoirement (et seulement le temps de l'utilisation de ComboFix), la protection en temps réel de ton Antivirus et de tes Antispywares et de TOUT tes logiciels de protection !!!, (activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil). /!\

    Sur ton bureau double clic sur Combofix.exe.
    Appuies sur la touche 1, pour que le programme commence à s'exécuter et suis les instructions à l'écran.

    /!\ PENDANT TOUTE la durée (ça peut être assez long si le pc est très infecté) du scan de ComboFix, n'ouvres aucun programme, ne touche pas à ta souris et ne surfe pas sur le net /!\

    Soit patient (même si tu penses que le PC est arrêté) ; les temps « d'arrêt apparent » sont parfois de plusieurs minutes (il y a ± 40 étapes d’analyse).

    En cours de nettoyage il est possible, que tu reçoives un avertissement te disant que le pc va redémarrer, laisse le faire.

    Après le redemarrage du pc, un rapport s'ouvrira dans le Bloc notes en fin d'analyse, copie et colle tout son contenu dans ton prochain message.

    (Le fichier rapport Combofix.txt , est ensuite automatiquement sauvegardé dans C:\Combofix.txt)

    Ensuite réactive ta restauration système
    Clic droit sur « Poste de travail », puis sur « Propriétés »,
    Vas sur l’onglet « Restauration système »
    Tu décoches la case « Désactiver la restauration »
    Termine par [Appliquer] [OK]


    Tutorial ( aide ):

    http://bibou0007.com/outils-specifiques-f78/tutorial-combofix-t121.htm

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    A+
    0
  8. lilangel Messages postés 21 Date d'inscription   Statut Membre
     
    Rebonjour,

    voila le rapport:

    ComboFix 08-04-15.8 - Mistral 2008-04-16 20:27:00.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.454 [GMT 2:00]
    Endroit: C:\Documents and Settings\Mistral\Bureau\ComboFix.exe

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\bold.log
    C:\Program Files\Conquer 2.0\c3\[u]0[/u]003\611\_desktop.ini
    C:\Program Files\Conquer 2.0\c3\[u]0[/u]003\741\_desktop.ini
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\Downloaded Program Files\setup.inf
    C:\WINDOWS\install.exe
    C:\WINDOWS\msettings.ini
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\aowgebqt.ini
    C:\WINDOWS\system32\edtnllpq.ini
    C:\WINDOWS\system32\fwufsury.dll
    C:\WINDOWS\system32\glmjicay.ini
    C:\WINDOWS\system32\hckiasbn.ini
    C:\WINDOWS\system32\hjkkj.ini
    C:\WINDOWS\system32\hjkkj.ini2
    C:\WINDOWS\system32\iggajnhg.ini
    C:\WINDOWS\system32\imujphfa.ini
    C:\WINDOWS\system32\ipfjtith.ini
    C:\WINDOWS\system32\ipqkhalp.ini
    C:\WINDOWS\system32\ivdvahko.ini
    C:\WINDOWS\system32\ivgccdif.ini
    C:\WINDOWS\system32\ixdawwlo.ini
    C:\WINDOWS\system32\khndkwxn.ini
    C:\WINDOWS\system32\ktqxjqhs.ini
    C:\WINDOWS\system32\lllaossc.ini
    C:\WINDOWS\system32\lnrbaqvg.ini
    C:\WINDOWS\system32\ltwtflda.ini
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\negdthwr.ini
    C:\WINDOWS\system32\nlvhpcft.ini
    C:\WINDOWS\system32\odyetklb.ini
    C:\WINDOWS\system32\omttkrwv.ini
    C:\WINDOWS\system32\ormkuiki.ini
    C:\WINDOWS\system32\ovutnqvg.ini
    C:\WINDOWS\system32\qbiajufx.ini
    C:\WINDOWS\system32\qmacbqhy.ini
    C:\WINDOWS\system32\qusmapae.ini
    C:\WINDOWS\system32\ratadlbl.ini
    C:\WINDOWS\system32\rkgejcrr.ini
    C:\WINDOWS\system32\rwtfomho.ini
    C:\WINDOWS\system32\sabnovdb.ini
    C:\WINDOWS\system32\sgqnghmc.ini
    C:\WINDOWS\system32\tjwtepiy.ini
    C:\WINDOWS\system32\tpltgsdp.ini
    C:\WINDOWS\system32\tsixpjpp.ini
    C:\WINDOWS\system32\vaosyccc.ini
    C:\WINDOWS\system32\wdwrfgeb.ini
    C:\WINDOWS\system32\xrpnfvun.ini
    C:\WINDOWS\system32\ynrnwuqd.ini
    C:\WINDOWS\system32\yunnqvui.ini

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_DOMAINSERVICE
    -------\Service_DomainService

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-16 to 2008-04-16 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-16 18:07 . 2008-04-16 18:07 <REP> d-------- C:\WINDOWS\ERUNT
    2008-04-16 18:06 . 2008-04-16 18:49 <REP> d-------- C:\SDFix
    2008-04-15 20:56 . 2008-04-15 20:56 <REP> d-------- C:\Program Files\AxBx
    2008-04-14 15:15 . 2008-04-14 15:15 <REP> d-------- C:\Program Files\Lavasoft
    2008-04-14 15:15 . 2008-04-14 15:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-04-14 15:01 . 2008-04-14 15:01 <REP> d-------- C:\Program Files\Windows Live Safety Center
    2008-04-14 14:20 . 2008-04-14 14:20 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-04-14 13:43 . 2008-04-14 13:43 <REP> d-------- C:\Program Files\Trend Micro
    2008-04-14 10:09 . 2008-04-14 10:09 <REP> d-------- C:\Documents and Settings\Mistral\Application Data\Grisoft
    2008-04-14 10:09 . 2008-04-14 10:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-04-14 10:09 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-04-13 21:09 . 2004-08-04 00:54 116,736 --a------ C:\WINDOWS\system32\dllcache\xrxwiadr.dll
    2008-04-13 21:09 . 2001-08-23 17:47 99,865 --a------ C:\WINDOWS\system32\dllcache\xlog.exe
    2008-04-13 21:09 . 2004-08-05 05:00 28,288 --a------ C:\WINDOWS\system32\dllcache\xjis.nls
    2008-04-13 21:09 . 2001-08-23 17:47 27,648 --a------ C:\WINDOWS\system32\dllcache\xrxftplt.exe
    2008-04-13 21:09 . 2001-08-23 17:47 23,040 --a------ C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
    2008-04-13 21:09 . 2004-08-03 22:29 19,455 --a------ C:\WINDOWS\system32\dllcache\wvchntxx.sys
    2008-04-13 21:09 . 2001-08-23 17:47 17,408 --a------ C:\WINDOWS\system32\dllcache\xrxscnui.dll
    2008-04-13 21:09 . 2001-08-17 20:11 16,970 --a------ C:\WINDOWS\system32\dllcache\xem336n5.sys
    2008-04-13 21:09 . 2004-08-03 22:29 12,063 --a------ C:\WINDOWS\system32\dllcache\wsiintxx.sys
    2008-04-13 21:09 . 2001-08-23 17:47 4,608 --a------ C:\WINDOWS\system32\dllcache\xrxflnch.exe
    2008-04-13 21:08 . 2004-08-05 05:00 156,672 --a------ C:\WINDOWS\system32\dllcache\winzm.ime
    2008-04-13 21:08 . 2004-08-05 05:00 156,672 --a------ C:\WINDOWS\system32\dllcache\winsp.ime
    2008-04-13 21:08 . 2004-08-05 05:00 156,672 --a------ C:\WINDOWS\system32\dllcache\winpy.ime
    2008-04-13 21:08 . 2004-08-03 22:31 154,624 --a------ C:\WINDOWS\system32\dllcache\wlluc48.sys
    2008-04-13 21:08 . 2004-08-05 05:00 79,360 --a------ C:\WINDOWS\system32\dllcache\winar30.ime
    2008-04-13 21:08 . 2004-08-05 05:00 69,120 --a------ C:\WINDOWS\system32\dllcache\wingb.ime
    2008-04-13 21:08 . 2004-08-05 05:00 65,536 --a------ C:\WINDOWS\system32\dllcache\winime.ime
    2008-04-13 21:08 . 2001-08-23 17:05 35,402 --a------ C:\WINDOWS\system32\dllcache\wlandrv2.sys
    2008-04-13 21:08 . 2004-08-03 23:07 8,832 --a------ C:\WINDOWS\system32\dllcache\wmiacpi.sys
    2008-04-13 21:06 . 2001-08-17 21:28 765,884 --a------ C:\WINDOWS\system32\dllcache\usrti.sys
    2008-04-13 21:05 . 2001-08-17 21:28 794,654 --a------ C:\WINDOWS\system32\dllcache\usr1801.sys
    2008-04-13 21:04 . 2001-08-23 17:47 525,568 --a------ C:\WINDOWS\system32\dllcache\tridxp.dll
    2008-04-13 21:03 . 2004-08-05 05:00 571,392 --a------ C:\WINDOWS\system32\dllcache\tintlgnt.ime
    2008-04-13 21:02 . 2004-08-03 23:00 149,376 --a------ C:\WINDOWS\system32\dllcache\tffsport.sys
    2008-04-13 21:02 . 2001-08-23 17:46 81,408 --a------ C:\WINDOWS\system32\dllcache\tgiul50.dll
    2008-04-13 21:02 . 2001-08-17 20:13 37,961 --a------ C:\WINDOWS\system32\dllcache\tdk100b.sys
    2008-04-13 21:02 . 2001-08-17 20:50 36,640 --a------ C:\WINDOWS\system32\dllcache\t2r4mini.sys
    2008-04-13 21:02 . 2001-08-17 21:49 30,464 --a------ C:\WINDOWS\system32\dllcache\tbatm155.sys
    2008-04-13 21:02 . 2004-08-05 05:00 21,896 --a------ C:\WINDOWS\system32\dllcache\tdipx.sys
    2008-04-13 21:02 . 2004-08-05 05:00 19,464 --a------ C:\WINDOWS\system32\dllcache\tdspx.sys
    2008-04-13 21:02 . 2001-08-17 20:13 17,129 --a------ C:\WINDOWS\system32\dllcache\tdkcd31.sys
    2008-04-13 21:02 . 2004-08-05 05:00 13,192 --a------ C:\WINDOWS\system32\dllcache\tdasync.sys
    2008-04-13 21:02 . 2001-08-17 21:52 7,040 --a------ C:\WINDOWS\system32\dllcache\tandqic.sys
    2008-04-13 21:01 . 2001-08-23 17:46 172,768 --a------ C:\WINDOWS\system32\dllcache\t2r4disp.dll
    2008-04-13 21:01 . 2001-08-17 21:50 103,936 --a------ C:\WINDOWS\system32\dllcache\sx.sys
    2008-04-13 21:01 . 2001-08-23 17:47 94,293 --a------ C:\WINDOWS\system32\dllcache\sxports.dll
    2008-04-13 21:01 . 2001-08-23 17:47 53,760 --a------ C:\WINDOWS\system32\dllcache\sw_wheel.dll
    2008-04-13 21:01 . 2001-08-23 17:47 41,472 --a------ C:\WINDOWS\system32\dllcache\sw_effct.dll
    2008-04-13 21:01 . 2001-08-23 17:47 10,240 --a------ C:\WINDOWS\system32\dllcache\swpidflt.dll
    2008-04-13 21:01 . 2001-08-23 17:47 10,240 --a------ C:\WINDOWS\system32\dllcache\swpdflt2.dll
    2008-04-13 21:01 . 2001-08-17 22:02 3,968 --a------ C:\WINDOWS\system32\dllcache\swusbflt.sys
    2008-04-13 20:59 . 2004-08-05 05:00 466,944 --a------ C:\WINDOWS\system32\dllcache\smtpsvc.dll
    2008-04-13 20:58 . 2004-08-03 22:41 404,990 --a------ C:\WINDOWS\system32\dllcache\slntamr.sys
    2008-04-13 20:57 . 2001-08-23 17:46 386,560 --a------ C:\WINDOWS\system32\dllcache\sgiul50.dll
    2008-04-13 20:57 . 2001-08-23 17:21 161,664 --a------ C:\WINDOWS\system32\dllcache\sgsmusb.sys
    2008-04-13 20:57 . 2001-08-17 20:50 101,760 --a------ C:\WINDOWS\system32\dllcache\sis300ip.sys
    2008-04-13 20:57 . 2001-08-17 20:51 98,080 --a------ C:\WINDOWS\system32\dllcache\sgiulnt5.sys
    2008-04-13 20:57 . 2004-08-05 05:00 18,944 --a------ C:\WINDOWS\system32\dllcache\simptcp.dll
    2008-04-13 20:57 . 2001-07-21 22:29 18,400 --a------ C:\WINDOWS\system32\dllcache\sgsmld.sys
    2008-04-13 20:57 . 2004-08-04 00:54 3,901 --a------ C:\WINDOWS\system32\dllcache\siint5.dll
    2008-04-13 20:56 . 2001-08-23 17:47 57,856 --a------ C:\WINDOWS\system32\dllcache\EXCH_scripto.dll
    2008-04-13 20:56 . 2001-08-17 20:19 36,480 --a------ C:\WINDOWS\system32\dllcache\sfmanm.sys
    2008-04-13 20:56 . 2001-08-23 17:47 26,112 --a------ C:\WINDOWS\system32\dllcache\EXCH_seos.dll
    2008-04-13 20:56 . 2001-08-23 17:20 18,432 --a------ C:\WINDOWS\system32\dllcache\sermouse.sys
    2008-04-13 20:56 . 2001-08-17 21:52 11,648 --a------ C:\WINDOWS\system32\dllcache\scsiprnt.sys
    2008-04-13 20:56 . 2001-08-17 21:53 10,880 --a------ C:\WINDOWS\system32\dllcache\scsiscan.sys
    2008-04-13 20:56 . 2001-08-23 17:20 6,912 --a------ C:\WINDOWS\system32\dllcache\serscan.sys
    2008-04-13 20:56 . 2001-08-17 21:53 6,912 --a------ C:\WINDOWS\system32\dllcache\seaddsmc.sys
    2008-04-13 20:55 . 2001-08-23 17:47 495,616 --a------ C:\WINDOWS\system32\dllcache\sblfx.dll
    2008-04-13 20:55 . 2001-08-17 20:50 75,392 --a------ C:\WINDOWS\system32\dllcache\s3savmxm.sys
    2008-04-13 20:55 . 2004-08-03 22:59 43,136 --a------ C:\WINDOWS\system32\dllcache\sbp2port.sys
    2008-04-13 20:55 . 2001-08-23 17:20 24,064 --a------ C:\WINDOWS\system32\dllcache\sccmn50m.sys
    2008-04-13 20:55 . 2001-08-17 21:51 23,936 --a------ C:\WINDOWS\system32\dllcache\sccmusbm.sys
    2008-04-13 20:55 . 2001-08-23 17:20 17,536 --a------ C:\WINDOWS\system32\dllcache\scr111.sys
    2008-04-13 20:55 . 2001-08-23 17:20 16,768 --a------ C:\WINDOWS\system32\dllcache\scmstcs.sys
    2008-04-13 20:53 . 2001-08-23 17:18 899,914 --a------ C:\WINDOWS\system32\dllcache\r2mdkxga.sys
    2008-04-13 20:52 . 2004-08-05 05:00 482,304 --a------ C:\WINDOWS\system32\dllcache\pintlgnt.ime
    2008-04-13 20:51 . 2004-08-04 00:53 259,328 --a------ C:\WINDOWS\system32\dllcache\perm3dd.dll
    2008-04-13 20:50 . 2001-08-17 22:05 351,616 --a------ C:\WINDOWS\system32\dllcache\ovcodek2.sys
    2008-04-13 20:50 . 2001-08-23 17:47 116,736 --a------ C:\WINDOWS\system32\dllcache\ovcodec2.dll
    2008-04-13 20:50 . 2001-08-23 17:15 54,954 --a------ C:\WINDOWS\system32\dllcache\otcsercb.sys
    2008-04-13 20:50 . 2001-08-17 22:05 48,000 --a------ C:\WINDOWS\system32\dllcache\ovcam2.sys
    2008-04-13 20:50 . 2001-08-23 17:47 39,424 --a------ C:\WINDOWS\system32\dllcache\ovcoms.exe
    2008-04-13 20:50 . 2001-08-17 22:05 31,872 --a------ C:\WINDOWS\system32\dllcache\ovce.sys
    2008-04-13 20:50 . 2001-08-17 22:05 28,032 --a------ C:\WINDOWS\system32\dllcache\ovcd.sys
    2008-04-13 20:50 . 2001-08-17 22:05 25,088 --a------ C:\WINDOWS\system32\dllcache\ovca.sys
    2008-04-13 20:50 . 2001-08-23 17:47 20,480 --a------ C:\WINDOWS\system32\dllcache\ovcomc.dll
    2008-04-13 20:49 . 2001-08-17 20:50 198,144 --a------ C:\WINDOWS\system32\dllcache\nv3.sys
    2008-04-13 20:49 . 2001-08-23 17:46 123,776 --a------ C:\WINDOWS\system32\dllcache\nv3.dll
    2008-04-13 20:49 . 2001-08-17 20:20 54,528 --a------ C:\WINDOWS\system32\dllcache\opl3sax.sys
    2008-04-13 20:49 . 2001-08-23 17:15 44,297 --a------ C:\WINDOWS\system32\dllcache\otceth5.sys
    2008-04-13 20:49 . 2001-08-17 20:12 27,209 --a------ C:\WINDOWS\system32\dllcache\otc06x5.sys
    2008-04-13 20:48 . 2004-08-03 22:41 180,360 --a------ C:\WINDOWS\system32\dllcache\ntmtlfax.sys
    2008-04-13 20:48 . 2004-08-04 00:47 132,695 --a------ C:\WINDOWS\system32\dllcache\netwlan5.sys
    2008-04-13 20:48 . 2001-08-17 20:20 126,080 --a------ C:\WINDOWS\system32\dllcache\nm5a2wdm.sys
    2008-04-13 20:48 . 2001-08-17 20:20 87,040 --a------ C:\WINDOWS\system32\dllcache\nm6wdm.sys
    2008-04-13 20:48 . 2001-08-23 17:10 66,302 --a------ C:\WINDOWS\system32\dllcache\netflx3.sys
    2008-04-13 20:48 . 2001-08-17 20:49 51,552 --a------ C:\WINDOWS\system32\dllcache\ntgrip.sys
    2008-04-13 20:48 . 2001-08-23 17:47 38,912 --a------ C:\WINDOWS\system32\dllcache\EXCH_ntfsdrv.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-16 18:35 178,292 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
    2008-04-16 18:35 15,149,088 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
    2008-04-15 16:39 --------- d-----w C:\Program Files\Conquer 2.0
    2008-04-15 16:37 --------- d-----w C:\Program Files\RealVNC
    2008-04-15 16:36 --------- d-----w C:\Program Files\Fichiers communs\Real
    2008-04-14 18:43 --------- d-----w C:\Documents and Settings\Mistral\Application Data\OpenOffice.org2
    2008-04-14 13:13 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-04-13 08:10 5,427 ----a-w C:\WINDOWS\system32\EGATHDRV.SYS
    2008-04-06 20:59 397,824 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
    2008-04-06 20:59 1,488,896 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
    2008-04-06 16:04 94,208 ----a-w C:\WINDOWS\DUMP69e5.tmp
    2008-04-06 16:03 1,222,144 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
    2008-04-03 20:33 458,240 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
    2008-04-03 20:33 1,486,336 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
    2008-04-02 19:40 2,816,000 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
    2008-03-18 21:51 2,680,832 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
    2008-03-18 21:51 1,478,656 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
    2008-03-11 12:31 --------- d-----w C:\Program Files\CCleaner
    2008-03-09 17:42 1,677,824 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
    2008-03-09 17:42 1,470,976 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
    2008-03-05 21:25 105,984 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
    2008-03-05 21:25 1,469,440 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
    2008-03-05 21:20 2,858,496 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
    2008-03-05 21:20 1,468,928 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
    2008-02-27 12:27 --------- d-----w C:\Program Files\DivX
    2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2007-06-20 11:36 47,868 ----a-w C:\Program Files\unrar.exe
    2005-05-11 21:36 12,288 ------w C:\WINDOWS\Fonts\RandFont.dll
    2007-05-16 11:16 2,840,244 --sh--w C:\WINDOWS\bbdddd.ini2
    .

    ((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ----a-w 307,200 2005-10-24 13:53:40 C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe

    ------w 0 1601-01-01 00:00:00 C:\Program Files\Adobe\Photoshop Album Edition DÚcouverte\3.0\Apps\bak\

    ----a-w 344,064 2005-07-28 19:15:00 C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe

    ----a-w 196,696 2005-09-26 14:11:04 C:\Program Files\Diskeeper Corporation\Diskeeper\bak\DkIcon.exe
    ----a-w 196,696 2005-09-26 14:11:04 C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe

    ----a-w 50,760 2006-05-25 14:35:42 C:\Program Files\Fichiers communs\AOL\1167670222\ee\bak\AOLSoftware.exe

    ----a-w 124,520 2006-02-17 16:59:46 C:\Program Files\Fichiers communs\AOL\IPHSend\bak\IPHSend.exe

    ----a-w 50,760 2006-05-25 14:35:40 C:\Program Files\Fichiers communs\AOL\Launch\bak\AOLLaunch.exe

    ----a-w 81,920 2004-07-27 14:50:18 C:\Program Files\Fichiers communs\InstallShield\UpdateService\bak\issch.exe

    ----a-w 221,184 2004-07-27 14:50:42 C:\Program Files\Fichiers communs\InstallShield\UpdateService\bak\ISUSPM.exe

    ----a-w 180,269 2006-05-24 15:18:49 C:\Program Files\Fichiers communs\Real\Update_OB\bak\realsched.exe

    ----a-w 48,752 2005-07-12 10:35:38 C:\Program Files\Fichiers communs\Symantec Shared\bak\ccApp.exe

    ----a-w 49,152 2005-05-11 21:12:54 C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe

    ----a-w 1,988,144 2005-08-02 16:52:40 C:\Program Files\IBM ThinkVantage\Client Security Solution\bak\cssauth.exe

    ----a-r 49,152 2005-07-07 13:22:54 C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\bak\pdservice.exe

    ----a-w 278,528 2006-06-14 14:24:14 C:\Program Files\iTunes\bak\iTunesHelper.exe

    ----a-w 36,975 2005-11-10 11:03:52 C:\Program Files\Java\jre1.5.0_06\bin\bak\jusched.exe

    ----a-w 94,208 2005-08-29 12:15:02 C:\Program Files\Lenovo\PkgMgr\HOTKEY\bak\TPHKMGR.exe

    ----a-w 282,624 2006-09-07 09:20:08 C:\Program Files\QuickTime\bak\qttask.exe

    ----a-w 85,600 2005-08-25 15:59:18 C:\Program Files\Symantec Client Security\Symantec AntiVirus\bak\VPTray.exe

    ----a-w 512,000 2005-08-01 08:48:28 C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe

    ----a-w 110,592 2005-08-01 08:48:56 C:\Program Files\Synaptics\SynTP\bak\SynTPLpr.exe

    ----a-w 409,600 2005-12-15 15:14:34 C:\Program Files\ThinkPad\ConnectUtilities\bak\ACTray.exe

    ----a-w 98,304 2005-12-15 15:14:14 C:\Program Files\ThinkPad\ConnectUtilities\bak\ACWLIcon.exe

    ----a-w 237,568 2005-08-31 00:20:00 C:\Program Files\ThinkPad\Utilities\bak\EzEjMnAp.Exe

    ----a-w 864,256 2005-08-23 16:23:20 C:\Program Files\ThinkPad\Utilities\bak\TpKmapAp.exe

    ----a-w 106,496 2005-11-23 23:02:00 C:\Program Files\ThinkVantage\PrdCtr\bak\LPMGR.exe

    ----a-w 40,960 2005-08-01 15:32:38 C:\Program Files\ThinkVantage\SystemUpdate\bak\UCLauncher.exe

    ----a-w 126,050 2005-07-12 07:00:30 C:\Program Files\ThinkVantage Fingerprint Software\bak\ctlcntr.exe

    ----a-w 15,360 2004-08-05 03:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
    ----a-w 15,360 2004-08-05 03:00:00 C:\WINDOWS\system32\ctfmon.exe

    ----a-w 127,037 2005-05-19 03:33:00 C:\WINDOWS\system32\dla\bak\tfswctrl.exe

    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
    2008-04-13 14:59 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-04-13 14:59 2051328]

    [HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
    [HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-04-13 14:59 2051328]

    [HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
    [HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:07 1667584]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TpShocks"="TpShocks.exe" [2005-08-22 19:29 86016 C:\WINDOWS\system32\TpShocks.exe]
    "TP4EX"="tp4ex.exe" [2005-08-24 01:10 40960 C:\WINDOWS\system32\TP4EX.exe]
    "PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-08-31 01:10 139264]
    "BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-08-31 01:10 208896]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 20:27 919016]
    "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-13 14:59 1177368]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
    "DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-09-26 16:11 196696]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    C:\Program Files\ThinkVantage Fingerprint Software\psfus.dll 2005-07-12 09:06 110688 C:\Program Files\ThinkVantage Fingerprint Software\psfus.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
    notifyf2.dll 2005-07-05 23:45 28672 C:\WINDOWS\system32\notifyf2.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
    tphklock.dll 2005-06-16 22:23 24576 C:\WINDOWS\system32\tphklock.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe"=
    "C:\\Program Files\\AIM\\aim.exe"=
    "C:\\StubInstaller.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
    "C:\\Program Files\\Fichiers communs\\AOL\\1167670222\\ee\\aim6.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=

    R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-04-13 15:00]
    R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2005-06-06 11:59]
    R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 09:27]
    R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-13 14:59]
    R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2005-11-08 09:27]
    R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2005-06-06 11:59]
    R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2005-08-31 01:10]
    R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-13 14:59]
    R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-04-13 14:59]
    R2 ibmfilter;ibmfilter;C:\WINDOWS\system32\drivers\ibmfilter.sys [2005-08-02 18:15]
    R2 PrivateDisk;PrivateDisk;C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys [2005-06-28 08:26]
    R2 smi2;smi2;C:\Program Files\SMI2\smi2.sys [2005-08-02 17:47]
    R2 SmiHlp;SMI helper driver;C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2005-07-12 08:57]
    R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2005-07-12 09:07]
    S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-06-14 12:03]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-04-14 22:00:00 C:\WINDOWS\Tasks\At1.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-16 07:00:00 C:\WINDOWS\Tasks\At10.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-16 08:00:00 C:\WINDOWS\Tasks\At11.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-16 09:00:00 C:\WINDOWS\Tasks\At12.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-16 10:00:00 C:\WINDOWS\Tasks\At13.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-16 11:00:00 C:\WINDOWS\Tasks\At14.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-16 12:00:00 C:\WINDOWS\Tasks\At15.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-16 13:00:00 C:\WINDOWS\Tasks\At16.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-16 14:00:00 C:\WINDOWS\Tasks\At17.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-16 15:00:00 C:\WINDOWS\Tasks\At18.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-15 16:00:01 C:\WINDOWS\Tasks\At19.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-14 23:00:00 C:\WINDOWS\Tasks\At2.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-16 17:00:00 C:\WINDOWS\Tasks\At20.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-16 18:00:00 C:\WINDOWS\Tasks\At21.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-16 19:00:00 C:\WINDOWS\Tasks\At22.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-15 20:00:00 C:\WINDOWS\Tasks\At23.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-14 21:00:00 C:\WINDOWS\Tasks\At24.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-14 22:00:00 C:\WINDOWS\Tasks\At25.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-14 23:00:00 C:\WINDOWS\Tasks\At26.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-15 00:00:00 C:\WINDOWS\Tasks\At27.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-15 01:00:00 C:\WINDOWS\Tasks\At28.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-15 02:00:00 C:\WINDOWS\Tasks\At29.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-15 00:00:00 C:\WINDOWS\Tasks\At3.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-15 03:00:00 C:\WINDOWS\Tasks\At30.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-15 04:00:00 C:\WINDOWS\Tasks\At31.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-15 05:00:00 C:\WINDOWS\Tasks\At32.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-15 06:00:00 C:\WINDOWS\Tasks\At33.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-16 07:00:00 C:\WINDOWS\Tasks\At34.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-16 08:00:00 C:\WINDOWS\Tasks\At35.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-16 09:00:00 C:\WINDOWS\Tasks\At36.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-16 10:00:00 C:\WINDOWS\Tasks\At37.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-16 11:00:00 C:\WINDOWS\Tasks\At38.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-16 12:00:00 C:\WINDOWS\Tasks\At39.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-15 01:00:00 C:\WINDOWS\Tasks\At4.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-16 13:00:00 C:\WINDOWS\Tasks\At40.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-16 14:00:00 C:\WINDOWS\Tasks\At41.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-16 15:00:00 C:\WINDOWS\Tasks\At42.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-15 16:00:01 C:\WINDOWS\Tasks\At43.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-16 17:00:00 C:\WINDOWS\Tasks\At44.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-16 18:00:00 C:\WINDOWS\Tasks\At45.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-16 19:00:00 C:\WINDOWS\Tasks\At46.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-15 20:00:00 C:\WINDOWS\Tasks\At47.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-14 21:00:00 C:\WINDOWS\Tasks\At48.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-15 02:00:00 C:\WINDOWS\Tasks\At5.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-15 03:00:00 C:\WINDOWS\Tasks\At6.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-15 04:00:00 C:\WINDOWS\Tasks\At7.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-15 05:00:00 C:\WINDOWS\Tasks\At8.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-15 06:00:00 C:\WINDOWS\Tasks\At9.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-16 18:54:51 C:\WINDOWS\Tasks\PMTask.job"
    - C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
    "2006-05-10 21:41:57 C:\WINDOWS\Tasks\Symantec NetDetect.job"
    - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-16 20:53:14
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 182

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\tphklock.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Fichiers communs\Virtual Token\vtserver.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\IPSSVC.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
    C:\WINDOWS\system32\TPHDEXLG.exe
    C:\WINDOWS\system32\TpKmpSvc.exe
    C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
    C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
    C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\UStorSrv.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
    C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\imapi.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-16 21:01:22 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-04-16 19:01:02

    Pre-Run: 19,449,352,192 octets libres
    Post-Run: 19,370,225,664 octets libres
    0
  9. Utilisateur anonyme
     
    /!\ Manip crée spécialement pour cet utilisateur , ne pas reproduire chez soi ... /!\

    Ouvre le Bloc-Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)

    Copie ce texte ( en gras )d'une traite ( CTRL+C pour copier ) puis colle-le ( CTRL+V dans le bloc-note )

    File::
    C:\WINDOWS\bbdddd.ini2
    C:\WINDOWS\system32\tphklock.dll

    Folder::
    C:\SDFix

    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]


    Sauvegarde ce fichier sur ton bureau sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt

    S'il n'y a pas de rédémarrage, poste quand même le rapport.

    ************************************

    Va sur ce site --> https://www.virustotal.com/gui/

    Copie/colle cette ligne en gras dans le champs de saisie :


    C:\WINDOWS\system32\notifyf2.dll


    Clique sur ' Envoyer le fichier '

    Un rapport va s'élaborer ligne à ligne.

    Attends la fin. Il doit comprendre la taille du fichier envoyé.

    Sauvegarde le rapport avec le bloc-note.

    -> Poste le moi stp.

    (CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    *************

    A+

    0
  10. lilangel Messages postés 21 Date d'inscription   Statut Membre
     
    Donc:
    Le premier rapport:

    ComboFix 08-04-15.8 - Mistral 2008-04-16 21:49:12.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.404 [GMT 2:00]
    Endroit: C:\Documents and Settings\Mistral\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Mistral\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

    FILE ::
    C:\WINDOWS\bbdddd.ini2
    C:\WINDOWS\system32\tphklock.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\SDFix
    C:\SDFix\apps\assosfix.reg
    C:\SDFix\apps\cliptext.exe
    C:\SDFix\apps\download.exe
    C:\SDFix\apps\dummy.sys
    C:\SDFix\apps\Enable_Command_Prompt.reg
    C:\SDFix\apps\ERDNT.E_E
    C:\SDFix\apps\ERDNTDOS.LOC
    C:\SDFix\apps\ERDNTWIN.LOC
    C:\SDFix\apps\ERUNT.EXE
    C:\SDFix\apps\ERUNT.LOC
    C:\SDFix\apps\fix.reg
    C:\SDFix\apps\FixBH.reg
    C:\SDFix\apps\FixComponents.reg
    C:\SDFix\apps\FIXCU.reg
    C:\SDFix\apps\FIXLM.reg
    C:\SDFix\apps\FixPath.exe
    C:\SDFix\apps\FixRedir.reg
    C:\SDFix\apps\FixSchedule.reg
    C:\SDFix\apps\FixWebCheck.reg
    C:\SDFix\apps\fixXP.reg
    C:\SDFix\apps\FixXPsp2.reg
    C:\SDFix\apps\grep.exe
    C:\SDFix\apps\HPFix.reg
    C:\SDFix\apps\HPFix2.reg
    C:\SDFix\apps\HPFix3.reg
    C:\SDFix\apps\HPFix4.reg
    C:\SDFix\apps\HPFix5.reg
    C:\SDFix\apps\HPFix6.reg
    C:\SDFix\apps\HPFix7.reg
    C:\SDFix\apps\isadmin.exe
    C:\SDFix\apps\leg2.txt
    C:\SDFix\apps\legacy.txt
    C:\SDFix\apps\legacybk.txt
    C:\SDFix\apps\locate.com
    C:\SDFix\apps\LS.exe
    C:\SDFix\apps\MD5File.exe
    C:\SDFix\apps\MyGcpvFix.reg
    C:\SDFix\apps\MyGkFix2.reg
    C:\SDFix\apps\Process.exe
    C:\SDFix\apps\procs.exe
    C:\SDFix\apps\psservice.exe
    C:\SDFix\apps\Rem.txt
    C:\SDFix\apps\Rem2.txt
    C:\SDFix\apps\Replace\regedit.exe
    C:\SDFix\apps\Replace\W2K.exe
    C:\SDFix\apps\Replace\w2k\beep.sys
    C:\SDFix\apps\Replace\w2k\null.sys
    C:\SDFix\apps\Replace\XP.exe
    C:\SDFix\apps\Replace\xp\beep.sys
    C:\SDFix\apps\Replace\xp\null.sys
    C:\SDFix\apps\Reset_AppInit_DLLs.reg
    C:\SDFix\apps\RestartIt!.exe
    C:\SDFix\apps\Restore_SecurityCenter.reg
    C:\SDFix\apps\Restore_SharedAccess.reg
    C:\SDFix\apps\sc.exe
    C:\SDFix\apps\sed.exe
    C:\SDFix\apps\SF.exe
    C:\SDFix\apps\shutdown.exe
    C:\SDFix\apps\srv2.txt
    C:\SDFix\apps\srv2bk.txt
    C:\SDFix\apps\svc.txt
    C:\SDFix\apps\svcbk.txt
    C:\SDFix\apps\swreg.exe
    C:\SDFix\apps\swsc.exe
    C:\SDFix\apps\unzip.exe
    C:\SDFix\apps\vfind.exe
    C:\SDFix\apps\WINMSG.EXE
    C:\SDFix\apps\winsec.reg
    C:\SDFix\apps\zip.exe
    C:\SDFix\backups\backupreg.zip
    C:\SDFix\backups\backups.zip
    C:\SDFix\backups\HOSTS
    C:\SDFix\catchme.exe
    C:\SDFix\dummy.sys
    C:\SDFix\Report.txt
    C:\SDFix\RunThis.bat
    C:\SDFix\SDFIX_ReadMe_Online.url
    C:\WINDOWS\bbdddd.ini2
    C:\WINDOWS\system32\tphklock.dll

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-16 to 2008-04-16 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-16 21:34 . 2008-04-16 21:34 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-04-16 21:34 . 2008-04-16 21:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-16 18:07 . 2008-04-16 18:07 <REP> d-------- C:\WINDOWS\ERUNT
    2008-04-15 20:56 . 2008-04-15 20:56 <REP> d-------- C:\Program Files\AxBx
    2008-04-14 15:15 . 2008-04-14 15:15 <REP> d-------- C:\Program Files\Lavasoft
    2008-04-14 15:15 . 2008-04-14 15:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-04-14 15:01 . 2008-04-14 15:01 <REP> d-------- C:\Program Files\Windows Live Safety Center
    2008-04-14 14:20 . 2008-04-14 14:20 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-04-14 13:43 . 2008-04-14 13:43 <REP> d-------- C:\Program Files\Trend Micro
    2008-04-14 10:09 . 2008-04-14 10:09 <REP> d-------- C:\Documents and Settings\Mistral\Application Data\Grisoft
    2008-04-14 10:09 . 2008-04-14 10:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-04-14 10:09 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-04-13 21:09 . 2004-08-04 00:54 116,736 --a------ C:\WINDOWS\system32\dllcache\xrxwiadr.dll
    2008-04-13 21:09 . 2001-08-23 17:47 99,865 --a------ C:\WINDOWS\system32\dllcache\xlog.exe
    2008-04-13 21:09 . 2004-08-05 05:00 28,288 --a------ C:\WINDOWS\system32\dllcache\xjis.nls
    2008-04-13 21:09 . 2001-08-23 17:47 27,648 --a------ C:\WINDOWS\system32\dllcache\xrxftplt.exe
    2008-04-13 21:09 . 2001-08-23 17:47 23,040 --a------ C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
    2008-04-13 21:09 . 2004-08-03 22:29 19,455 --a------ C:\WINDOWS\system32\dllcache\wvchntxx.sys
    2008-04-13 21:09 . 2001-08-23 17:47 17,408 --a------ C:\WINDOWS\system32\dllcache\xrxscnui.dll
    2008-04-13 21:09 . 2001-08-17 20:11 16,970 --a------ C:\WINDOWS\system32\dllcache\xem336n5.sys
    2008-04-13 21:09 . 2004-08-03 22:29 12,063 --a------ C:\WINDOWS\system32\dllcache\wsiintxx.sys
    2008-04-13 21:09 . 2001-08-23 17:47 4,608 --a------ C:\WINDOWS\system32\dllcache\xrxflnch.exe
    2008-04-13 21:08 . 2004-08-05 05:00 156,672 --a------ C:\WINDOWS\system32\dllcache\winzm.ime
    2008-04-13 21:08 . 2004-08-05 05:00 156,672 --a------ C:\WINDOWS\system32\dllcache\winsp.ime
    2008-04-13 21:08 . 2004-08-05 05:00 156,672 --a------ C:\WINDOWS\system32\dllcache\winpy.ime
    2008-04-13 21:08 . 2004-08-03 22:31 154,624 --a------ C:\WINDOWS\system32\dllcache\wlluc48.sys
    2008-04-13 21:08 . 2004-08-05 05:00 79,360 --a------ C:\WINDOWS\system32\dllcache\winar30.ime
    2008-04-13 21:08 . 2004-08-05 05:00 69,120 --a------ C:\WINDOWS\system32\dllcache\wingb.ime
    2008-04-13 21:08 . 2004-08-05 05:00 65,536 --a------ C:\WINDOWS\system32\dllcache\winime.ime
    2008-04-13 21:08 . 2001-08-23 17:05 35,402 --a------ C:\WINDOWS\system32\dllcache\wlandrv2.sys
    2008-04-13 21:08 . 2004-08-03 23:07 8,832 --a------ C:\WINDOWS\system32\dllcache\wmiacpi.sys
    2008-04-13 21:06 . 2001-08-17 21:28 765,884 --a------ C:\WINDOWS\system32\dllcache\usrti.sys
    2008-04-13 21:05 . 2001-08-17 21:28 794,654 --a------ C:\WINDOWS\system32\dllcache\usr1801.sys
    2008-04-13 21:04 . 2001-08-23 17:47 525,568 --a------ C:\WINDOWS\system32\dllcache\tridxp.dll
    2008-04-13 21:03 . 2004-08-05 05:00 571,392 --a------ C:\WINDOWS\system32\dllcache\tintlgnt.ime
    2008-04-13 21:02 . 2004-08-03 23:00 149,376 --a------ C:\WINDOWS\system32\dllcache\tffsport.sys
    2008-04-13 21:02 . 2001-08-23 17:46 81,408 --a------ C:\WINDOWS\system32\dllcache\tgiul50.dll
    2008-04-13 21:02 . 2001-08-17 20:13 37,961 --a------ C:\WINDOWS\system32\dllcache\tdk100b.sys
    2008-04-13 21:02 . 2001-08-17 20:50 36,640 --a------ C:\WINDOWS\system32\dllcache\t2r4mini.sys
    2008-04-13 21:02 . 2001-08-17 21:49 30,464 --a------ C:\WINDOWS\system32\dllcache\tbatm155.sys
    2008-04-13 21:02 . 2004-08-05 05:00 21,896 --a------ C:\WINDOWS\system32\dllcache\tdipx.sys
    2008-04-13 21:02 . 2004-08-05 05:00 19,464 --a------ C:\WINDOWS\system32\dllcache\tdspx.sys
    2008-04-13 21:02 . 2001-08-17 20:13 17,129 --a------ C:\WINDOWS\system32\dllcache\tdkcd31.sys
    2008-04-13 21:02 . 2004-08-05 05:00 13,192 --a------ C:\WINDOWS\system32\dllcache\tdasync.sys
    2008-04-13 21:02 . 2001-08-17 21:52 7,040 --a------ C:\WINDOWS\system32\dllcache\tandqic.sys
    2008-04-13 21:01 . 2001-08-23 17:46 172,768 --a------ C:\WINDOWS\system32\dllcache\t2r4disp.dll
    2008-04-13 21:01 . 2001-08-17 21:50 103,936 --a------ C:\WINDOWS\system32\dllcache\sx.sys
    2008-04-13 21:01 . 2001-08-23 17:47 94,293 --a------ C:\WINDOWS\system32\dllcache\sxports.dll
    2008-04-13 21:01 . 2001-08-23 17:47 53,760 --a------ C:\WINDOWS\system32\dllcache\sw_wheel.dll
    2008-04-13 21:01 . 2001-08-23 17:47 41,472 --a------ C:\WINDOWS\system32\dllcache\sw_effct.dll
    2008-04-13 21:01 . 2001-08-23 17:47 10,240 --a------ C:\WINDOWS\system32\dllcache\swpidflt.dll
    2008-04-13 21:01 . 2001-08-23 17:47 10,240 --a------ C:\WINDOWS\system32\dllcache\swpdflt2.dll
    2008-04-13 21:01 . 2001-08-17 22:02 3,968 --a------ C:\WINDOWS\system32\dllcache\swusbflt.sys
    2008-04-13 20:59 . 2004-08-05 05:00 466,944 --a------ C:\WINDOWS\system32\dllcache\smtpsvc.dll
    2008-04-13 20:58 . 2004-08-03 22:41 404,990 --a------ C:\WINDOWS\system32\dllcache\slntamr.sys
    2008-04-13 20:57 . 2001-08-23 17:46 386,560 --a------ C:\WINDOWS\system32\dllcache\sgiul50.dll
    2008-04-13 20:57 . 2001-08-23 17:21 161,664 --a------ C:\WINDOWS\system32\dllcache\sgsmusb.sys
    2008-04-13 20:57 . 2001-08-17 20:50 101,760 --a------ C:\WINDOWS\system32\dllcache\sis300ip.sys
    2008-04-13 20:57 . 2001-08-17 20:51 98,080 --a------ C:\WINDOWS\system32\dllcache\sgiulnt5.sys
    2008-04-13 20:57 . 2004-08-05 05:00 18,944 --a------ C:\WINDOWS\system32\dllcache\simptcp.dll
    2008-04-13 20:57 . 2001-07-21 22:29 18,400 --a------ C:\WINDOWS\system32\dllcache\sgsmld.sys
    2008-04-13 20:57 . 2004-08-04 00:54 3,901 --a------ C:\WINDOWS\system32\dllcache\siint5.dll
    2008-04-13 20:56 . 2001-08-23 17:47 57,856 --a------ C:\WINDOWS\system32\dllcache\EXCH_scripto.dll
    2008-04-13 20:56 . 2001-08-17 20:19 36,480 --a------ C:\WINDOWS\system32\dllcache\sfmanm.sys
    2008-04-13 20:56 . 2001-08-23 17:47 26,112 --a------ C:\WINDOWS\system32\dllcache\EXCH_seos.dll
    2008-04-13 20:56 . 2001-08-23 17:20 18,432 --a------ C:\WINDOWS\system32\dllcache\sermouse.sys
    2008-04-13 20:56 . 2001-08-17 21:52 11,648 --a------ C:\WINDOWS\system32\dllcache\scsiprnt.sys
    2008-04-13 20:56 . 2001-08-17 21:53 10,880 --a------ C:\WINDOWS\system32\dllcache\scsiscan.sys
    2008-04-13 20:56 . 2001-08-23 17:20 6,912 --a------ C:\WINDOWS\system32\dllcache\serscan.sys
    2008-04-13 20:56 . 2001-08-17 21:53 6,912 --a------ C:\WINDOWS\system32\dllcache\seaddsmc.sys
    2008-04-13 20:55 . 2001-08-23 17:47 495,616 --a------ C:\WINDOWS\system32\dllcache\sblfx.dll
    2008-04-13 20:55 . 2001-08-17 20:50 75,392 --a------ C:\WINDOWS\system32\dllcache\s3savmxm.sys
    2008-04-13 20:55 . 2004-08-03 22:59 43,136 --a------ C:\WINDOWS\system32\dllcache\sbp2port.sys
    2008-04-13 20:55 . 2001-08-23 17:20 24,064 --a------ C:\WINDOWS\system32\dllcache\sccmn50m.sys
    2008-04-13 20:55 . 2001-08-17 21:51 23,936 --a------ C:\WINDOWS\system32\dllcache\sccmusbm.sys
    2008-04-13 20:55 . 2001-08-23 17:20 17,536 --a------ C:\WINDOWS\system32\dllcache\scr111.sys
    2008-04-13 20:55 . 2001-08-23 17:20 16,768 --a------ C:\WINDOWS\system32\dllcache\scmstcs.sys
    2008-04-13 20:53 . 2001-08-23 17:18 899,914 --a------ C:\WINDOWS\system32\dllcache\r2mdkxga.sys
    2008-04-13 20:52 . 2004-08-05 05:00 482,304 --a------ C:\WINDOWS\system32\dllcache\pintlgnt.ime
    2008-04-13 20:51 . 2004-08-04 00:53 259,328 --a------ C:\WINDOWS\system32\dllcache\perm3dd.dll
    2008-04-13 20:50 . 2001-08-17 22:05 351,616 --a------ C:\WINDOWS\system32\dllcache\ovcodek2.sys
    2008-04-13 20:50 . 2001-08-23 17:47 116,736 --a------ C:\WINDOWS\system32\dllcache\ovcodec2.dll
    2008-04-13 20:50 . 2001-08-23 17:15 54,954 --a------ C:\WINDOWS\system32\dllcache\otcsercb.sys
    2008-04-13 20:50 . 2001-08-17 22:05 48,000 --a------ C:\WINDOWS\system32\dllcache\ovcam2.sys
    2008-04-13 20:50 . 2001-08-23 17:47 39,424 --a------ C:\WINDOWS\system32\dllcache\ovcoms.exe
    2008-04-13 20:50 . 2001-08-17 22:05 31,872 --a------ C:\WINDOWS\system32\dllcache\ovce.sys
    2008-04-13 20:50 . 2001-08-17 22:05 28,032 --a------ C:\WINDOWS\system32\dllcache\ovcd.sys
    2008-04-13 20:50 . 2001-08-17 22:05 25,088 --a------ C:\WINDOWS\system32\dllcache\ovca.sys
    2008-04-13 20:50 . 2001-08-23 17:47 20,480 --a------ C:\WINDOWS\system32\dllcache\ovcomc.dll
    2008-04-13 20:49 . 2001-08-17 20:50 198,144 --a------ C:\WINDOWS\system32\dllcache\nv3.sys
    2008-04-13 20:49 . 2001-08-23 17:46 123,776 --a------ C:\WINDOWS\system32\dllcache\nv3.dll
    2008-04-13 20:49 . 2001-08-17 20:20 54,528 --a------ C:\WINDOWS\system32\dllcache\opl3sax.sys
    2008-04-13 20:49 . 2001-08-23 17:15 44,297 --a------ C:\WINDOWS\system32\dllcache\otceth5.sys
    2008-04-13 20:49 . 2001-08-17 20:12 27,209 --a------ C:\WINDOWS\system32\dllcache\otc06x5.sys
    2008-04-13 20:48 . 2004-08-03 22:41 180,360 --a------ C:\WINDOWS\system32\dllcache\ntmtlfax.sys
    2008-04-13 20:48 . 2004-08-04 00:47 132,695 --a------ C:\WINDOWS\system32\dllcache\netwlan5.sys
    2008-04-13 20:48 . 2001-08-17 20:20 126,080 --a------ C:\WINDOWS\system32\dllcache\nm5a2wdm.sys
    2008-04-13 20:48 . 2001-08-17 20:20 87,040 --a------ C:\WINDOWS\system32\dllcache\nm6wdm.sys
    2008-04-13 20:48 . 2001-08-23 17:10 66,302 --a------ C:\WINDOWS\system32\dllcache\netflx3.sys
    2008-04-13 20:48 . 2001-08-17 20:49 51,552 --a------ C:\WINDOWS\system32\dllcache\ntgrip.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-16 19:56 179,828 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
    2008-04-16 19:56 15,274,016 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
    2008-04-15 16:39 --------- d-----w C:\Program Files\Conquer 2.0
    2008-04-15 16:37 --------- d-----w C:\Program Files\RealVNC
    2008-04-15 16:36 --------- d-----w C:\Program Files\Fichiers communs\Real
    2008-04-14 18:43 --------- d-----w C:\Documents and Settings\Mistral\Application Data\OpenOffice.org2
    2008-04-14 13:13 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-04-13 08:10 5,427 ----a-w C:\WINDOWS\system32\EGATHDRV.SYS
    2008-04-06 20:59 397,824 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
    2008-04-06 20:59 1,488,896 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
    2008-04-06 16:04 94,208 ----a-w C:\WINDOWS\DUMP69e5.tmp
    2008-04-06 16:03 1,222,144 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
    2008-04-03 20:33 458,240 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
    2008-04-03 20:33 1,486,336 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
    2008-04-02 19:40 2,816,000 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
    2008-03-18 21:51 2,680,832 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
    2008-03-18 21:51 1,478,656 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
    2008-03-11 12:31 --------- d-----w C:\Program Files\CCleaner
    2008-03-09 17:42 1,677,824 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
    2008-03-09 17:42 1,470,976 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
    2008-03-05 21:25 105,984 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
    2008-03-05 21:25 1,469,440 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
    2008-03-05 21:20 2,858,496 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
    2008-03-05 21:20 1,468,928 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
    2008-02-27 12:27 --------- d-----w C:\Program Files\DivX
    2008-02-21 02:05 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2008-02-21 02:05 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2007-06-20 11:36 47,868 ----a-w C:\Program Files\unrar.exe
    2005-05-11 21:36 12,288 ------w C:\WINDOWS\Fonts\RandFont.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2008-04-16_20.58.53.95 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-04-16 18:36:51 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-04-16 19:58:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-04-16 19:58:50 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_11c.dat
    .
    ((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ----a-w 307,200 2005-10-24 13:53:40 C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe

    ------w 0 1601-01-01 00:00:00 C:\Program Files\Adobe\Photoshop Album Edition DÚcouverte\3.0\Apps\bak\

    ----a-w 344,064 2005-07-28 19:15:00 C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe

    ----a-w 196,696 2005-09-26 14:11:04 C:\Program Files\Diskeeper Corporation\Diskeeper\bak\DkIcon.exe
    ----a-w 196,696 2005-09-26 14:11:04 C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe

    ----a-w 50,760 2006-05-25 14:35:42 C:\Program Files\Fichiers communs\AOL\1167670222\ee\bak\AOLSoftware.exe

    ----a-w 124,520 2006-02-17 16:59:46 C:\Program Files\Fichiers communs\AOL\IPHSend\bak\IPHSend.exe

    ----a-w 50,760 2006-05-25 14:35:40 C:\Program Files\Fichiers communs\AOL\Launch\bak\AOLLaunch.exe

    ----a-w 81,920 2004-07-27 14:50:18 C:\Program Files\Fichiers communs\InstallShield\UpdateService\bak\issch.exe

    ----a-w 221,184 2004-07-27 14:50:42 C:\Program Files\Fichiers communs\InstallShield\UpdateService\bak\ISUSPM.exe

    ----a-w 180,269 2006-05-24 15:18:49 C:\Program Files\Fichiers communs\Real\Update_OB\bak\realsched.exe

    ----a-w 48,752 2005-07-12 10:35:38 C:\Program Files\Fichiers communs\Symantec Shared\bak\ccApp.exe

    ----a-w 49,152 2005-05-11 21:12:54 C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe

    ----a-w 1,988,144 2005-08-02 16:52:40 C:\Program Files\IBM ThinkVantage\Client Security Solution\bak\cssauth.exe

    ----a-r 49,152 2005-07-07 13:22:54 C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\bak\pdservice.exe

    ----a-w 278,528 2006-06-14 14:24:14 C:\Program Files\iTunes\bak\iTunesHelper.exe

    ----a-w 36,975 2005-11-10 11:03:52 C:\Program Files\Java\jre1.5.0_06\bin\bak\jusched.exe

    ----a-w 94,208 2005-08-29 12:15:02 C:\Program Files\Lenovo\PkgMgr\HOTKEY\bak\TPHKMGR.exe

    ----a-w 282,624 2006-09-07 09:20:08 C:\Program Files\QuickTime\bak\qttask.exe

    ----a-w 85,600 2005-08-25 15:59:18 C:\Program Files\Symantec Client Security\Symantec AntiVirus\bak\VPTray.exe

    ----a-w 512,000 2005-08-01 08:48:28 C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe

    ----a-w 110,592 2005-08-01 08:48:56 C:\Program Files\Synaptics\SynTP\bak\SynTPLpr.exe

    ----a-w 409,600 2005-12-15 15:14:34 C:\Program Files\ThinkPad\ConnectUtilities\bak\ACTray.exe

    ----a-w 98,304 2005-12-15 15:14:14 C:\Program Files\ThinkPad\ConnectUtilities\bak\ACWLIcon.exe

    ----a-w 237,568 2005-08-31 00:20:00 C:\Program Files\ThinkPad\Utilities\bak\EzEjMnAp.Exe

    ----a-w 864,256 2005-08-23 16:23:20 C:\Program Files\ThinkPad\Utilities\bak\TpKmapAp.exe

    ----a-w 106,496 2005-11-23 23:02:00 C:\Program Files\ThinkVantage\PrdCtr\bak\LPMGR.exe

    ----a-w 40,960 2005-08-01 15:32:38 C:\Program Files\ThinkVantage\SystemUpdate\bak\UCLauncher.exe

    ----a-w 126,050 2005-07-12 07:00:30 C:\Program Files\ThinkVantage Fingerprint Software\bak\ctlcntr.exe

    ----a-w 15,360 2004-08-05 03:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
    ----a-w 15,360 2004-08-05 03:00:00 C:\WINDOWS\system32\ctfmon.exe

    ----a-w 127,037 2005-05-19 03:33:00 C:\WINDOWS\system32\dla\bak\tfswctrl.exe

    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
    2008-04-13 14:59 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-04-13 14:59 2051328]

    [HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
    [HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-04-13 14:59 2051328]

    [HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
    [HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:07 1667584]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TpShocks"="TpShocks.exe" [2005-08-22 19:29 86016 C:\WINDOWS\system32\TpShocks.exe]
    "TP4EX"="tp4ex.exe" [2005-08-24 01:10 40960 C:\WINDOWS\system32\TP4EX.exe]
    "PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-08-31 01:10 139264]
    "BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-08-31 01:10 208896]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 20:27 919016]
    "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-13 14:59 1177368]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
    "DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-09-26 16:11 196696]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    C:\Program Files\ThinkVantage Fingerprint Software\psfus.dll 2005-07-12 09:06 110688 C:\Program Files\ThinkVantage Fingerprint Software\psfus.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
    notifyf2.dll 2005-07-05 23:45 28672 C:\WINDOWS\system32\notifyf2.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe"=
    "C:\\Program Files\\AIM\\aim.exe"=
    "C:\\StubInstaller.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
    "C:\\Program Files\\Fichiers communs\\AOL\\1167670222\\ee\\aim6.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=

    R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-04-13 15:00]
    R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2005-06-06 11:59]
    R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 09:27]
    R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-04-13 14:59]
    R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2005-11-08 09:27]
    R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2005-06-06 11:59]
    R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2005-08-31 01:10]
    R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-13 14:59]
    R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-04-13 14:59]
    R2 ibmfilter;ibmfilter;C:\WINDOWS\system32\drivers\ibmfilter.sys [2005-08-02 18:15]
    R2 PrivateDisk;PrivateDisk;C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys [2005-06-28 08:26]
    R2 smi2;smi2;C:\Program Files\SMI2\smi2.sys [2005-08-02 17:47]
    R2 SmiHlp;SMI helper driver;C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2005-07-12 08:57]
    R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2005-07-12 09:07]
    S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-06-14 12:03]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-04-14 22:00:00 C:\WINDOWS\Tasks\At1.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-16 07:00:00 C:\WINDOWS\Tasks\At10.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-16 08:00:00 C:\WINDOWS\Tasks\At11.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-16 09:00:00 C:\WINDOWS\Tasks\At12.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-16 10:00:00 C:\WINDOWS\Tasks\At13.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-16 11:00:00 C:\WINDOWS\Tasks\At14.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-16 12:00:00 C:\WINDOWS\Tasks\At15.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-16 13:00:00 C:\WINDOWS\Tasks\At16.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-16 14:00:00 C:\WINDOWS\Tasks\At17.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-16 15:00:00 C:\WINDOWS\Tasks\At18.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-15 16:00:01 C:\WINDOWS\Tasks\At19.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-14 23:00:00 C:\WINDOWS\Tasks\At2.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-16 17:00:00 C:\WINDOWS\Tasks\At20.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-16 18:00:00 C:\WINDOWS\Tasks\At21.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-16 19:00:00 C:\WINDOWS\Tasks\At22.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-16 20:00:00 C:\WINDOWS\Tasks\At23.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-14 21:00:00 C:\WINDOWS\Tasks\At24.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-14 22:00:00 C:\WINDOWS\Tasks\At25.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-14 23:00:00 C:\WINDOWS\Tasks\At26.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-15 00:00:00 C:\WINDOWS\Tasks\At27.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-15 01:00:00 C:\WINDOWS\Tasks\At28.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-15 02:00:00 C:\WINDOWS\Tasks\At29.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-15 00:00:00 C:\WINDOWS\Tasks\At3.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-15 03:00:00 C:\WINDOWS\Tasks\At30.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-15 04:00:00 C:\WINDOWS\Tasks\At31.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-15 05:00:00 C:\WINDOWS\Tasks\At32.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-15 06:00:00 C:\WINDOWS\Tasks\At33.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-16 07:00:00 C:\WINDOWS\Tasks\At34.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-16 08:00:00 C:\WINDOWS\Tasks\At35.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-16 09:00:00 C:\WINDOWS\Tasks\At36.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-16 10:00:00 C:\WINDOWS\Tasks\At37.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-16 11:00:00 C:\WINDOWS\Tasks\At38.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-16 12:00:00 C:\WINDOWS\Tasks\At39.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-15 01:00:00 C:\WINDOWS\Tasks\At4.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-16 13:00:00 C:\WINDOWS\Tasks\At40.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-16 14:00:00 C:\WINDOWS\Tasks\At41.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-16 15:00:00 C:\WINDOWS\Tasks\At42.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-15 16:00:01 C:\WINDOWS\Tasks\At43.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-16 17:00:00 C:\WINDOWS\Tasks\At44.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-16 18:00:00 C:\WINDOWS\Tasks\At45.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-16 19:00:00 C:\WINDOWS\Tasks\At46.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-16 20:00:00 C:\WINDOWS\Tasks\At47.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-14 21:00:00 C:\WINDOWS\Tasks\At48.job"
    - C:\WINDOWS\system32\JliqKp50.exe
    "2008-04-15 02:00:00 C:\WINDOWS\Tasks\At5.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-15 03:00:00 C:\WINDOWS\Tasks\At6.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-15 04:00:00 C:\WINDOWS\Tasks\At7.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-15 05:00:00 C:\WINDOWS\Tasks\At8.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-15 06:00:00 C:\WINDOWS\Tasks\At9.job"
    - C:\WINDOWS\system32\6eYpAf55.exe
    "2008-04-16 20:11:26 C:\WINDOWS\Tasks\PMTask.job"
    - C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
    "2006-05-10 21:41:57 C:\WINDOWS\Tasks\Symantec NetDetect.job"
    - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-16 22:10:17
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 182

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Fichiers communs\Virtual Token\vtserver.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\IPSSVC.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
    C:\WINDOWS\system32\TPHDEXLG.exe
    C:\WINDOWS\system32\TpKmpSvc.exe
    C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
    C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
    C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\UStorSrv.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\Program Files\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
    C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\WINDOWS\system32\imapi.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-16 22:18:21 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-04-16 20:18:02
    ComboFix2.txt 2008-04-16 19:01:24

    Pre-Run: 20,499,546,112 octets libres
    Post-Run: 20,513,595,392 octets libres

    Et le deuxième:

    Fichier notifyf2.dll_ reçu le 2008.04.16 22:22:53 (CET)
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.4.17.0 2008.04.16 -
    AntiVir 7.6.0.85 2008.04.16 -
    Authentium 4.93.8 2008.04.16 -
    Avast 4.8.1169.0 2008.04.16 -
    AVG 7.5.0.516 2008.04.16 -
    BitDefender 7.2 2008.04.16 -
    CAT-QuickHeal 9.50 2008.04.16 -
    ClamAV 0.92.1 2008.04.16 -
    DrWeb 4.44.0.09170 2008.04.16 -
    eSafe 7.0.15.0 2008.04.16 -
    eTrust-Vet 31.3.5703 2008.04.16 -
    Ewido 4.0 2008.04.16 -
    F-Prot 4.4.2.54 2008.04.16 -
    F-Secure 6.70.13260.0 2008.04.16 -
    FileAdvisor 1 2008.04.16 -
    Fortinet 3.14.0.0 2008.04.16 -
    Ikarus T3.1.1.26 2008.04.16 -
    Kaspersky 7.0.0.125 2008.04.16 -
    McAfee 5275 2008.04.16 -
    Microsoft 1.3408 2008.04.14 -
    NOD32v2 3031 2008.04.16 -
    Norman 5.80.02 2008.04.16 -
    Panda 9.0.0.4 2008.04.16 -
    Prevx1 V2 2008.04.16 -
    Rising 20.40.22.00 2008.04.16 -
    Sophos 4.28.0 2008.04.16 -
    Sunbelt 3.0.1041.0 2008.04.12 -
    Symantec 10 2008.04.16 -
    TheHacker 6.2.92.280 2008.04.16 -
    VBA32 3.12.6.4 2008.04.16 -
    VirusBuster 4.3.26:9 2008.04.16 -
    Webwasher-Gateway 6.6.2 2008.04.16 -
    Information additionnelle
    File size: 28672 bytes
    MD5...: 3c21a62642bea691b588f69e8d11b374
    SHA1..: b1d5a7de24dc9a99222b779ebe009bc72ac7061d
    SHA256: 0bb739e9a64ccd7de0a10c6f5c9e68d6e780038382fdea4e1bb330bf2b8377d3
    SHA512: 34b91c1a8955633fabe9eba2105268f8bd3468c9b1c7132e7c38c06c056ae0d9<br>4ef8aa713221ef77151c203abb8748cd0cc54ca4f94c155160e9489cb7b69086
    PEiD..: Armadillo v1.xx - v2.xx
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x10001239<br>timedatestamp.....: 0x42cb4cbb (Wed Jul 06 03:15:07 2005)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x2c06 0x3000 6.24 8a4d9af50258f0f2bd9dbdfcb617a18d<br>.rdata 0x4000 0x92d 0x1000 3.62 ccf6ac4ae170676db9631eabf3abe931<br>.data 0x5000 0x920 0x1000 0.79 aedff4daee985da031662563e4fda493<br>.reloc 0x6000 0x4a0 0x1000 2.24 d6f9102cdf5f099305cf69b0a25e0139<br><br>( 2 imports ) <br>> KERNEL32.dll: CloseHandle, GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, GetCurrentProcess, GetCurrentThreadId, TlsSetValue, TlsAlloc, TlsFree, TlsGetValue, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, DeleteCriticalSection, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, HeapDestroy, HeapCreate, VirtualFree, HeapFree, WriteFile, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, HeapAlloc, GetCPInfo, GetACP, GetOEMCP, VirtualAlloc, HeapReAlloc, GetProcAddress, LoadLibraryA, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, RtlUnwind<br>> ADVAPI32.dll: RegOpenKeyExA, CreateProcessAsUserA, RegCloseKey, RegQueryValueExA<br><br>( 3 exports ) <br>__0CNotifyfnf2@@QAE@XZ, __4CNotifyfnf2@@QAEAAV0@ABV0@@Z, Unlock_Notify_fnf2<br>

    A+
    0
  11. Utilisateur anonyme
     
    Le deuxième rapport me semble incomplet...

    Tu as bien tout selectionné ?

    ++
    0
  12. lilangel Messages postés 21 Date d'inscription   Statut Membre
     
    Oui, j'avais pas tout pris désolée. J'ai modifié le message
    0
  13. Utilisateur anonyme
     
    Re :)

    Poste un nouveau rapport Hijackthis maintenant.

    +++
    0
  14. lilangel Messages postés 21 Date d'inscription   Statut Membre
     
    Voila:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:49:19, on 16/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\Fichiers communs\Virtual Token\vtserver.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\IPSSVC.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
    C:\WINDOWS\System32\TPHDEXLG.EXE
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
    C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
    C:\WINDOWS\system32\UStorSrv.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\TpShocks.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Trend Micro\HijackThis\HJT.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
    O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
    O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Mise à jour de logiciels ThinkPad - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [JAVA_IBM] Java (IBM)
    O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
    O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
    O12 - Plugin for .mut: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
    O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
    O15 - Trusted Zone: http://a248.e.akamai.net
    O15 - Trusted Zone: http://*.bitdefender.com
    O15 - Trusted Zone: http://ssl-hints.netflame.cc
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{36480FE8-4CA6-46A8-8C1F-911374E6A7FA}: NameServer = 192.168.1.1,192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{85CF80E0-6F20-4649-BD89-E4D0280D98B8}: NameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{984C6453-2795-4A2A-BAD9-F018B3C31D09}: NameServer = 192.168.3.1,192.168.4.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{36480FE8-4CA6-46A8-8C1F-911374E6A7FA}: NameServer = 192.168.1.1,192.168.2.1
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Service de base IPS (IPSSVC) - Lenovo Ltd. - C:\WINDOWS\system32\IPSSVC.EXE
    O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
    O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
    O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
    O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
    O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Fichiers communs\Virtual Token\vtserver.exe
    O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\WinVNC.exe (file missing)
    0
  15. Utilisateur anonyme
     
    Re ,

    Fait un choix entre Symantec Antivirus et AVG 8

    Désinstalle lui que tu ne veux plus.

    Un seul Anti-virus sur le pc.

    *****************************************

    Supprime Boonty games.

    Politique de Boonty games :

    "Il se peut que nous partagions aussi des informations payantes avec des tiers
    qui fournissent des services payants et partage des données regroupées montrant le type
    et le nombre de jeux videos que vous téléchargez, votre age, votre sexe, vos occupations,
    niveau d'éducation, localité géographique, données sur l'équipement de votre ordinateur,
    internet et intérêts pour les jeux videos, activités et entrainement des jeux édités.

    De plus, nous partageons les adresses email avec des tiers fournisseurs de comptes mails
    qui nous assistent en envoyant nos mails a de nombreux clients en même temps..."

    En gros ils divulguent des informations personnelles à d'autres sociétées , qui bien évidemment se feront une joie de spammer ta boite mail , et autres réjouissances ...

    1) Arrête le service :

    Démarrer > executer > ' services.msc ' ,

    - Clic droit sur le service cité - Boonty games
    - propriétés
    - et dans "type de démarrage" et mets le sur « désactivé ».
    - Ensuite si le "Status du service" est sur "Démarré" faire : « arrêté »

    Tutorial : https://www.zebulon.fr/dossiers/windows/31-services.html

    2) Supprime le dossier :

    Va dans "C:\program files\fichiers communs\" trouve & supprime le dossier " boonty shared "

    *******************

    # Télécharger FixWareout sur le bureau
    : http://downloads.subratam.org/Fixwareout.exe
    # Lancer le fix : cliquer sur Next, puis Install, s’assurer que l’option Run fixit est activée puis cliquer sur Finish.
    # Il sera demandé ensuite de redémarrer l’ordinateur : redémarrer le.
    # Si le système met un peu plus de temps au démarrage, c'est normal.
    # Le contenu du rapport qui s'affichera à l'écran sera enregistré dans un fichier nommé report.txt., poste la.

    (CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    +++
    0
  16. lilangel Messages postés 21 Date d'inscription   Statut Membre
     
    Username "Mistral" - 16/04/2008 23:04:53 [Fixwareout edited 9/01/2007]

    ~~~~~ Prerun check

    Cache de résolution DNS vidé.

    System was rebooted successfully.

    ~~~~~ Postrun check
    HKLM\SOFTWARE\~\Winlogon\ "System"=""
    ....
    ....
    ~~~~~ Misc files.
    ....
    ~~~~~ Checking for older varients.
    ....

    ~~~~~ Current runs (hklm hkcu "run" Keys Only)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    "TpShocks"="TpShocks.exe"
    "TP4EX"="tp4ex.exe"
    "PWRMGRTR"="rundll32 C:\\PROGRA~1\\ThinkPad\\UTILIT~1\\PWRMGRTR.DLL,PwrMgrBkGndMonitor"
    "BLOG"="rundll32 C:\\PROGRA~1\\ThinkPad\\UTILIT~1\\BatLogEx.DLL,StartBattLog"
    "ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
    "AVG8_TRAY"="C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe"
    "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
    "DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
    ....
    Hosts file was reset, If you use a custom hosts file please replace it...
    ~~~~~ End report ~~~~~
    0
  17. Utilisateur anonyme
     
    Reposte un rapport Hijackthis stp.

    ++
    0
  18. lilangel Messages postés 21 Date d'inscription   Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:26:55, on 16/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\Fichiers communs\Virtual Token\vtserver.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\IPSSVC.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
    C:\WINDOWS\System32\TPHDEXLG.EXE
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
    C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
    C:\WINDOWS\system32\UStorSrv.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
    C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\TpShocks.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Trend Micro\HijackThis\HJT.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
    O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
    O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Mise à jour de logiciels ThinkPad - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [JAVA_IBM] Java (IBM)
    O12 - Plugin for .mu3: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
    O12 - Plugin for .mus: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
    O12 - Plugin for .mut: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
    O12 - Plugin for .myr: C:\Program Files\Internet Explorer\Plugins\NPMyrMus.dll
    O15 - Trusted Zone: http://a248.e.akamai.net
    O15 - Trusted Zone: http://*.bitdefender.com
    O15 - Trusted Zone: http://ssl-hints.netflame.cc
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{36480FE8-4CA6-46A8-8C1F-911374E6A7FA}: NameServer = 192.168.1.1,192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{85CF80E0-6F20-4649-BD89-E4D0280D98B8}: NameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\..\{984C6453-2795-4A2A-BAD9-F018B3C31D09}: NameServer = 192.168.3.1,192.168.4.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{36480FE8-4CA6-46A8-8C1F-911374E6A7FA}: NameServer = 192.168.1.1,192.168.2.1
    O17 - HKLM\System\CS3\Services\Tcpip\..\{36480FE8-4CA6-46A8-8C1F-911374E6A7FA}: NameServer = 192.168.1.1,192.168.2.1
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Service de base IPS (IPSSVC) - Lenovo Ltd. - C:\WINDOWS\system32\IPSSVC.EXE
    O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
    O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
    O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
    O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
    O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Fichiers communs\Virtual Token\vtserver.exe
    O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\WinVNC.exe (file missing)
    0
  19. Utilisateur anonyme
     
    Re ,

    Fait un choix entre Symantec Antivirus et AVG 8
    
    Désinstalle lui que tu ne veux plus.
    
    Un seul Anti-virus sur le pc.


    Alors ?

    Ps : Si tu vires AVG 8 , il faudra virer aussi ZoneAlarm.

    En attendant ta réponse fait ceci :

    *******************************

    Ta version d'Adobe n'est pas à jour , désinstalle ta version actuelle en passant par ' ajout et supréssion de programmes '

    Puis télécharge la dernière , via ce site --> https://get2.adobe.com/reader/otherversions/

    Bulletin de sécurité sur les versions Adobe 7.0.8 et antérieures :

    https://www.adobe.com/support/security/bulletins/apsb07-01.html

    ***************************

    Met à jour JAVA --> https://www.java.com/fr/download/windows_manual.jsp?locale=fr&host=www.java.com:80

    ************************

    Démarrer > executer > ' services.msc ' ,

    - Clic droit sur le service cité - VNC Server
    - propriétés
    - et dans "type de démarrage" et mets le sur « désactivé ».
    - Ensuite si le "Status du service" est sur "Démarré" faire : « arrêté »

    Tutorial : https://www.zebulon.fr/dossiers/windows/31-services.html

    Recommence avec : IBM PSA Access Driver Control (PsaSrv)

    **********************

    J'attends ;)
    0
  20. lilangel Messages postés 21 Date d'inscription   Statut Membre
     
    Re

    Le truc c'est que AVG 8.0 n'est qu'une démo donc toute façon je vais devoir la supprimer. Mais pourquoi il faudrait aussi enlever zone alarm?
    0
  21. Utilisateur anonyme
     
    Re ,

    Ok supprime AVG 8

    Ben tout simplement parce que dans la suite Symantec Anti-virus , se cache un pare-feu. ( Symantec Client Firewall )

    Et 2 pare-feu , ça le fait pas.

    Donc au final , tu désinstalles AVG 8 et ZoneAlarm.
    Et tu fais les manip que j'ai dit au dessus ;)

    ++
    0
  • 1
  • 2
  • 3
  • 4