Sujet Précédent Sujet Suivant

Infections multiples

Résolu
copilotepanizzi71 Messages postés 38 Statut Membre -  
copilotepanizzi71 Messages postés 38 Statut Membre -
Bonjour,

voici mon problème: il y a quelque temps mon pc ramait, je ne pouvait plus aller sur internet avec firefox, alors j'ai pris les choses en main pour essayer. Apparement j'ai réussi une petite partie car je peut venir à vous avec firefox mais depuis tout de suite;
Voila j'ai des alertes de avg, de avast et bitdefender pour des malware , trojans, chevaux de troie mais le plus grave c'est que avg m'as trouvé en mode sans echec des hacker ou hijacker un truc comme ca.
Le test que j'ai fait en mode sans echec a duré environ 3h et j'en avait des lignes de logiciel malveillant , trojan cheval de troie, malware ... enfin la totale!!!!
Je viens donc à vous pour savoir si quelqu'un pourrai m'aider à vérifier mon pc et en me guidant à travers les différents processus à effectuer pour nettoyer tout ca car je ne pense pas avoir tout nettoyé comme il faut. Je pense avoir fait la base du travail qui me permet de vous écrire sans trop de mal car hier il m'était tout simplement impossible de surfer; l'ordi freezai tout le temps ...

En vous remerciant d'avance pour votre aide qui me sera précieuse pour moi ainsi que pour mon pc..qui vous remercie d'avance aussi!!!!

48 réponses

Précédent
Réponse 21 / 48
copilotepanizzi71 Messages postés 38 Statut Membre
 
oui j'ai supprimé tout ce qui était coché
0
Réponse 22 / 48
copilotepanizzi71 Messages postés 38 Statut Membre
 
ca y est j'ai supprimé toute la quarantaine!!
un grand merci a vous tous
0
Réponse 23 / 48
copilotepanizzi71 Messages postés 38 Statut Membre
 
j'ai effectué toutes les démarches citées ci-dessus en sans échec et mon pc ne rame plus
maintenant il faut que refasse un check up rapide pour voir si tout est érradiqué
merci merci merci
0
Utilisateur anonyme
 
De rien je te conseille de faire une analyse en ligne:

BitDefender en ligne: http://www.bitdefender.fr/scan_fr/scan8/ie.html
Tutoriel BitDefender en ligne: http://cybersecurite.xooit.com/t201-Scan-en-ligne-BitDefender.htm

Ps: N'oublies pas de me poster le rapport. Si tu as besoin d'aide aide toi tu tutoriel.
0
Réponse 24 / 48
copilotepanizzi71 Messages postés 38 Statut Membre
 
je dois m'absenter quelques heures ma femme a accouché
je laisse faire navilog et quand je rentre env 20h je me remet sur ce dossier
encore un grand merci pour votre aide et a tout a l'heure
0
papyber Messages postés 6430 Statut Contributeur sécurité 257
 
fille ou garçon?
félicitations aux heureux parents!!

quand tu rentres tu fais ceci
Double clique sur le raccourci Navilog1 présent sur le Bureau et laisse-toi guider.
Au menu principal, choisis 2 et valide.

Le fix va t'informer qu'il va alors redémarrer ton PC
Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
Appuie sur une touche comme demandé.
(Si ton Pc ne redémarre pas automatiquement, fais-le toi-même)
Au redémarrage de ton PC, choisis ta session habituelle.

Patiente jusqu'au message :
*** Nettoyage Termine le ..... ***
Le bloc note va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver
Referme le bloc note. Ton Bureau va réapparaître

PS: Si ton Bureau ne réapparaît pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter"
Tape explorer et valide. Cela te fera apparaître ton Bureau.

ensuite tu me postes un rapport hijackt his en le renommant en "scanner.exe" par exemple, je veux vérifier que l'infection vundo est complètement éradiquée
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 48
copilotepanizzi71 Messages postés 38 Statut Membre
 
Search Navipromo version 3.5.7 commencé le 12/05/2008 à 13:59:34,35

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "david"

Mise à jour le 11.05.2008 à 18h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : FAT32

Recherche executé en mode normal

*** Recherche Programmes installés ***

*** Recherche dossiers dans "C:\WINDOWS" ***

*** Recherche dossiers dans "C:\Program Files" ***

*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Recherche dossiers dans "c:\docume~1\alluse~1\menudÉ~1\progra~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\david\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\david\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\david\menud+~1\progra~1" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\david\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

*** Recherche fichiers ***

C:\WINDOWS\pack.epk trouvé !

*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé !

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :

bbjxgezhou.dat trouvé !

* Dans "C:\Documents and Settings\david\locals~1\applic~1" :

* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :

3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

*** Analyse terminée le 12/05/2008 à 14:01:36,39 ***
0
Utilisateur anonyme
 
puis Navilog1 tu fais l'option 2

Déconnecte toi du net et désactive ton antivirus et antispyware résident pour que Navilog1 puisse s'exécuter normalement

Double clique sur le raccourci Navilog1 présent sur ton Bureau.

Au menu principal, Fais le choix 2
Laisse toi guider et patiente.
Le fix va t'informer qu'il va alors redémarrer ton PC
Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
Appuie sur une touche comme demandé.
(si ton PC ne redémarre pas automatiquement, fais le toi même)
Au redémarrage de ton PC, choisis ta session habituelle si nécessaire.
Patiente jusqu'au message :
*** Nettoyage Termine le ..... ***
Le bloc note va s'ouvrir.
Sauvegarde le rapport sur ton Bureau de manière à le retrouver.
Referme le bloc note. Ton Bureau va réapparaître

PS:Si ton Bureau ne réapparaît pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Cliques en haut à gauche sur fichiers et choisis "exécuter"
Tapes explorer et valides. Cela te fera apparaître ton Bureau
0
Réponse 26 / 48
copilotepanizzi71 Messages postés 38 Statut Membre
 
Clean Navipromo version 3.5.7 commencé le 12/05/2008 à 23:48:39,46

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "david"

Mise à jour le 11.05.2008 à 18h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : FAT32

Mode suppression automatique
avec prise en charge résultats Catchme et GNS

Nettoyage executé en mode sans échec

*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *

* Suppression dans "C:\Documents and Settings\david\locals~1\applic~1" *

* Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

*** Suppression dossiers dans "C:\WINDOWS" ***

*** Suppression dossiers dans "C:\Program Files" ***

*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Suppression dossiers dans "c:\docume~1\alluse~1\menudÉ~1\progra~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\david\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\david\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\david\menud+~1\progra~1" ***

*** Suppression fichiers ***

C:\WINDOWS\pack.epk supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\david\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :

* Dans "C:\WINDOWS\system32" *

bbjxgezhou.dat trouvé !
Copie bbjxgezhou.dat réalisée avec succès !
bbjxgezhou.dat supprimé !

* Dans "C:\Documents and Settings\david\locals~1\applic~1" *

* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltdt absent !

*** Nettoyage terminé le 12/05/2008 à 23:50:08,56 ***
0
Réponse 27 / 48
copilotepanizzi71 Messages postés 38 Statut Membre
 
voici un nouveau hijackthis après le nettoyage navilog:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:58:11, on 12/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Lexmark Fax Solutions\fm3032.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\WANADOO\TaskBarIcon.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: adzgalore - {dbde6a34-c7fb-0b7b-2516-970347affaa2} - C:\WINDOWS\system32\nsh33A.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [{87701b23-df6a-4fb7-9bc3-f26c6f072cc6}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{77e34c9a-26d5-913c-52b2-98deb79def6e}.dll" DllInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2474533037-2691548948-268989189-1005\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-2474533037-2691548948-268989189-1005\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe (User '?')
O4 - HKUS\S-1-5-21-2474533037-2691548948-268989189-1005\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-2474533037-2691548948-268989189-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5291/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{55C38B0C-E009-4E78-87C4-865C2741EB49}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Microtech DNS client - Microtech - C:\Program Files\MDNS Client\MDNSclient.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
0
Réponse 28 / 48
copilotepanizzi71 Messages postés 38 Statut Membre
 
voila il est un peu tard mais j'ai fais ce que vous m'avez dit
en attente...
0
Réponse 29 / 48
copilotepanizzi71 Messages postés 38 Statut Membre
 
et un hijackthis après bfu
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:05:36, on 13/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Lexmark Fax Solutions\fm3032.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\WANADOO\TaskBarIcon.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: adzgalore - {dbde6a34-c7fb-0b7b-2516-970347affaa2} - C:\WINDOWS\system32\nsh33A.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [{87701b23-df6a-4fb7-9bc3-f26c6f072cc6}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{77e34c9a-26d5-913c-52b2-98deb79def6e}.dll" DllInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2474533037-2691548948-268989189-1005\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-2474533037-2691548948-268989189-1005\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe (User '?')
O4 - HKUS\S-1-5-21-2474533037-2691548948-268989189-1005\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-2474533037-2691548948-268989189-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5291/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{55C38B0C-E009-4E78-87C4-865C2741EB49}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Microtech DNS client - Microtech - C:\Program Files\MDNS Client\MDNSclient.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
0
Réponse 30 / 48
copilotepanizzi71 Messages postés 38 Statut Membre
 
voila j'attend votre rapport après ces executions
merci!!
0
Utilisateur anonyme
 
PS:Je reviens vers 17h
0
Réponse 31 / 48
copilotepanizzi71 Messages postés 38 Statut Membre
 
re bonjour a tous
merci pour vos félicitations c'est un beau garcon!!! je suis très heureux,
Voila j'ai déja effectué une analyse antivir mais en mode sans echec il n'y a que comme ca que ca fonctionne apparement!
sinon ok je vais essayer btfix de suite et je poste mon rapport
0
Réponse 32 / 48
copilotepanizzi71 Messages postés 38 Statut Membre
 
voici le rapport btfix
BTFix 1.098 (par bibi26) - 13/05/2008 20:08:51 - Analyse
Lancé depuis C:\Documents and Settings\david\Bureau\BTFix\BTFix.exe

---> Fichiers/Dossiers trouvés

- C:\WINDOWS\system32\cpmsky-uninst.exe
- C:\WINDOWS\system32\WhoisCL.exe

---> Analyse terminée le 13/05/2008 20:08:52
0
Réponse 33 / 48
copilotepanizzi71 Messages postés 38 Statut Membre
 
et après nettoyage
BTFix 1.098 (par bibi26) - 13/05/2008 20:10:27 - Nettoyage - Mode normal
Lancé depuis C:\Documents and Settings\david\Bureau\BTFix\BTFix.exe

---> Fichiers/dossiers supprimés (Première passe)

- Fichiers temporaires effacés
- C:\WINDOWS\system32\cpmsky-uninst.exe
- C:\WINDOWS\system32\WhoisCL.exe

---> Nettoyage terminé le 13/05/2008 20:10:30
0
Réponse 34 / 48
copilotepanizzi71 Messages postés 38 Statut Membre
 
Avira AntiVir Personal
Report file date: lundi 12 mai 2008 12:24

Scanning for 1260844 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: david
Computer name: PROPRI-T953BYFZ

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:58
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:38
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:24
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:42
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 05/05/2008 10:09:58
ANTIVIR3.VDF : 7.0.4.25 125952 Bytes 11/05/2008 10:09:58
Engineversion : 8.1.0.42
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:22
AESCRIPT.DLL : 8.1.0.31 262522 Bytes 12/05/2008 10:10:10
AESCN.DLL : 8.1.0.16 119156 Bytes 12/05/2008 10:10:08
AERDL.DLL : 8.1.0.20 418165 Bytes 12/05/2008 10:10:08
AEPACK.DLL : 8.1.1.4 364918 Bytes 12/05/2008 10:10:08
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 12/05/2008 10:10:06
AEHEUR.DLL : 8.1.0.26 1237366 Bytes 12/05/2008 10:10:06
AEHELP.DLL : 8.1.0.14 115063 Bytes 12/05/2008 10:10:02
AEGEN.DLL : 8.1.0.20 299380 Bytes 12/05/2008 10:10:02
AEEMU.DLL : 8.1.0.6 430451 Bytes 12/05/2008 10:10:00
AECORE.DLL : 8.1.0.28 168310 Bytes 12/05/2008 10:10:00
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:54
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:52
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:48
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:50
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:24
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:32
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:04
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:12
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:26
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:12

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: lundi 12 mai 2008 12:24

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avnotify.exe' - '1' Module(s) have been scanned
Scan process 'mbam.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
15 processes with 15 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '39' files ).

Starting the file scan:

Begin scan in 'C:\' <FCM74F4>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\david\Local Settings\Temp\tem2AF.tmp.exe
[DETECTION] Contains detection pattern of the dropper DR/Agent.ahl.2
[NOTE] The file was deleted!
C:\Documents and Settings\david\Local Settings\Temp\mit2B6.tmp.cab
[0] Archive type: CAB (Microsoft)
--> MirarSetup_V54_876933_IESC_AFF_ATD_noMDNS_RPT_RPSVC.exe
[DETECTION] Is the Trojan horse TR/Mirar.A
[NOTE] The file was deleted!
C:\Documents and Settings\david\Local Settings\Temp\mit2B6.tmp
[0] Archive type: CAB (Microsoft)
--> MirarSetup_V54_876933_IESC_AFF_ATD_noMDNS_RPT_RPSVC.exe
[DETECTION] Is the Trojan horse TR/Mirar.A
[NOTE] The file was deleted!
C:\Documents and Settings\david\Local Settings\Temp\upd2C6.tmp.exe
[DETECTION] Contains detection pattern of the dropper DR/Agent.ahl.2
[NOTE] The file was deleted!
C:\Program Files\Softwin\BitDefender Professional Edition\Infected\RFactor-RELOADED-www-torrentfive-com-Crack.exe
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the dropper DR/TTC.E
--> Object
[DETECTION] Contains detection pattern of the dropper DR/Agent.buu
[NOTE] The file was deleted!
C:\Program Files\Panda Security\ActiveScan 2.0\pskavs.dll
[DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
[NOTE] The file was deleted!
C:\System Volume Information\_restore{D7DD992C-0DED-4EFF-880A-37F32DCCA1E9}\RP184\A0074998.exe
[DETECTION] Contains detection pattern of the worm WORM/Fontra.C
[NOTE] The file was deleted!
C:\System Volume Information\_restore{D7DD992C-0DED-4EFF-880A-37F32DCCA1E9}\RP184\A0074999.exe
[DETECTION] Is the Trojan horse TR/Dldr.VB.dck
[NOTE] The file was deleted!
C:\System Volume Information\_restore{D7DD992C-0DED-4EFF-880A-37F32DCCA1E9}\RP186\A0076261.exe
[DETECTION] Is the Trojan horse TR/Mirar.A
[NOTE] The file was deleted!
C:\System Volume Information\_restore{D7DD992C-0DED-4EFF-880A-37F32DCCA1E9}\RP186\A0076262.exe
[DETECTION] Is the Trojan horse TR/Mirar.A
[NOTE] The file was deleted!
C:\System Volume Information\_restore{D7DD992C-0DED-4EFF-880A-37F32DCCA1E9}\RP186\A0076284.exe
[DETECTION] Contains detection pattern of the dropper DR/NaviPromo.AO.28
[NOTE] The file was deleted!
C:\System Volume Information\_restore{D7DD992C-0DED-4EFF-880A-37F32DCCA1E9}\RP193\A0080641.dll
[DETECTION] Contains suspicious code HEUR/Crypted
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '485827de.qua'!
C:\System Volume Information\_restore{D7DD992C-0DED-4EFF-880A-37F32DCCA1E9}\RP193\A0080643.dll
[DETECTION] Is the Trojan horse TR/Downloader.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{D7DD992C-0DED-4EFF-880A-37F32DCCA1E9}\RP198\A0081951.dll
[DETECTION] Is the Trojan horse TR/BHO.bqz
[NOTE] The file was deleted!
C:\System Volume Information\_restore{D7DD992C-0DED-4EFF-880A-37F32DCCA1E9}\RP198\A0081960.exe
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the dropper DR/TTC.E
--> Object
[DETECTION] Contains detection pattern of the dropper DR/Agent.buu
[NOTE] The file was deleted!
C:\System Volume Information\_restore{D7DD992C-0DED-4EFF-880A-37F32DCCA1E9}\RP198\A0081961.dll
[DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
[NOTE] The file was deleted!
C:\FOUND.042\FILE0018.CHK
[DETECTION] Contains suspicious code HEUR/Crypted
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48742827.qua'!

End of the scan: lundi 12 mai 2008 13:22
Used time: 57:36 min

The scan has been done completely.

6803 Scanning directories
305601 Files were scanned
17 viruses and/or unwanted programs were found
2 Files were classified as suspicious:
15 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
305584 Files not concerned
7104 Archives were scanned
1 Warnings
17 Notes

Avira AntiVir Personal
Report file date: lundi 12 mai 2008 12:22

Scanning for 1260844 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: david
Computer name: PROPRI-T953BYFZ

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:58
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:38
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:24
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:42
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 05/05/2008 10:09:58
ANTIVIR3.VDF : 7.0.4.25 125952 Bytes 11/05/2008 10:09:58
Engineversion : 8.1.0.42
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:22
AESCRIPT.DLL : 8.1.0.31 262522 Bytes 12/05/2008 10:10:10
AESCN.DLL : 8.1.0.16 119156 Bytes 12/05/2008 10:10:08
AERDL.DLL : 8.1.0.20 418165 Bytes 12/05/2008 10:10:08
AEPACK.DLL : 8.1.1.4 364918 Bytes 12/05/2008 10:10:08
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 12/05/2008 10:10:06
AEHEUR.DLL : 8.1.0.26 1237366 Bytes 12/05/2008 10:10:06
AEHELP.DLL : 8.1.0.14 115063 Bytes 12/05/2008 10:10:02
AEGEN.DLL : 8.1.0.20 299380 Bytes 12/05/2008 10:10:02
AEEMU.DLL : 8.1.0.6 430451 Bytes 12/05/2008 10:10:00
AECORE.DLL : 8.1.0.28 168310 Bytes 12/05/2008 10:10:00
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:54
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:52
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:48
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:50
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:24
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:32
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:04
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:12
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:26
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:12

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: lundi 12 mai 2008 12:22

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'mbam.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
13 processes with 13 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '39' files ).

Starting the file scan:

Begin scan in 'C:\' <FCM74F4>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\nsf235.dll
[DETECTION] Is the Trojan horse TR/BHO.bqz
[NOTE] The file was moved to '488e1b0c.qua'!

End of the scan: lundi 12 mai 2008 12:23
Used time: 01:03 min

The scan has been canceled!

3 Scanning directories
1881 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
1880 Files not concerned
2 Archives were scanned
1 Warnings
1 Notes

Avira AntiVir Personal
Report file date: lundi 12 mai 2008 13:31

Scanning for 1260844 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: david
Computer name: PROPRI-T953BYFZ

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:58
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:38
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:24
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:42
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 05/05/2008 10:09:58
ANTIVIR3.VDF : 7.0.4.25 125952 Bytes 11/05/2008 10:09:58
Engineversion : 8.1.0.42
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:22
AESCRIPT.DLL : 8.1.0.31 262522 Bytes 12/05/2008 10:10:10
AESCN.DLL : 8.1.0.16 119156 Bytes 12/05/2008 10:10:08
AERDL.DLL : 8.1.0.20 418165 Bytes 12/05/2008 10:10:08
AEPACK.DLL : 8.1.1.4 364918 Bytes 12/05/2008 10:10:08
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 12/05/2008 10:10:06
AEHEUR.DLL : 8.1.0.26 1237366 Bytes 12/05/2008 10:10:06
AEHELP.DLL : 8.1.0.14 115063 Bytes 12/05/2008 10:10:02
AEGEN.DLL : 8.1.0.20 299380 Bytes 12/05/2008 10:10:02
AEEMU.DLL : 8.1.0.6 430451 Bytes 12/05/2008 10:10:00
AECORE.DLL : 8.1.0.28 168310 Bytes 12/05/2008 10:10:00
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:54
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:52
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:48
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:50
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:24
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:32
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:04
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:12
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:26
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:12

Configuration settings for the scan:
Jobname..........................: ShlExt
Configuration file...............: C:\DOCUME~1\david\LOCALS~1\Temp\971dd18b.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: off
Scan registry....................: off
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: lundi 12 mai 2008 13:31

Starting the file scan:

Begin scan in 'C:\Documents and Settings\david\Bureau\GenProc.zip'

End of the scan: lundi 12 mai 2008 13:31
Used time: 00:03 min

The scan has been done completely.

0 Scanning directories
61 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
0 Files cannot be scanned
61 Files not concerned
1 Archives were scanned
0 Warnings
0 Notes
0
Utilisateur anonyme
 
Supprime tous les virus de la quarantaine stp.
0
Réponse 35 / 48
papyber Messages postés 6430 Statut Contributeur sécurité 257
 
poste un nouveau rapport hijack this
0
Réponse 36 / 48
copilotepanizzi71 Messages postés 38 Statut Membre
 
ok c'est parti
0
Réponse 37 / 48
copilotepanizzi71 Messages postés 38 Statut Membre
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:46:18, on 13/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Lexmark Fax Solutions\fm3032.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\PROGRA~1\WANADOO\TaskBarIcon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: adzgalore - {dbde6a34-c7fb-0b7b-2516-970347affaa2} - C:\WINDOWS\system32\nsh33A.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [{87701b23-df6a-4fb7-9bc3-f26c6f072cc6}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{77e34c9a-26d5-913c-52b2-98deb79def6e}.dll" DllInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2474533037-2691548948-268989189-1005\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-2474533037-2691548948-268989189-1005\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe (User '?')
O4 - HKUS\S-1-5-21-2474533037-2691548948-268989189-1005\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-2474533037-2691548948-268989189-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5291/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{55C38B0C-E009-4E78-87C4-865C2741EB49}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Microtech DNS client - Microtech - C:\Program Files\MDNS Client\MDNSclient.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
0
Réponse 38 / 48
copilotepanizzi71 Messages postés 38 Statut Membre
 
ComboFix 08-05-12.1 - david 2008-05-13 22:13:35.1 - [color=red][b]FAT32[/b][/color]x86

Endroit: C:\Documents and Settings\david\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\david\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\nsh33A.dll
C:\WINDOWS\system32\nsy248.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_NWSAPAGENT
-------\Service_6to4
-------\Service_NPF
-------\Service_NwSapAgent

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-13 to 2008-05-13 ))))))))))))))))))))))))))))))))))))
.

2026-05-27 05:22 . 2007-09-09 15:15 3,120 --a------ C:\WINDOWS\MF_C421.lfa
2026-05-27 05:22 . 2007-09-09 15:15 3,120 --a------ C:\WINDOWS\MF_C420.lfa
2008-05-13 19:22 . 2008-05-13 19:22 <REP> d--hs---- C:\FOUND.000
2008-05-13 00:05 . 2008-05-13 00:05 <REP> d-------- C:\WINDOWS\system32\bfubackups
2008-05-12 13:58 . 2008-05-12 13:58 <REP> d-------- C:\Program Files\Navilog1
2008-05-12 12:08 . 2008-05-12 12:08 <REP> d-------- C:\Program Files\Avira
2008-05-12 10:02 . 2008-05-12 10:02 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-12 10:02 . 2008-05-12 10:02 <REP> d-------- C:\Documents and Settings\david\Application Data\Malwarebytes
2008-05-12 10:02 . 2008-05-12 10:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-12 10:02 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-12 10:02 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-12 10:01 . 2008-05-12 10:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-11 23:22 . 2008-05-11 23:22 <REP> d-------- C:\Program Files\AVG
2008-05-11 23:22 . 2008-05-11 23:22 <REP> d-------- C:\Documents and Settings\david\Application Data\AVGTOOLBAR
2008-05-11 20:21 . 2008-05-11 20:41 1,698 --a------ C:\logfile
2008-05-11 12:07 . 2008-05-11 12:07 <REP> d-------- C:\ConvertTemp
2008-05-11 09:43 . 2008-05-11 09:43 <REP> d-------- C:\Program Files\Panda Security
2008-05-09 22:12 . 2008-05-09 22:12 <REP> d-------- C:\Program Files\Lavasoft
2008-05-09 22:12 . 2008-05-09 22:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-08 21:32 . 2008-05-08 21:32 <REP> d-------- C:\WINDOWS\McAfee.com
2008-05-08 21:09 . 2008-05-08 21:09 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-08 20:44 . 2008-05-08 20:44 759 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-05-08 19:35 . 2008-05-08 19:35 <REP> d-------- C:\!KillBox
2008-05-06 21:35 . 2008-05-06 21:35 <REP> d-------- C:\Documents and Settings\david\Application Data\fltk.org
2008-05-06 09:04 . 2008-05-06 09:04 244 --ah----- C:\sqmnoopt03.sqm
2008-05-06 09:04 . 2008-05-06 09:04 232 --ah----- C:\sqmdata03.sqm
2008-05-03 20:14 . 2008-05-03 20:14 354,560 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-04-27 15:31 . 2008-04-27 15:31 <REP> d-------- C:\PC_Play&Learn
2008-04-27 15:25 . 2008-04-27 15:40 111,103 --a------ C:\WINDOWS\Run32A60.mch
2008-04-27 15:24 . 2008-04-27 15:24 <REP> d-------- C:\WINDOWS\A6W_DATA
2008-04-27 15:24 . 2008-04-27 15:26 35 --a------ C:\WINDOWS\A6W.INI
2008-04-21 13:10 . 2008-04-21 13:10 244 --ah----- C:\sqmnoopt02.sqm
2008-04-21 13:10 . 2008-04-21 13:10 232 --ah----- C:\sqmdata02.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-11 07:50 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-04 12:51 28,416 ----a-w C:\WINDOWS\system32\uxtuneup.dll
2008-03-23 11:05 --------- d-----w C:\Program Files\eRightSoft
2008-03-21 18:44 --------- d-sh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-21 18:44 --------- d-----w C:\Program Files\Windows Live
2008-03-21 18:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-21 07:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle VideoSpin
2008-03-21 07:38 --------- d-----w C:\Program Files\Pinnacle
2008-03-21 07:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\VideoSpin
2008-03-21 07:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-03-21 07:34 --------- d-----w C:\Program Files\AIST
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-16 19:55 --------- d-----w C:\Program Files\ATP
2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-07-22 17:10 744 ----a-w C:\Documents and Settings\david\Application Data\filterclsid.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2008-01-02 20:15 103712]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-15 20:12 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxioEngineUtility"="C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe" [2003-05-01 18:44 65536]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-07-15 12:38 319488]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2004-08-24 14:26 299008]
"Lexmark 2200 Series"="C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 15:13 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"BDSwitchAgent"="C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe" [ ]
"WOOWATCH"="C:\PROGRA~1\WANADOO\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\WANADOO\GestMaj.exe" [2004-10-14 16:55 32768]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-16 15:51 7569408]
"nwiz"="nwiz.exe" [2006-04-16 15:51 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-16 15:51 86016]
"Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2007-09-25 15:03 93208]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"{87701b23-df6a-4fb7-9bc3-f26c6f072cc6}"="C:\WINDOWS\system32\{77e34c9a-26d5-913c-52b2-98deb79def6e}.dll" [ ]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.dvsd"= dvc.dll
"VIDC.IV41"= ir41_32.dll
"msacm.avis"= ff_acm.acm
"vidc.yv12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\System32\\lexpps.exe"=
"C:\\Program Files\\SecondLife\\SecondLife.exe"=
"C:\\WINDOWS\\System32\\dpnsvr.exe"=
"C:\\Program Files\\Wanadoo\\WOOBrowser\\WOOBrowser.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R1 cpuidlep;CpuIdle Pro System Driver;C:\WINDOWS\system32\drivers\cpuidlep.sys [2007-08-06 14:47]
R3 PAC207;VideoCAM GF112;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-08 10:46]
S2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-20 01:10]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-03-17 13:41]
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-12-20 07:00]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]
S3 Microtech DNS client;Microtech DNS client;C:\Program Files\MDNS Client\MDNSclient.exe [2002-05-21 20:09]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-03 20:14]
S3 USBModem000;LGE Mobile USB Modem TC;C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-04 08:08]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
S3 Vsp;Vsp;C:\WINDOWS\System32\drivers\Vsp.sys [2003-05-27 16:45]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-13 19:58:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
0
Réponse 39 / 48
papyber Messages postés 6430 Statut Contributeur sécurité 257
 
Rappel : une fois que ComboFix est lancé, il ne faut pas cliquer dans la fenêtre de ComboFix car cela pourrait entraîner un plantage du programme.
Il est recommandé de laisser l'outil analyser et nettoyer le PC sans utiliser quoi que ce soit d'autre...
Sélectionne le texte suivant (Ctrl+A): 
Folder::
C:\Program Files\Macrogaming
File::
C:\WINDOWS\Run32A60.mch
C:\WINDOWS\system32\{77e34c9a-26d­5-913c-52b2-98deb79def6e}.dll
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "SweetIM"="
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{87701b23-df6a-4fb7-9bc3-f26c6f072cc6}"=-


Copie le texte sélectionné (CTRL+C).
Ouvre le Bloc-notes (Démarrer/Tous les programmes/Accessoires/Bloc-notes).
Colle le texte copié dans ce Bloc-notes (CTRL+V).
Sauvegarde ce fichier sur ton Bureau sous le nom de CFScript.txt (CFScript)
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
Comme l'image le montre, fait glisser CFScript.txt sur ComboFix.exe(ComboFix)
Une fenêtre à fond bleu va s'ouvrir: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Laisse ComboFix travailler
Patiente le temps de l'analyse. Le Bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le nettoyage n'est pas terminé.
Un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, tu le trouves ici, à la racine de ton Système, en principe : C:\ComboFix.txt (C:\ComboFix)
poste le rapport obtenu et un rapport hijack this
et dis moi comment se comporte le PC?
0
Réponse 40 / 48
copilotepanizzi71 Messages postés 38 Statut Membre
 
ComboFix 08-05-12.1 - david 2008-05-15 19:51:26.2 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.476 [GMT 2:00]
Endroit: C:\Documents and Settings\david\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\david\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\WINDOWS\Run32A60.mch
C:\WINDOWS\system32\{77e34c9a-26d­5-913c-52b2-98deb79def6e}.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Macrogaming
C:\Program Files\Macrogaming\SweetIM\conf\adapter.xml
C:\Program Files\Macrogaming\SweetIM\conf\autoupdate.xml
C:\Program Files\Macrogaming\SweetIM\conf\logger.xml
C:\Program Files\Macrogaming\SweetIM\conf\messages.xml
C:\Program Files\Macrogaming\SweetIM\conf\sweetim.xml
C:\Program Files\Macrogaming\SweetIM\conf\sweetimapp.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\lydie.savina@orange.fr\emoticons_shortcut.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\lydie.savina@orange.fr\lastuse_Audibles.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\lydie.savina@orange.fr\lastuse_Emoticons.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\lydie.savina@orange.fr\lastuse_SoundFX.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\lydie.savina@orange.fr\lastuse_SpecialFX.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\lydie.savina@orange.fr\lastuse_Winks.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\lydie.savina@orange.fr\user_config.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\main_user_config.xml
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100AC.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100C5.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100C6.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100CA.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100CB.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100CC.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100D1.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100D3.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100D5.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100DA.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100E8.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100FA.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100FD.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010100.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010104.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010105.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010106.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001010A.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001010C.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010119.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001011A.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010816.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010819.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001081A.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001081B.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001081C.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010842.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010850.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010856.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010857.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010859.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001085D.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010861.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010867.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010868.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001086E.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001088C.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001088D.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001088E.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001088F.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010890.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010891.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010892.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010893.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010894.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010896.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010897.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010898.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001089A.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001089B.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001089D.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A0.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A4.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A5.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A8.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108A9.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108AA.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108AB.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108AD.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108AE.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108B7.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108BE.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108C0.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108C2.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108C4.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108C5.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108C6.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108C8.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108CC.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108D1.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000108E8.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020059.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020062.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006A.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006C.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006E.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020071.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020073.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020075.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020076.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020077.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020079.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002007D.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020080.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200A3.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200C0.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020111.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020114.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020119.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020132.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002013F.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020144.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020146.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020147.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020148.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020157.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020158.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020160.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020166.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020177.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020185.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002018E.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000201A0.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000201A9.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000201AC.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000201AD.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000201AE.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000201B0.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000201C7.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000201CD.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000201D6.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000201DC.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000201E4.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000201E5.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000201EF.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000201F8.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002020D.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003002D.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003002E.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030033.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003003B.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030045.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003004A.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003004B.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003005D.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003005F.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030065.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030066.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0003006C.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004001F.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040022.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040028.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004005A.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004005C.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040063.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040066.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040067.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040069.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004006B.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004006E.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040083.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000400A3.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000400B7.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000400C3.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000400D9.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00050004.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00050005.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0006007D.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00060137.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0008000B.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0008000C.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00080016.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\010108A7.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\01030046.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\01030047.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\01050001.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\01050002.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\01050007.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\cache_indx.dat
C:\Program Files\Macrogaming\SweetIM\default.xml
C:\Program Files\Macrogaming\SweetIM\mgAdaptersProxy.dll
C:\Program Files\Macrogaming\SweetIM\mgAIMAuto.dll
C:\Program Files\Macrogaming\SweetIM\mgAIMMessengerAdapter.dll
C:\Program Files\Macrogaming\SweetIM\mgArchive.dll
C:\Program Files\Macrogaming\SweetIM\mgcommon.dll
C:\Program Files\Macrogaming\SweetIM\mgcommunication.dll
C:\Program Files\Macrogaming\SweetIM\mgconfig.dll
C:\Program Files\Macrogaming\SweetIM\mgFlashPlayer.dll
C:\Program Files\Macrogaming\SweetIM\mghooking.dll
C:\Program Files\Macrogaming\SweetIM\mgIEPlayer.dll
C:\Program Files\Macrogaming\SweetIM\mglogger.dll
C:\Program Files\Macrogaming\SweetIM\mgMediaPlayer.dll
C:\Program Files\Macrogaming\SweetIM\mgMsnAuto.dll
C:\Program Files\Macrogaming\SweetIM\mgMsnMessengerAdapter.dll
C:\Program Files\Macrogaming\SweetIM\mgSweetIM.dll
C:\Program Files\Macrogaming\SweetIM\mgUpdateSupport.dll
C:\Program Files\Macrogaming\SweetIM\mgxml_wrapper.dll
C:\Program Files\Macrogaming\SweetIM\mgYahooAuto.dll
C:\Program Files\Macrogaming\SweetIM\mgYahooMessengerAdapter.dll
C:\Program Files\Macrogaming\SweetIM\msvcp71.dll
C:\Program Files\Macrogaming\SweetIM\msvcr71.dll
C:\Program Files\Macrogaming\SweetIM\resources\images\AudibleButton.png
C:\Program Files\Macrogaming\SweetIM\resources\images\DisplayPicturesButton.png
C:\Program Files\Macrogaming\SweetIM\resources\images\EmoticonButton.png
C:\Program Files\Macrogaming\SweetIM\resources\images\NudgeButton.png
C:\Program Files\Macrogaming\SweetIM\resources\images\SoundFxButton.png
C:\Program Files\Macrogaming\SweetIM\resources\images\WinksButton.png
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Macrogaming\SweetIMBarForIE\affid.dat
C:\Program Files\Macrogaming\SweetIMBarForIE\basis.xml
C:\Program Files\Macrogaming\SweetIMBarForIE\Bookmarks_23x18.bmp
C:\Program Files\Macrogaming\SweetIMBarForIE\Cache\cd2005c66fba47ff715ecc444d3bc1fb.xml
C:\Program Files\Macrogaming\SweetIMBarForIE\Email_23x18.bmp
C:\Program Files\Macrogaming\SweetIMBarForIE\Games_23x18.bmp
C:\Program Files\Macrogaming\SweetIMBarForIE\Greetingcards_23x18.bmp
C:\Program Files\Macrogaming\SweetIMBarForIE\Mobile_23x18.bmp
C:\Program Files\Macrogaming\SweetIMBarForIE\Music_23x18.bmp
C:\Program Files\Macrogaming\SweetIMBarForIE\News_23x18.bmp
C:\Program Files\Macrogaming\SweetIMBarForIE\Shoping_23x18.bmp
C:\Program Files\Macrogaming\SweetIMBarForIE\SmileySmile.bmp
C:\Program Files\Macrogaming\SweetIMBarForIE\SmileyWink.bmp
C:\Program Files\Macrogaming\SweetIMBarForIE\sweetimicons.bmp
C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.crc
C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.xml
C:\Program Files\Macrogaming\SweetIMBarForIE\version.txt
C:\WINDOWS\Run32A60.mch
.
---- Previous Run -------
.
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\nsh33A.dll
C:\WINDOWS\system32\nsy248.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_NWSAPAGENT
-------\Service_6to4
-------\Service_NPF
-------\Service_NwSapAgent

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-15 to 2008-05-15 ))))))))))))))))))))))))))))))))))))
.

2026-05-27 05:22 . 2007-09-09 15:15 3,120 --a------ C:\WINDOWS\MF_C421.lfa
2026-05-27 05:22 . 2007-09-09 15:15 3,120 --a------ C:\WINDOWS\MF_C420.lfa
2008-05-15 11:57 . 2008-05-15 11:57 <REP> d--hs---- C:\FOUND.001
2008-05-13 19:22 . 2008-05-13 19:22 <REP> d--hs---- C:\FOUND.000
2008-05-13 00:05 . 2008-05-13 00:05 <REP> d-------- C:\WINDOWS\system32\bfubackups
2008-05-12 13:58 . 2008-05-12 13:58 <REP> d-------- C:\Program Files\Navilog1
2008-05-12 12:08 . 2008-05-12 12:08 <REP> d-------- C:\Program Files\Avira
2008-05-12 10:02 . 2008-05-12 10:02 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-12 10:02 . 2008-05-12 10:02 <REP> d-------- C:\Documents and Settings\david\Application Data\Malwarebytes
2008-05-12 10:02 . 2008-05-12 10:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-12 10:02 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-12 10:02 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-12 10:01 . 2008-05-12 10:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-11 23:22 . 2008-05-11 23:22 <REP> d-------- C:\Program Files\AVG
2008-05-11 23:22 . 2008-05-11 23:22 <REP> d-------- C:\Documents and Settings\david\Application Data\AVGTOOLBAR
2008-05-11 20:21 . 2008-05-13 23:04 3,338 --a------ C:\logfile
2008-05-11 12:07 . 2008-05-11 12:07 <REP> d-------- C:\ConvertTemp
2008-05-11 09:43 . 2008-05-11 09:43 <REP> d-------- C:\Program Files\Panda Security
2008-05-09 22:12 . 2008-05-09 22:12 <REP> d-------- C:\Program Files\Lavasoft
2008-05-09 22:12 . 2008-05-09 22:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-08 21:32 . 2008-05-08 21:32 <REP> d-------- C:\WINDOWS\McAfee.com
2008-05-08 21:09 . 2008-05-08 21:09 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-08 20:44 . 2008-05-08 20:44 759 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-05-08 19:35 . 2008-05-08 19:35 <REP> d-------- C:\!KillBox
2008-05-06 21:35 . 2008-05-06 21:35 <REP> d-------- C:\Documents and Settings\david\Application Data\fltk.org
2008-05-06 09:04 . 2008-05-06 09:04 244 --ah----- C:\sqmnoopt03.sqm
2008-05-06 09:04 . 2008-05-06 09:04 232 --ah----- C:\sqmdata03.sqm
2008-05-03 20:14 . 2008-05-03 20:14 354,560 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-04-27 15:31 . 2008-04-27 15:31 <REP> d-------- C:\PC_Play&Learn
2008-04-27 15:24 . 2008-04-27 15:24 <REP> d-------- C:\WINDOWS\A6W_DATA
2008-04-27 15:24 . 2008-04-27 15:26 35 --a------ C:\WINDOWS\A6W.INI
2008-04-21 13:10 . 2008-04-21 13:10 244 --ah----- C:\sqmnoopt02.sqm
2008-04-21 13:10 . 2008-04-21 13:10 232 --ah----- C:\sqmdata02.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-11 07:50 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-04 12:51 28,416 ----a-w C:\WINDOWS\system32\uxtuneup.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 194,144 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-23 11:05 --------- d-----w C:\Program Files\eRightSoft
2008-03-21 18:44 --------- d-sh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-21 18:44 --------- d-----w C:\Program Files\Windows Live
2008-03-21 18:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-21 07:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle VideoSpin
2008-03-21 07:38 --------- d-----w C:\Program Files\Pinnacle
2008-03-21 07:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\VideoSpin
2008-03-21 07:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-03-21 07:34 --------- d-----w C:\Program Files\AIST
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-16 19:55 --------- d-----w C:\Program Files\ATP
2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-07-22 17:10 744 ----a-w C:\Documents and Settings\david\Application Data\filterclsid.dat
.

((((((((((((((((((((((((((((( snapshot@2008-05-13_22.19.00.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-13 20:16:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-15 17:54:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-03-25 04:50:26 554,008 ------w C:\WINDOWS\system32\dllcache\dao360.dll
+ 2008-03-25 04:50:28 518,944 ------w C:\WINDOWS\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:30 326,432 ------w C:\WINDOWS\system32\dllcache\msexcl40.dll
+ 2008-03-25 04:50:34 1,516,568 ------w C:\WINDOWS\system32\dllcache\msjet40.dll
- 2004-03-01 18:52:16 358,976 ----a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-25 04:50:42 60,192 ------w C:\WINDOWS\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 248,608 ------w C:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:44 219,936 ------w C:\WINDOWS\system32\dllcache\msltus40.dll
+ 2008-03-25 04:50:46 355,104 ------w C:\WINDOWS\system32\dllcache\mspbde40.dll
+ 2008-03-25 04:50:48 432,928 ------w C:\WINDOWS\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:50 322,336 ------w C:\WINDOWS\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:52 559,904 ------w C:\WINDOWS\system32\dllcache\msrepl40.dll
+ 2008-03-25 04:50:56 264,992 ------w C:\WINDOWS\system32\dllcache\mstext40.dll
+ 2008-03-25 04:50:58 838,432 ------w C:\WINDOWS\system32\dllcache\mswdat10.dll
+ 2008-03-25 04:50:58 355,104 ------w C:\WINDOWS\system32\dllcache\msxbde40.dll
- 2004-08-19 23:09:34 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll
- 2004-08-19 23:09:34 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll
- 2004-08-19 23:09:34 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll
- 2004-03-01 18:52:16 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
- 2004-08-19 23:09:34 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll
- 2004-08-19 23:09:34 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll
- 2004-08-19 23:09:34 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
- 2004-08-19 23:09:34 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll
+ 2008-03-25 04:50:46 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll
- 2004-08-19 23:09:34 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll
+ 2008-03-25 04:50:48 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll
- 2004-08-19 23:09:34 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll
+ 2008-03-25 04:50:50 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll
- 2004-08-19 23:09:34 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll
- 2004-08-19 23:09:34 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll
+ 2008-03-25 04:50:56 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll
- 2004-08-19 23:09:34 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll
+ 2008-03-25 04:50:58 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll
- 2004-08-19 23:09:34 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-15 20:12 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxioEngineUtility"="C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe" [2003-05-01 18:44 65536]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-07-15 12:38 319488]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2004-08-24 14:26 299008]
"Lexmark 2200 Series"="C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 15:13 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"BDSwitchAgent"="C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe" [ ]
"WOOWATCH"="C:\PROGRA~1\WANADOO\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\WANADOO\GestMaj.exe" [2004-10-14 16:55 32768]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-16 15:51 7569408]
"nwiz"="nwiz.exe" [2006-04-16 15:51 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-16 15:51 86016]
"Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2007-09-25 15:03 93208]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.dvsd"= dvc.dll
"VIDC.IV41"= ir41_32.dll
"msacm.avis"= ff_acm.acm
"vidc.yv12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\System32\\lexpps.exe"=
"C:\\Program Files\\SecondLife\\SecondLife.exe"=
"C:\\WINDOWS\\System32\\dpnsvr.exe"=
"C:\\Program Files\\Wanadoo\\WOOBrowser\\WOOBrowser.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R1 cpuidlep;CpuIdle Pro System Driver;C:\WINDOWS\system32\drivers\cpuidlep.sys [2007-08-06 14:47]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-12-20 07:00]
R3 PAC207;VideoCAM GF112;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-08 10:46]
S2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-20 01:10]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-03-17 13:41]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]
S3 Microtech DNS client;Microtech DNS client;C:\Program Files\MDNS Client\MDNSclient.exe [2002-05-21 20:09]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-03 20:14]
S3 USBModem000;LGE Mobile USB Modem TC;C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-04 08:08]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
S3 Vsp;Vsp;C:\WINDOWS\System32\drivers\Vsp.sys [2003-05-27 16:45]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-15 17:58:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:00, on 2008-05-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Lexmark Fax Solutions\fm3032.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\WANADOO\TaskBarIcon.exe
C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5291/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{55C38B0C-E009-4E78-87C4-865C2741EB49}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Microtech DNS client - Microtech - C:\Program Files\MDNS Client\MDNSclient.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
0

Discussions similaires

Comment associer 1 produit sur plusieurs EAN dans Prestashop?
pinetclaude409 -
dallemarre2 -

1 réponse
Prestashop pack à choix multiples
plop78 -
Ndkdesign -

11 réponses
prestashop ne veut pas marcher
ComradeCat -
CCMBot -

1 réponse
Prestashop : Produits phares non visibles
douloulup -
123 -

13 réponses
Paris multiple : explications de 2/3, 3/4, 2/4, 2/5, etc.
florent.c -
Aide -

85 réponses