Win32:Vundo@dll [Trj] - Page 5

Résolu
Précédent
  • 1
  • 2
  • 3
  • 4
  • 5
  1. dg-remix93 Messages postés 67 Date d'inscription   Statut Membre
     
    Tien le rapport de combofix

    ComboFix 08-06-01.6 - Arnaud 2008-06-02 17:50:13.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.359 [GMT 2:00]
    Endroit: C:\Documents and Settings\Arnaud\Bureau\ComboFix.exe

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-05-02 to 2008-06-02 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-02 17:42 . 2008-06-02 17:43 <REP> d-------- C:\nono
    2008-06-02 06:04 . 2008-06-02 06:04 <REP> d-------- C:\Documents and Settings\Titi\Application Data\Grisoft
    2008-06-02 01:24 . 2008-06-02 01:24 <REP> d-------- C:\Program Files\Sun
    2008-06-02 01:04 . 2008-06-02 01:04 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\Grisoft
    2008-06-02 01:04 . 2008-06-02 01:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-06-02 01:04 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-06-02 00:58 . 2008-06-02 01:00 <REP> d-------- C:\Program Files\RegCleaner
    2008-06-02 00:24 . 2008-06-02 00:24 <REP> d-------- C:\_OTMoveIt
    2008-06-01 23:45 . 2008-06-01 23:45 20,494,878 --a------ C:\upload_moi_SAIDI.tar.gz
    2008-05-30 19:50 . 2008-05-30 19:55 354 ---hs---- C:\WINDOWS\system32\fruwvslv.ini
    2008-05-30 18:14 . 2008-06-01 19:32 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-05-30 18:14 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-05-30 18:14 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-05-30 17:51 . 2008-05-30 19:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-05-29 19:49 . 2008-05-29 19:49 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\Malwarebytes
    2008-05-29 19:49 . 2008-05-29 19:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-05-27 20:24 . 2008-05-27 20:29 <REP> d-------- C:\Program Files\Iomega
    2008-05-27 20:24 . 2008-05-27 20:24 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\Leadertech
    2008-05-17 22:39 . 2008-05-17 22:39 <REP> d-------- C:\Documents and Settings\Marion\Application Data\EPSON

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-02 15:20 --------- d-----w C:\Program Files\Trend Micro
    2008-06-02 15:11 --------- d-----w C:\Documents and Settings\Arnaud\Application Data\Skype
    2008-06-02 14:01 --------- d-----w C:\Documents and Settings\Arnaud\Application Data\skypePM
    2008-06-01 23:23 --------- d-----w C:\Program Files\Java
    2008-06-01 22:49 --------- d-----w C:\Program Files\QuickTime
    2008-06-01 22:10 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
    2008-06-01 22:10 0 ----a-w C:\WINDOWS\system32\drivers\logiflt.iad
    2008-05-30 14:29 --------- d-----w C:\Program Files\VideoLAN
    2008-05-29 14:51 --------- d-----w C:\Program Files\eMule
    2008-05-22 07:55 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-05-22 07:53 --------- d-----w C:\Documents and Settings\Arnaud\Application Data\AdobeUM
    2008-05-17 16:39 --------- d-----w C:\Program Files\FinePixViewer
    2008-05-15 07:22 800 -c--a-w C:\Documents and Settings\Marion\Application Data\wklnhst.dat
    2008-05-01 11:40 --------- d-----w C:\Program Files\pspvideo9
    2008-05-01 11:40 --------- d-----w C:\Program Files\AviSynth 2.5
    2008-04-13 12:46 --------- d-----w C:\Program Files\Fichiers communs\ProtectionAssuree
    2008-04-13 12:25 101,163 ----a-w C:\Documents and Settings\Arnaud\yqstdt.exe
    2008-04-13 12:25 101,163 ----a-w C:\Documents and Settings\Arnaud\yblwmf.exe
    2008-04-13 12:25 101,163 ----a-w C:\Documents and Settings\Arnaud\rbaxhg.exe
    2008-04-12 07:49 --------- d-----w C:\Program Files\DivX
    2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
    2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
    2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
    2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
    2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2008-03-21 20:30 200,704 -c--a-w C:\WINDOWS\system32\ssldivx.dll
    2008-03-21 20:30 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll
    2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2008-03-21 20:28 593,920 -c--a-w C:\WINDOWS\system32\dpuGUI11.dll
    2008-03-21 20:28 57,344 -c--a-w C:\WINDOWS\system32\dpv11.dll
    2008-03-21 20:28 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
    2008-03-21 20:28 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll
    2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu11.dll
    2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
    2008-03-21 20:28 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll
    2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-01-17 04:53 26,992 -c--a-w C:\Documents and Settings\Titi\Application Data\GDIPFONTCACHEV1.DAT
    2008-01-02 09:37 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2007-11-08 15:43 26,992 -c--a-w C:\Documents and Settings\Arnaud\Application Data\GDIPFONTCACHEV1.DAT
    2007-11-07 10:50 101,163 ----a-w C:\Documents and Settings\Arnaud\krewhz.exe
    2007-11-07 10:50 101,163 ----a-w C:\Documents and Settings\Arnaud\kqyhur.exe
    2007-11-07 10:50 101,163 ----a-w C:\Documents and Settings\Arnaud\kpznhm.exe
    2007-11-07 10:50 101,163 ----a-w C:\Documents and Settings\Arnaud\hbsiai.exe
    2007-11-07 10:50 101,163 ----a-w C:\Documents and Settings\Arnaud\fwexzh.exe
    2007-11-07 10:50 101,163 ----a-w C:\Documents and Settings\Arnaud\fsjfdj.exe
    2007-11-07 10:50 101,163 ----a-w C:\Documents and Settings\Arnaud\fdlzea.exe
    2007-11-07 10:50 101,163 ----a-w C:\Documents and Settings\Arnaud\ensogb.exe
    2007-11-07 10:47 101,163 ----a-w C:\Documents and Settings\Arnaud\ahisrl.exe
    2007-04-30 09:44 942 -c--a-w C:\Documents and Settings\Arnaud\Application Data\wklnhst.dat
    2007-03-30 11:41 26,992 -c--a-w C:\Documents and Settings\Marion\Application Data\GDIPFONTCACHEV1.DAT
    2006-06-18 14:54 332 -c--a-w C:\Documents and Settings\Titi\Application Data\wklnhst.dat
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 06:02 68856]
    "WengoPhoneNG"="J:\Apps\PortableWengoPhone\qtwengophone.exe" [ ]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 21:21 1204224]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 21:00 15360]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]
    "EPSON Stylus DX7400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.exe" [2007-04-12 08:00 182272]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
    "SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 16:04 135168]
    "SoundMan"="SOUNDMAN.EXE" [2005-09-26 16:07 90112 C:\WINDOWS\soundman.exe]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-18 09:32 7204864]
    "nwiz"="nwiz.exe" [2005-09-18 09:32 1519616 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-09-18 09:32 86016]
    "CHotkey"="zHotkey.exe" [2004-12-08 18:57 550912 C:\WINDOWS\zHotkey.exe]
    "Reminder"="%WINDIR%\Creator\Remind_XP.exe" [ ]
    "Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
    "vmtalk"="C:\Program Files\Fichiers communs\Talkway\vmtalk.exe" [2003-07-24 17:21 61440]
    "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]
    "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16 1121792]
    "Motive SmartBridge"="C:\PROGRA~1\LECOMP~1\SMARTB~1\MotiveSB.exe" [2005-08-24 08:51 438359]
    "TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 17:52 3770024]
    "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 17:37 2178832]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 23:18 443968]

    C:\Documents and Settings\Marion\Menu D‚marrer\Programmes\D‚marrage\
    Club Internet.lnk - C:\Program Files\Club-Internet\Lanceur\lanceur.exe [2005-10-19 10:05:42 5201920]

    C:\Documents and Settings\Arnaud\Menu D‚marrer\Programmes\D‚marrage\
    Club Internet.lnk - C:\Program Files\Club-Internet\Lanceur\lanceur.exe [2005-10-19 10:05:42 5201920]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2006-05-08 14:17:09 282624]
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
    LE COMPAGNON CLUB.lnk - C:\Program Files\LE COMPAGNON CLUB\bin\matcli.exe [2006-11-07 16:52:06 217088]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-01-01 04:05:43 67128]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegedit"= 0 (0x0)
    "NoFind"= 0 (0x0)
    "NoRun"= 0 (0x0)
    "NoDesktop"= 0 (0x0)
    "NoClose"= 0 (0x0)
    "StartMenuLogOff"= 0 (0x0)
    "HideClock"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.SP54"= SP5X_32.DLL
    "VIDC.SP55"= SP5X_32.DLL
    "VIDC.SP56"= SP5X_32.DLL
    "VIDC.SP57"= SP5X_32.DLL
    "VIDC.SP58"= SP5X_32.DLL
    "vidc.i263"= C:\WINDOWS\system32\i263_32.drv

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Fichiers communs\\Talkway\\vmtalk.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "7571:UDP"= 7571:UDP:emule
    "7561:TCP"= 7561:TCP:emule
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
    S2 Ca536av;4.0M MPEG4 DV Video Capture;C:\WINDOWS\system32\Drivers\Ca536av.sys [2003-07-09 11:49]
    S3 USBCamera;4.0M MPEG4 DV Digital Camera;C:\WINDOWS\system32\Drivers\Bulk536.sys [2003-05-14 17:28]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da9ff7a6-e23c-11dc-89f7-0015581bdde6}]
    \Shell\AutoRun\command - ie.exe
    \Shell\explore\Command - ie.exe
    \Shell\open\Command - ie.exe

    *Newly Created Service* - AVG_ANTI-SPYWARE_DRIVER
    *Newly Created Service* - AVG_ANTI-SPYWARE_GUARD
    *Newly Created Service* - CATCHME
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-02 17:52:02
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-02 17:54:02
    ComboFix-quarantined-files.txt 2008-06-02 15:53:48
    ComboFix2.txt 2008-06-01 20:19:16

    Pre-Run: 135,128,653,824 octets libres
    Post-Run: 135,204,646,912 octets libres

    197 --- E O F --- 2008-05-29 01:01:44
    0
  2. Utilisateur anonyme
     
    Copie le texte ci-dessous :

    File::
    C:\Program Files\Search Settings\SearchSettings.exe
    C:\upload_moi_SAIDI.tar.gz
    C:\Documents and Settings\Arnaud\yqstdt.exe
    C:\Documents and Settings\Arnaud\yblwmf.exe
    C:\Documents and Settings\Arnaud\rbaxhg.exe
    C:\Documents and Settings\Arnaud\krewhz.exe
    C:\Documents and Settings\Arnaud\kqyhur.exe
    C:\Documents and Settings\Arnaud\kpznhm.exe
    C:\Documents and Settings\Arnaud\hbsiai.exe
    C:\Documents and Settings\Arnaud\fwexzh.exe
    C:\Documents and Settings\Arnaud\fsjfdj.exe
    C:\Documents and Settings\Arnaud\fdlzea.exe
    C:\Documents and Settings\Arnaud\ensogb.exe
    C:\Documents and Settings\Arnaud\ahisrl.exe

    Folder::
    C:\Program Files\Search Settings
    C:\_OTMoveIt

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    0
  3. dg-remix93 Messages postés 67 Date d'inscription   Statut Membre
     
    Voila en premier le scan de combofix:

    ComboFix 08-06-01.6 - Arnaud 2008-06-02 18:25:05.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.334 [GMT 2:00]
    Endroit: C:\Documents and Settings\Arnaud\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Arnaud\Bureau\CFScript.txt..txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

    FILE ::
    C:\Documents and Settings\Arnaud\ahisrl.exe
    C:\Documents and Settings\Arnaud\ensogb.exe
    C:\Documents and Settings\Arnaud\fdlzea.exe
    C:\Documents and Settings\Arnaud\fsjfdj.exe
    C:\Documents and Settings\Arnaud\fwexzh.exe
    C:\Documents and Settings\Arnaud\hbsiai.exe
    C:\Documents and Settings\Arnaud\kpznhm.exe
    C:\Documents and Settings\Arnaud\kqyhur.exe
    C:\Documents and Settings\Arnaud\krewhz.exe
    C:\Documents and Settings\Arnaud\rbaxhg.exe
    C:\Documents and Settings\Arnaud\yblwmf.exe
    C:\Documents and Settings\Arnaud\yqstdt.exe
    C:\Program Files\Search Settings\SearchSettings.exe
    C:\upload_moi_SAIDI.tar.gz
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\_OTMoveIt
    C:\_OTMoveIt\MovedFiles\[u]0[/u]6022008_002430\Program Files\Search Settings\kb125\res\ErrorPageTemplate.css
    C:\_OTMoveIt\MovedFiles\[u]0[/u]6022008_002430\Program Files\Search Settings\kb125\res\help.gif
    C:\_OTMoveIt\MovedFiles\[u]0[/u]6022008_002430\Program Files\Search Settings\kb125\res\tab_icon.png
    C:\_OTMoveIt\MovedFiles\[u]0[/u]6022008_002430\Program Files\Search Settings\kb125\res\tabdata.js
    C:\_OTMoveIt\MovedFiles\[u]0[/u]6022008_002430\Program Files\Search Settings\kb125\res\tablib.js
    C:\_OTMoveIt\MovedFiles\[u]0[/u]6022008_002430\Program Files\Search Settings\kb125\res\tabwelcome_en.html
    C:\_OTMoveIt\MovedFiles\[u]0[/u]6022008_002430\Program Files\Search Settings\kb125\res\toolbar_background.gif
    C:\_OTMoveIt\MovedFiles\[u]0[/u]6022008_002430\Program Files\Search Settings\kb125\res\yahoo_search.gif
    C:\_OTMoveIt\MovedFiles\[u]0[/u]6022008_002430\Program Files\Search Settings\kb125\SearchSettings.dll
    C:\_OTMoveIt\MovedFiles\[u]0[/u]6022008_002430\Program Files\Search Settings\SearchSettings.exe
    C:\Documents and Settings\Arnaud\ahisrl.exe
    C:\Documents and Settings\Arnaud\ensogb.exe
    C:\Documents and Settings\Arnaud\fdlzea.exe
    C:\Documents and Settings\Arnaud\fsjfdj.exe
    C:\Documents and Settings\Arnaud\fwexzh.exe
    C:\Documents and Settings\Arnaud\hbsiai.exe
    C:\Documents and Settings\Arnaud\kpznhm.exe
    C:\Documents and Settings\Arnaud\kqyhur.exe
    C:\Documents and Settings\Arnaud\krewhz.exe
    C:\Documents and Settings\Arnaud\rbaxhg.exe
    C:\Documents and Settings\Arnaud\yblwmf.exe
    C:\Documents and Settings\Arnaud\yqstdt.exe
    C:\upload_moi_SAIDI.tar.gz

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-05-02 to 2008-06-02 ))))))))))))))))))))))))))))))))))))
    .

    2008-06-02 17:42 . 2008-06-02 17:43 <REP> d-------- C:\nono
    2008-06-02 06:04 . 2008-06-02 06:04 <REP> d-------- C:\Documents and Settings\Titi\Application Data\Grisoft
    2008-06-02 01:24 . 2008-06-02 01:24 <REP> d-------- C:\Program Files\Sun
    2008-06-02 01:04 . 2008-06-02 01:04 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\Grisoft
    2008-06-02 01:04 . 2008-06-02 01:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-06-02 01:04 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-06-02 00:58 . 2008-06-02 01:00 <REP> d-------- C:\Program Files\RegCleaner
    2008-05-30 19:50 . 2008-05-30 19:55 354 ---hs---- C:\WINDOWS\system32\fruwvslv.ini
    2008-05-30 18:14 . 2008-06-01 19:32 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-05-30 18:14 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-05-30 18:14 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-05-30 17:51 . 2008-05-30 19:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-05-29 19:49 . 2008-05-29 19:49 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\Malwarebytes
    2008-05-29 19:49 . 2008-05-29 19:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-05-27 20:24 . 2008-05-27 20:29 <REP> d-------- C:\Program Files\Iomega
    2008-05-27 20:24 . 2008-05-27 20:24 <REP> d-------- C:\Documents and Settings\Arnaud\Application Data\Leadertech
    2008-05-17 22:39 . 2008-05-17 22:39 <REP> d-------- C:\Documents and Settings\Marion\Application Data\EPSON

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-02 16:14 --------- d-----w C:\Documents and Settings\Arnaud\Application Data\Skype
    2008-06-02 15:20 --------- d-----w C:\Program Files\Trend Micro
    2008-06-02 14:01 --------- d-----w C:\Documents and Settings\Arnaud\Application Data\skypePM
    2008-06-01 23:23 --------- d-----w C:\Program Files\Java
    2008-06-01 22:49 --------- d-----w C:\Program Files\QuickTime
    2008-06-01 22:10 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
    2008-06-01 22:10 0 ----a-w C:\WINDOWS\system32\drivers\logiflt.iad
    2008-05-30 14:29 --------- d-----w C:\Program Files\VideoLAN
    2008-05-29 14:51 --------- d-----w C:\Program Files\eMule
    2008-05-22 07:55 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-05-22 07:53 --------- d-----w C:\Documents and Settings\Arnaud\Application Data\AdobeUM
    2008-05-17 16:39 --------- d-----w C:\Program Files\FinePixViewer
    2008-05-15 07:22 800 -c--a-w C:\Documents and Settings\Marion\Application Data\wklnhst.dat
    2008-05-01 11:40 --------- d-----w C:\Program Files\pspvideo9
    2008-05-01 11:40 --------- d-----w C:\Program Files\AviSynth 2.5
    2008-04-13 12:46 --------- d-----w C:\Program Files\Fichiers communs\ProtectionAssuree
    2008-04-12 07:49 --------- d-----w C:\Program Files\DivX
    2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
    2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
    2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
    2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
    2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2008-03-21 20:30 200,704 -c--a-w C:\WINDOWS\system32\ssldivx.dll
    2008-03-21 20:30 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll
    2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2008-03-21 20:28 593,920 -c--a-w C:\WINDOWS\system32\dpuGUI11.dll
    2008-03-21 20:28 57,344 -c--a-w C:\WINDOWS\system32\dpv11.dll
    2008-03-21 20:28 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
    2008-03-21 20:28 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll
    2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu11.dll
    2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
    2008-03-21 20:28 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll
    2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-01-17 04:53 26,992 -c--a-w C:\Documents and Settings\Titi\Application Data\GDIPFONTCACHEV1.DAT
    2008-01-02 09:37 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2007-11-08 15:43 26,992 -c--a-w C:\Documents and Settings\Arnaud\Application Data\GDIPFONTCACHEV1.DAT
    2007-04-30 09:44 942 -c--a-w C:\Documents and Settings\Arnaud\Application Data\wklnhst.dat
    2007-03-30 11:41 26,992 -c--a-w C:\Documents and Settings\Marion\Application Data\GDIPFONTCACHEV1.DAT
    2006-06-18 14:54 332 -c--a-w C:\Documents and Settings\Titi\Application Data\wklnhst.dat
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 06:02 68856]
    "WengoPhoneNG"="J:\Apps\PortableWengoPhone\qtwengophone.exe" [ ]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 21:21 1204224]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 21:00 15360]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]
    "EPSON Stylus DX7400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.exe" [2007-04-12 08:00 182272]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
    "SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 16:04 135168]
    "SoundMan"="SOUNDMAN.EXE" [2005-09-26 16:07 90112 C:\WINDOWS\soundman.exe]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-18 09:32 7204864]
    "nwiz"="nwiz.exe" [2005-09-18 09:32 1519616 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-09-18 09:32 86016]
    "CHotkey"="zHotkey.exe" [2004-12-08 18:57 550912 C:\WINDOWS\zHotkey.exe]
    "Reminder"="%WINDIR%\Creator\Remind_XP.exe" [ ]
    "Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
    "vmtalk"="C:\Program Files\Fichiers communs\Talkway\vmtalk.exe" [2003-07-24 17:21 61440]
    "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]
    "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16 1121792]
    "Motive SmartBridge"="C:\PROGRA~1\LECOMP~1\SMARTB~1\MotiveSB.exe" [2005-08-24 08:51 438359]
    "TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 17:52 3770024]
    "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 17:37 2178832]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 23:18 443968]

    C:\Documents and Settings\Marion\Menu D‚marrer\Programmes\D‚marrage\
    Club Internet.lnk - C:\Program Files\Club-Internet\Lanceur\lanceur.exe [2005-10-19 10:05:42 5201920]

    C:\Documents and Settings\Arnaud\Menu D‚marrer\Programmes\D‚marrage\
    Club Internet.lnk - C:\Program Files\Club-Internet\Lanceur\lanceur.exe [2005-10-19 10:05:42 5201920]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2006-05-08 14:17:09 282624]
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
    LE COMPAGNON CLUB.lnk - C:\Program Files\LE COMPAGNON CLUB\bin\matcli.exe [2006-11-07 16:52:06 217088]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-01-01 04:05:43 67128]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegedit"= 0 (0x0)
    "NoFind"= 0 (0x0)
    "NoRun"= 0 (0x0)
    "NoDesktop"= 0 (0x0)
    "NoClose"= 0 (0x0)
    "StartMenuLogOff"= 0 (0x0)
    "HideClock"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.SP54"= SP5X_32.DLL
    "VIDC.SP55"= SP5X_32.DLL
    "VIDC.SP56"= SP5X_32.DLL
    "VIDC.SP57"= SP5X_32.DLL
    "VIDC.SP58"= SP5X_32.DLL
    "vidc.i263"= C:\WINDOWS\system32\i263_32.drv

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Fichiers communs\\Talkway\\vmtalk.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "7571:UDP"= 7571:UDP:emule
    "7561:TCP"= 7561:TCP:emule
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
    S2 Ca536av;4.0M MPEG4 DV Video Capture;C:\WINDOWS\system32\Drivers\Ca536av.sys [2003-07-09 11:49]
    S3 USBCamera;4.0M MPEG4 DV Digital Camera;C:\WINDOWS\system32\Drivers\Bulk536.sys [2003-05-14 17:28]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da9ff7a6-e23c-11dc-89f7-0015581bdde6}]
    \Shell\AutoRun\command - ie.exe
    \Shell\explore\Command - ie.exe
    \Shell\open\Command - ie.exe

    *Newly Created Service* - AVG_ANTI-SPYWARE_DRIVER
    *Newly Created Service* - AVG_ANTI-SPYWARE_GUARD
    *Newly Created Service* - CATCHME
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-02 18:26:55
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-06-02 18:28:53
    ComboFix-quarantined-files.txt 2008-06-02 16:28:36
    ComboFix2.txt 2008-06-02 15:54:03
    ComboFix3.txt 2008-06-01 20:19:16

    Pre-Run: 135,179,583,488 octets libres
    Post-Run: 135,173,918,720 octets libres

    226 --- E O F --- 2008-05-29 01:01:44
    0
  4. dg-remix93 Messages postés 67 Date d'inscription   Statut Membre
     
    Et le second que tu ma demande de hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:30:55, on 02/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\zHotkey.exe
    C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
    C:\PROGRA~1\LECOMP~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\TomTom HOME\TomTomHOME.exe
    C:\Program Files\Search Settings\SearchSettings.exe
    C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\LE COMPAGNON CLUB\bin\mpbtn.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\RegCleaner\RegCleanr.exe
    C:\Program Files\RegCleaner\RegCleanr.exe
    C:\Program Files\RegCleaner\RegCleanr.exe
    C:\Program Files\RegCleaner\RegCleanr.exe
    C:\Program Files\RegCleaner\RegCleanr.exe
    C:\Program Files\RegCleaner\RegCleanr.exe
    C:\Program Files\RegCleaner\RegCleanr.exe
    C:\Program Files\RegCleaner\RegCleanr.exe
    C:\Program Files\RegCleaner\RegCleanr.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Arnaud\Bureau\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.club-internet.fr:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
    O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
    O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [vmtalk] C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\LECOMP~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [WengoPhoneNG] J:\Apps\PortableWengoPhone\qtwengophone.exe -b
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\WINDOWS\TEMP\E_S2AB.tmp" /EF "HKCU"
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
    O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
    O4 - Global Startup: Exif Launcher.lnk = ?
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\LE COMPAGNON CLUB\bin\matcli.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Arnaud\Application Data\Dealio\kb125\res\DealioSearch.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Fichiers communs\New Boundary\PrismXL\PRISMXL.SYS
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en gras ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    C:\Program Files\Search Settings\SearchSettings.exe
    C:\Program Files\Search Settings\


    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
    0
  7. dg-remix93 Messages postés 67 Date d'inscription   Statut Membre
     
    voila,

    File/Folder C:\Program Files\Search Settings\SearchSettings.exe not found.
    Folder C:\Program Files\Search Settings\ not found.

    OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06022008_183613
    0
  8. Utilisateur anonyme
     
    ok

    fais ça :

    Démarrer > executer > ' services.msc ' ,

    - Clic droit sur le service cité - Search Settings
    - propriétés
    - et dans "type de démarrage" et mets le sur « désactivé ».
    - Ensuite si le "Status du service" est sur "Démarré" faire : « arrêté »

    Tutorial : https://www.zebulon.fr/dossiers/windows/31-services.html
    0
  9. dg-remix93 Messages postés 67 Date d'inscription   Statut Membre
     
    Aucun non n'apparait dans la liste. Il faut qu'il s'appelle search settings?
    0
  10. Utilisateur anonyme
     
    ok c était pour savoir lol

    Téléchargez ceci (de gchris) : http://gchrisftp.free.fr/divers/Ad-Fix/Ad-Fix.zip

    Dézippez-le sur votre bureau (clic droit -> extraire tout).

    Important : vérifiez que vous êtes bien connecté à internet.

    Dans le dossier créé, double-cliquez sur le fichier "Ad-Fix.bat" ou "Ad-fix"
    Choisissez l'option 1.

    Si vous avez un message de votre pare-feu qui vous demande si vous voulez autoriser le fichier URL2FILE.EXE à
    se connecter à Internet ---> autorisez, c'est nécessaire à ad-fix pour vérifier la version.

    Quand c'est finit (cela peut prendre plusieurs minutes), un rapport s'ouvre avec le bloc-notes.
    Merci de faire un copier/coller ici du contenu du rapport (Ad-Fix.txt) .

    0
  11. dg-remix93 Messages postés 67 Date d'inscription   Statut Membre
     
    C'est normale que sa soit aussi long ?
    0
  12. dg-remix93 Messages postés 67 Date d'inscription   Statut Membre
     
    Juste pour savoir, c'est ton job de faire sa ou c'est juste que tu aime l'informatique et que veux aider les autres personnes ?
    0
  13. Utilisateur anonyme
     
    lol non c pas mon job mais un hobbie
    0
Précédent
  • 1
  • 2
  • 3
  • 4
  • 5