Trojan TR/Crypt.XPACK.GEN Fermé

Question

Bonjour ou bonsoir, j'ai recemment été infecté par Virtumonde. J'ai réparer partiellement cela grâce à Combofix, or j'avais un problême avec la barre des tâches seulement maintenant, j'ai juste le fond d'ecran noir et inchangeable. A par ça je peut accéder à tous les programmes etc. 
Mais l'antivirus du nom d'AntiVir détecte un trojan du nom inscrit au titre de ce post. Il à infecté 2 fichiers dans le dd que sont : C:/Users/Antho/AppData/Local/.../css4CA6VEFFL et C:/Windows/System32/byxuSJcD.dll qui lui est détécté de fois de suite. Puis par défault je coche "deni access". Le problême c'est que cela est rémanent, à savoir que quelque temps après ces avertissements d'AntiVir réapparaissent donc.

Que faire? Aidez-moi s'il vous plaît! En tout cas merci d'avoir pris la peine de lire ce problême, maintenant il ne vous reste plus qu'à me répondre si possible, merci encore.

jlpjlp · Accepted Answer

slt,

scan avec vundofix (colle le rapport)

Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.

Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.

_______________

virtumondebegone (colle le rapport)

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe


_______________

colle un rapport combofix

_______________

colle un rapport hijackthis 
 

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo. 

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste 

Ensuite avec Explorer créer un dossier c:\hijackthis 
Décompresser Hijackthis dans ce dossier. 
C'est important pour les sauvegardes."

patmoss · Answer

Pour Vundo, no files were found. Donc AntiVir signale Virtumondebegone comme virus que dois-je faire?

Saches que j'ai déja fait ComboFix je le refait ou je colle le résultat du scan ComboFix réaliser il y a quelque jours?

Et pour Hijackthis, je fait un scan en rennommant hijackthis.exe dans le repertoire C:/Hijackthis? Et combien de scan et quand dois-je les faires en tout cas Vundo n'a rien trouvé.

Merci de m'aider.

jlpjlp · Answer

fais un nouveau combofix pour voir ce qu'il reste
et oui fais Virtumondebegone (désactive antivir le temps de le faire)

patmoss · Answer

VirtumondeBeGone

[06/08/2008, 11:56:41] - VirtumundoBeGone v1.5 ( "C:\Users\antho\Desktop\VirtumundoBeGone.exe" )
[06/08/2008, 11:56:50] - Detected System Information:
[06/08/2008, 11:56:50] -  Windows Version: 6.0.6001, Service Pack 1
[06/08/2008, 11:56:50] -  Current Username: antho (Admin)
[06/08/2008, 11:56:50] -  Windows is in NORMAL mode.
[06/08/2008, 11:56:50] - Searching for Browser Helper Objects:
[06/08/2008, 11:56:50] -  BHO 1: {0055C089-8582-441B-A0BF-17B458C2A3A8} (IDMIEHlprObj Class)
[06/08/2008, 11:56:50] -  BHO 2: {00C6482D-C502-44C8-8409-FCE54AD9C208} (SnagIt Toolbar Loader)
[06/08/2008, 11:56:50] -  BHO 3: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[06/08/2008, 11:56:50] -  BHO 4: {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} (Ask Search Assistant BHO)
[06/08/2008, 11:56:50] -  BHO 5: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[06/08/2008, 11:56:50] -  BHO 6: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} ()
[06/08/2008, 11:56:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/08/2008, 11:56:50] -  Checking for HKLM\...\Winlogon\Notify\NppBho
[06/08/2008, 11:56:50] -  Key not found: HKLM\...\Winlogon\Notify\NppBho, continuing.
[06/08/2008, 11:56:50] -  BHO 7: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[06/08/2008, 11:56:50] -  BHO 8: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
[06/08/2008, 11:56:50] -  BHO 9: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[06/08/2008, 11:56:50] -  BHO 10: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[06/08/2008, 11:56:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/08/2008, 11:56:50] -  No filename found. Continuing.
[06/08/2008, 11:56:50] -  BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[06/08/2008, 11:56:50] -  BHO 12: {95D166B3-B002-4702-9BA3-7E79911325AD} ()
[06/08/2008, 11:56:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/08/2008, 11:56:50] -  No filename found. Continuing.
[06/08/2008, 11:56:50] -  BHO 13: {AA58ED58-01DD-4d91-8333-CF10577473F7} ()
[06/08/2008, 11:56:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/08/2008, 11:56:50] -  No filename found. Continuing.
[06/08/2008, 11:56:50] -  BHO 14: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[06/08/2008, 11:56:50] -  BHO 15: {CA6319C0-31B7-401E-A518-A07C3DB8F777} (CBrowserHelperObject Object)
[06/08/2008, 11:56:50] -  BHO 16: {E1B2F22F-88F6-4381-A18F-079FD0488676} ()
[06/08/2008, 11:56:50] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/08/2008, 11:56:50] -  No filename found. Continuing.
[06/08/2008, 11:56:50] -  BHO 17: {E707216F-6AFF-4BD4-962D-EC5CDBA812A1} ()
[06/08/2008, 11:56:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[06/08/2008, 11:56:51] -  Checking for HKLM\...\Winlogon\Notify\urqrrstS
[06/08/2008, 11:56:51] -  Key not found: HKLM\...\Winlogon\Notify\urqrrstS, continuing.
[06/08/2008, 11:56:51] -  BHO 18: {EEE6C35C-6118-11DC-9C72-001320C79847} (SweetIM Toolbar Helper)
[06/08/2008, 11:56:51] -  BHO 19: {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} (Ask Toolbar BHO)
[06/08/2008, 11:56:51] - Finished Searching Browser Helper Objects
[06/08/2008, 11:56:51] - Finishing up...
[06/08/2008, 11:56:51] - Nothing found! Exiting...

patmoss · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04, on 2008-06-08
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Powercinema\PCMService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Phone\Skype.exe
C:\Program Files\Spybot\TeaTimer.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Inbit\FullShot 9\FULLSHOT.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Windows\system32\conime.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files\Windows Media Player\wmprph.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\HijackThis\edes.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pagedetournee.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {95D166B3-B002-4702-9BA3-7E79911325AD} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: (no name) - {E1B2F22F-88F6-4381-A18F-079FD0488676} - (no file)
O2 - BHO: (no name) - {E707216F-6AFF-4BD4-962D-EC5CDBA812A1} - C:\Windows\system32\urqrrstS.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [GBMPro8Agent] "C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [HDInspector.exe] C:\Program Files\Hard Drive Inspector\HDInspector.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\urqrrstS.dll,#1
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [PCMService] "c:\Program Files\Powercinema\PCMService.exe"
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe"
O4 - HKCU\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe"" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll
O4 - HKCU\..\Run: [IS CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe"" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT
O4 - HKCU\..\Run: [Meteo Fusion] "C:\Program Files\Eggiz\Meteo Fusion\Meteo Fusion.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{75918A0B-DC7E-4F07-9959-955064C5C2E5}
O4 - HKCU\..\Run: [C:\Program Files\Advanced System Optimizer\wallpaper.exe  -minimize] wallpaper.exe  -minimize
O4 - HKCU\..\Run: [MzCpuAccelerator] "C:\Program Files\Mz_CpuAcc\MzCpuAccelerator.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: FullShot 9.lnk = C:\Program Files\Inbit\FullShot 9\FULLSHOT.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: &Search - ?p=ZJfox000
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O13 - Gopher Prefix: 
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\Program Files\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\Program Files\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/ - C:\Windows\system32\HDDSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot\SDWinSec.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

patmoss · Answer

Alors je fait quoi? 
Il semble correct ce rapport HijackThis non? 
Ou récupérer le texte de Combofix; je l'exécute en mode sans echec avant c'est bien cela?

jlpjlp · Answer

ok
ton rapport montre des infections

et je vois que tu as norton et antivir: vire un des deux sinon l'ordi va planter

______________

Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked". 


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pagedetournee.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp

R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - (no file)

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {95D166B3-B002-4702-9BA3-7E79911325AD} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {E1B2F22F-88F6-4381-A18F-079FD0488676} - (no file)
O2 - BHO: (no name) - {E707216F-6AFF-4BD4-962D-EC5CDBA812A1} - C:\Windows\system32\urqrrstS.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\urqrrstS.dll,#1


____________

télécharge OTMoveIt 
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.  Ou sur  https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer. 
copie la liste qui se trouve en citation ci-dessous, 
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved. 

Citation : 


C:\Windows\system32\urqrrstS.dll
 C:\Program Files\AskSBar
 C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
 C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

clique sur MoveIt! pour lancer la suppression. 
le résultat apparaitra dans le cadre "Results". 
clique sur Exit pour fermer. 
poste le rapport situé dans C:\_OTMoveIt\MovedFiles. 

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes. 

__________________

vire ce qui est dans moved files en allant dans poste de travail puis C puis otmovit
___________________

télécharge combofix (par sUBs) ici : 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

et enregistre le sur le bureau. 

déconnecte toi d'internet et ferme toutes tes applications. 

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware) 


double-clique sur combofix.exe et suis les instructions 

à la fin, il va produire un rapport C:\ComboFix.txt 

réactive ton parefeu, ton antivirus, la garde de ton antispyware 

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse. 

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi. 

Tu as un tutoriel complet ici : 

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

patmoss · Answer

File/Folder C:\Windows\system32\urqrrstS.dll not found.
C:\Program Files\AskSBar\SrchAstt\1.bin moved successfully.
C:\Program Files\AskSBar\SrchAstt moved successfully.
C:\Program Files\AskSBar\bar\History moved successfully.
C:\Program Files\AskSBar\bar\1.bin moved successfully.
C:\Program Files\AskSBar\bar moved successfully.
C:\Program Files\AskSBar moved successfully.
File/Folder C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL not found.
File/Folder C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL not found.

patmoss · Answer

Mais comment désinstaller Norton, il n'y a que AntiVir qui est operationnel?

jlpjlp · Answer

pour virer norton

fais ceci

https://forum.zebulon.fr/topic/73027-supprimer-norton/

ou ceci:

https://forum.zebulon.fr/index.php?act=ST&f=38&t=57795

patmoss · Answer

J'ai essayé avec CCleaner mais un message ne l'autorise pas qui est : Setup, "This MSI must be lauched through setup". Comment désinstaller Norton alors?

jlpjlp · Answer

regarde le deuxieme lien

patmoss · Answer

AntiVir ne fait qu'afficher C:\Windows\System32\byXonnmL.dll -du Trojan TR/Crypt.XPACK.Gen- sans arrêt
j'ai beau Move to quarantaine ou deny access il ne evient que de plus bele (sans arrêt).

jlpjlp · Answer

c'est normal c'est pourquoi je t'ai demandé un combofix aussi

patmoss · Answer

ComboFix 08-06-05.3 - antho 2008-06-08 20:12:32.2 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.1.1036.18.197 [GMT 2:00] Endroit: C:\Users\antho\Desktop\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system32\byXonnmL.dll C:\Windows\system32\khfcbawW.dll C:\Windows\System32\LmnnoXyb.ini C:\Windows\System32\LmnnoXyb.ini2 . ---- Previous Run ------- . C:\Program Files\internet explorer\msimg32.dll C:\Windows\System32\abIRtCfe.ini C:\Windows\System32\abIRtCfe.ini2 C:\Windows\system32\awttRhGY.dll C:\Windows\system32\f3PSSavr.scr C:\Windows\System32\fOpAaccf.ini C:\Windows\System32\fOpAaccf.ini2 C:\Windows\System32\IQBLRqru.ini C:\Windows\System32\IQBLRqru.ini2 C:\Windows\system32\jkkJyXRH.dll C:\Windows\System32\kkklSvut.ini C:\Windows\System32\kkklSvut.ini2 C:\Windows\System32\KTtvuwEg.ini C:\Windows\System32\KTtvuwEg.ini2 C:\Windows\System32\PWvvCcfe.ini C:\Windows\System32\PWvvCcfe.ini2 C:\Windows\System32 BehOXyb.ini C:\Windows\System32 BehOXyb.ini2 C:\Windows\System32 YFgMnnn.ini C:\Windows\System32 YFgMnnn.ini2 C:\Windows\System32\vGiiRXbc.ini C:\Windows\System32\vGiiRXbc.ini2 C:\Windows\system32\yayaWPGY.dll C:\Windows\System32\YGPWayay.ini C:\Windows\System32\YGPWayay.ini2 . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-08 to 2008-06-08 )))))))))))))))))))))))))))))))))))) . 2008-06-08 12:03 . 2008-06-08 19:41 d-------- C:\HijackThis 2008-06-08 11:01 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll 2008-06-08 10:01 . 2008-06-08 10:01 d-------- C:\Program Files\Microsoft.NET 2008-06-08 10:01 . 2008-06-08 10:01 d-------- C:\Program Files\HDDGURU LLF Tool 2008-06-08 09:51 . 2008-06-08 09:51 d-------- C:\Program Files\Microsoft Visual Studio 8 2008-06-08 09:47 . 2008-06-08 10:06 d-------- C:\Windows\SHELLNEW 2008-06-08 09:45 . 2008-06-08 11:08 d-------- C:\ProgramData\Microsoft Help 2008-06-08 09:03 . 2008-06-08 09:08 d-a------ C:\office 2007 2008-06-07 21:31 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-06-07 21:31 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll 2008-06-07 17:49 . 2008-06-07 17:49 d-------- C:\Program Files\Hard Drive Inspector 2008-06-07 12:09 . 2008-06-07 19:59 d-------- C:\Program Files\PeerGuardian2 2008-06-07 11:08 . 2008-06-07 11:08 d-------- C:\Users\antho\AppData\Roaming\HDD Thermometer 2008-06-07 11:08 . 2008-06-07 11:08 d-------- C:\ProgramData\HDD Thermometer 2008-06-07 10:47 . 2008-06-07 10:47 d-------- C:\_OTMoveIt 2008-06-06 19:02 . 2008-06-06 19:02 d-------- C:\Users\antho\AppData\Roaming\Malwarebytes 2008-06-06 19:01 . 2008-06-06 19:01 d-------- C:\ProgramData\Malwarebytes 2008-06-06 18:02 . 2008-06-05 10:44 d-------- C:\SDFix 2008-06-06 17:53 . 2008-06-06 19:34 d-------- C:\VundoFix Backups 2008-06-06 17:14 . 2008-06-06 17:14 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-06-06 13:32 . 2008-06-06 21:32 d-------- C:\__eetemp 2008-06-05 22:21 . 2008-06-06 17:13 559 --a------ C:\Windows\wininit.ini 2008-06-04 23:21 . 2008-06-04 23:21 dr------- C:\Windows\System32\config\systemprofile\Videos 2008-06-04 23:21 . 2008-06-04 23:21 dr------- C:\Windows\System32\config\systemprofile\Searches 2008-06-04 23:21 . 2008-06-04 23:21 dr------- C:\Windows\System32\config\systemprofile\Saved Games 2008-06-04 23:21 . 2008-06-04 23:21 dr------- C:\Windows\System32\config\systemprofile\Pictures 2008-06-04 23:21 . 2008-06-04 23:21 dr------- C:\Windows\System32\config\systemprofile\Links 2008-06-04 23:21 . 2008-06-04 23:21 dr------- C:\Windows\System32\config\systemprofile\Downloads 2008-06-04 21:50 . 2008-06-04 20:11 152,576 --a------ C:\Windows\System32\SPWizUI.dll 2008-06-04 21:50 . 2008-06-04 20:11 47,560 --a------ C:\Windows\System32\SPReview.exe 2008-06-04 21:24 . 2008-01-18 23:33 193,024 --a------ C:\Windows\System32 ecdisc.exe 2008-06-04 21:24 . 2008-01-18 23:36 6,656 --a------ C:\Windows\System32\sdspres.dll 2008-06-04 21:22 . 2008-01-18 23:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe 2008-06-04 21:20 . 2008-01-18 23:36 142,336 --a------ C:\Windows\System32\spp.dll 2008-06-04 21:20 . 2008-01-18 23:36 28,160 --a------ C:\Windows\System32\sxproxy.dll 2008-06-04 21:18 . 2008-06-04 21:21 d-------- C:\Windows\A1C4EE2BDF144488BC8AF9336D588E97.TMP 2008-06-04 21:15 . 2008-01-18 23:35 4,495,360 --a------ C:\Windows\System32\NlsData0816.dll 2008-06-04 21:14 . 2008-01-18 23:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll 2008-06-04 21:13 . 2008-01-18 23:33 5,714,432 --a------ C:\Windows\System32\logon.scr 2008-06-04 21:11 . 2008-01-18 23:36 2,153,472 --a------ C:\Windows\System32\oobefldr.dll 2008-06-04 21:10 . 2008-01-18 23:33 2,927,104 --a------ C:\Windows\explorer.exe 2008-06-04 21:09 . 2008-01-18 23:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll 2008-06-04 21:07 . 2008-01-18 23:33 3,216,896 --a------ C:\Windows\System32\WinSAT.exe 2008-06-04 21:05 . 2008-01-18 23:43 891,448 --a------ C:\Windows\System32\drivers cpip.sys 2008-06-04 21:04 . 2008-01-18 23:32 691,200 --a------ C:\Windows\System32\TabletPC.cpl 2008-06-04 21:02 . 2008-01-18 23:33 8,139,264 --a------ C:\Windows\System32\ssBranded.scr 2008-06-04 21:01 . 2008-01-18 21:31 8,322,048 --a------ C:\Windows\System32\spwizimg.dll 2008-06-04 21:00 . 2008-01-18 23:36 1,505,792 --a------ C:\Windows\System32 query.dll 2008-06-04 20:59 . 2008-01-18 23:36 2,588,160 --a------ C:\Windows\System32\UIHub.dll 2008-06-04 20:58 . 2008-01-18 21:28 226,816 --a------ C:\Windows\System32\drivers\udfs.sys 2008-06-04 20:58 . 2008-01-18 23:36 208,384 --a------ C:\Windows\System32\uDWM.dll 2008-06-04 20:58 . 2008-01-18 23:36 152,064 --a------ C:\Windows\System32\UIAutomationCore.dll 2008-06-04 20:58 . 2008-01-18 23:36 92,672 --a------ C:\Windows\System32\ufat.dll 2008-06-04 20:58 . 2008-01-18 23:36 89,088 --a------ C:\Windows\System32 xflog.dll 2008-06-04 20:58 . 2008-01-18 23:36 56,320 --a------ C:\Windows\System32\uexfat.dll 2008-06-04 20:58 . 2008-01-18 23:33 35,840 --a------ C:\Windows\System32\UI0Detect.exe 2008-06-04 20:58 . 2008-01-05 03:21 28,672 --a------ C:\Windows\System32\TsWpfWrp.exe 2008-06-04 20:58 . 2008-01-18 21:55 23,040 --a------ C:\Windows\System32\drivers unnel.sys 2008-06-04 20:58 . 2008-01-18 21:55 15,360 --a------ C:\Windows\System32\drivers\TUNMP.SYS 2008-06-04 20:25 . 2008-01-18 23:33 44,032 --a------ C:\Windows\System32\cbsra.exe 2008-06-04 20:11 . 2008-06-04 20:11 d-------- C:\96c2110d97d1b8b8abf446f4818453 2008-06-04 18:43 . 2008-06-04 18:52 d-------- C:\ProgramData\Spybot - Search & Destroy 2008-06-04 18:43 . 2008-06-08 19:21 d-------- C:\Program Files\Spybot 2008-06-03 20:21 . 2008-06-03 20:21 d-------- C:\Program Files\NeoSmart Technologies 2008-06-03 20:19 . 2008-06-03 20:20 d-------- C:\Program Files\Mz_CpuAcc 2008-06-03 20:17 . 2008-06-03 20:17 d-------- C:\Program Files\FreshDevices 2008-06-01 15:51 . 2008-06-04 20:09 d-------- C:\Program Files\Hard Disk Sentinel 2008-06-01 00:24 . 2008-06-01 00:24 d-------- C:\Program Files\Microsoft Silverlight 2008-06-01 00:05 . 2008-01-18 23:34 15,872 --a------ C:\Windows\System32\hcrstco.dll 2008-05-31 21:30 . 2008-05-31 21:30 d-------- C:\ProgramData\TechSmith 2008-05-31 21:27 . 2008-05-31 21:27 d-------- C:\Program Files\TechSmith 2008-05-30 20:03 . 2008-05-30 20:03 d-------- C:\Program Files\AxBx 2008-05-29 21:51 . 2008-05-29 21:52 d-------- C:\Program Files\Windows Live Toolbar 2008-05-29 21:40 . 2008-05-29 21:40 d-------- C:\Windows\PCHEALTH 2008-05-29 21:40 . 2008-06-05 18:59 d-------- C:\Program Files\MSN Messenger 2008-05-29 21:18 . 2006-10-30 17:22 8,192 --a------ C:\Windows\System32\drivers\AtiPcie.sys 2008-05-29 19:05 . 2008-05-29 19:05 d-------- C:\Windows\Repair 2008-05-28 23:19 . 2007-07-04 00:16 1,820 --a------ C:\Windows\System32 asctrnm.h 2008-05-28 23:04 . 2008-06-04 21:53 81,920 --a------ C:\Windows\SPInstall.etl 2008-05-28 22:10 . 2008-06-04 18:42 0 --ah----- C:\Users\Default.LOG2 2008-05-28 22:10 . 2008-06-04 18:42 0 --ah----- C:\Users\Default.LOG1 2008-05-28 22:10 . 2008-05-28 22:10 0 --ah----- C:\ProgramData.LOG2 2008-05-28 22:10 . 2008-05-28 22:10 0 --ah----- C:\ProgramData.LOG1 2008-05-28 20:01 . 2008-06-05 08:09 d-------- C:\Users\antho\AppData\Roaming\ESTsoft 2008-05-28 20:01 . 2008-05-28 20:02 d-------- C:\Program Files\ESTsoft 2008-05-28 19:42 . 2008-05-28 19:45 d-------- C:\Users\antho\AppData\Roaming\Notepad++ 2008-05-28 19:42 . 2008-05-28 19:42 d-------- C:\Program Files\Notepad++ 2008-05-28 19:31 . 2008-05-28 19:31 d-------- C:\Program Files\Intel 2008-05-28 18:28 . 2008-05-28 18:28 d-------- C:\Program Files\COMODO 2008-05-28 18:28 . 2008-05-28 18:49 76,280 --a------ C:\Windows\System32\drivers\cmdGuard.sys 2008-05-28 18:28 . 2008-05-28 18:49 24,568 --a------ C:\Windows\System32\drivers\cmdhlp.sys 2008-05-28 13:22 . 2006-10-25 19:09 758,352 --a------ C:\fwconfig.exe 2008-05-28 13:22 . 2006-10-25 19:09 131,072 --a------ C:\clicapi.dll 2008-05-26 21:49 . 2008-05-26 21:49 d-------- C:\ProgramData\Avira 2008-05-26 21:49 . 2008-05-26 21:49 d-------- C:\Program Files\Avira 2008-05-26 19:28 . 2008-05-26 20:23 81,984 --a------ C:\Windows\System32\bdod.bin 2008-05-25 14:42 . 2008-05-26 20:27 121 --a------ C:\Windows\bdagent.INI 2008-05-25 14:06 . 2008-05-26 20:30 d-------- C:\Program Files\BitDefender 2008-05-25 14:03 . 2008-05-26 20:30 d-------- C:\Program Files\Common Files\BitDefender 2008-05-25 13:59 . 2008-05-25 13:59 d-------- C:\Programas 2008-05-24 18:42 . 2007-12-15 18:35 1,626 --a------ C:\02B780B8.key 2008-05-24 14:06 . 2008-05-25 13:35 d-------- C:\ProgramData\Kaspersky Lab 2008-05-18 09:57 . 2008-05-18 09:57 d-------- C:\ProgramData\Kaspersky Lab Setup Files 2008-05-17 21:09 . 2008-05-18 09:04 171,136 -rahs---- C:\grldr 2008-05-17 08:37 . 2008-05-17 08:38 d-------- C:\Program Files\Opera 2008-05-16 09:00 . 2008-05-16 09:00 d-------- C:\ProgramData\eMule 2008-05-15 19:55 . 2008-05-15 19:55 d-------- C:\Program Files\BSD Concept 2008-05-15 12:42 . 2008-05-15 12:42 d-------- C:\Program Files\MagicISO 2008-05-14 22:11 . 2008-06-06 13:41 0 ---hs---- C:\Windows\S164E22E3.tmp 2008-05-14 22:06 . 2008-05-14 22:06 d-------- C:\Program Files\SlySoft 2008-05-11 13:03 . 2008-05-11 13:08 d-------- C:\Program Files\Common Files\Adobe 2008-05-09 16:29 . 2008-05-09 16:29 d-------- C:\Program Files\Ligos 2008-05-09 16:29 . 2000-06-23 14:05 136,704 --a------ C:\Windows\System32\iacenc.dll 2008-05-09 16:29 . 2000-06-22 13:09 56,320 --------- C:\Windows\System32\iyvu9_32.dll 2008-05-09 16:21 . 2008-05-09 16:21 d-------- C:\Program Files\MediaTV 2008-05-09 16:09 . 2008-05-11 09:54 d-------- C:\Program Files\DivXCodec . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-08 18:20 --------- d-----w C:\Users\antho\AppData\Roaming\DNA 2008-06-08 18:11 --------- d-----w C:\Users\antho\AppData\Roaming\DMCache 2008-06-08 17:41 --------- d-----w C:\Users\antho\AppData\Roaming\OpenOffice.org2 2008-06-08 17:39 --------- d-----w C:\Users\antho\AppData\Roaming\Skype 2008-06-08 17:21 --------- d-----w C:\Program Files\Internet Download Manager 2008-06-08 10:15 --------- d-----w C:\Users\antho\AppData\Roaming\Vista Start Menu 2008-06-08 09:43 --------- d-----w C:\Users\antho\AppData\Roaming\uTorrent 2008-06-08 08:10 --------- d-----w C:\Program Files\Microsoft Works 2008-06-08 08:09 --------- d-----w C:\Program Files\MSBuild 2008-06-08 06:42 --------- d-----w C:\Program Files\Common Files\L&H 2008-06-08 01:08 --------- d-----w C:\Program Files\Windows Mail 2008-06-07 21:26 --------- d-----w C:\ProgramData\Roxio 2008-06-07 20:45 24,306 ----a-w C:\Users\antho\AppData\Roaming\wklnhst.dat 2008-06-06 17:09 --------- d-----w C:\Program Files\PowerISO 2008-06-05 20:41 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-06-05 18:58 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-06-05 16:28 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-05 16:13 --------- d-----w C:\Program Files\Common Files\Acronis 2008-06-04 21:15 174 --sha-w C:\Program Files\desktop.ini 2008-06-04 20:52 --------- d-----w C:\Program Files\Windows Sidebar 2008-06-04 20:52 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-06-04 20:52 --------- d-----w C:\Program Files\Windows Collaboration 2008-06-04 20:52 --------- d-----w C:\Program Files\Windows Calendar 2008-06-04 20:51 --------- d-----w C:\Program Files\Windows Defender 2008-06-01 18:41 --------- d-----w C:\Program Files\RALINK 2008-05-31 01:15 --------- d-----w C:\Program Files\Learning Essentials 2008-05-29 20:16 --------- d-----w C:\Program Files\ATI 2008-05-28 20:41 --------- d-----w C:\Users\antho\AppData\Roaming\Packard Bell 2008-05-28 16:28 --------- d-----w C:\Users\antho\AppData\Roaming\Comodo 2008-05-26 17:51 --------- d-----w C:\Program Files\Symantec 2008-05-24 16:58 --------- d-----w C:\Program Files\Alwil Software 2008-05-24 16:56 --------- d-----w C:\Users\antho\AppData\Roaming\IDM 2008-05-16 06:55 --------- d-----w C:\Program Files\eMule 2008-05-01 07:34 --------- d-----w C:\ProgramData\Symantec 2008-04-26 09:49 --------- d-----w C:\Program Files\AOL 9.0 VR 2008-04-26 09:47 --------- d-----w C:\Users\antho\AppData\Roaming\LimeWire 2008-04-25 20:32 --------- d-----w C:\Program Files\Quicken 2008-04-25 20:06 --------- d-----w C:\Users\antho\AppData\Roaming\Systweak 2008-04-25 20:06 --------- d-----w C:\Program Files\Advanced System Optimizer 2008-04-25 19:51 --------- d-----w C:\Users\antho\AppData\Roaming\Application Data 2008-04-25 19:43 --------- d-----w C:\Program Files\Philips 2008-04-25 17:17 --------- d-----w C:\Program Files\Auralog 2008-04-25 10:02 --------- d-----w C:\Users\antho\AppData\Roaming\BSDh9 2008-04-24 18:44 --------- d---a-w C:\ProgramData\TEMP 2008-04-24 12:59 --------- d-----w C:\Users\antho\AppData\Roaming\iolo 2008-04-23 15:25 100,904 ----a-w C:\Users\antho\AppData\Roaming\GDIPFONTCACHEV1.DAT 2008-04-23 11:41 --------- d-----w C:\Program Files\SweetIM 2008-04-23 11:39 --------- d-----w C:\ProgramData\SweetIM 2008-04-23 08:24 --------- d-----w C:\ProgramData\Genie-Soft 2008-04-23 08:21 --------- d-----w C:\Program Files\Common Files\PX Storage Engine 2008-04-23 08:19 --------- d-----w C:\Program Files\Genie-Soft 2008-04-21 21:03 --------- d-----w C:\Program Files\OpenOffice.org 2.4 2008-04-21 18:49 --------- d-----w C:\ProgramData\iolo 2008-04-14 17:56 --------- d-----w C:\Users\antho\AppData\Roaming\Simply Super Software 2008-04-14 17:56 --------- d-----w C:\ProgramData\Simply Super Software 2008-04-13 19:17 --------- d-----w C:\ProgramData\BVRP Software 2008-04-13 18:57 --------- d-----w C:\Users\antho\AppData\Roaming\Avanquest 2008-04-13 18:57 --------- d-----w C:\ProgramData\Avanquest 2008-04-13 18:45 --------- d-----w C:\Program Files\Avanquest 2008-04-12 10:14 --------- d-----w C:\Program Files\Microsoft Etudes 2008-04-10 19:09 --------- d--h--w C:\ProgramData\{A526BBD6-4321-4B38-BF34-B3C9B982DA32} 2008-04-10 18:58 --------- d-----w C:\ProgramData\{CFAB4006-0AE0-414D-866A-DCB2C46553CF} 2008-04-10 18:56 --------- d-----w C:\Program Files\Blaze Media Pro 2007-10-11 17:33 278,528 ----a-w C:\Program Files\Common Files\FDEUnInstaller.exe 2005-11-04 15:59 135,525 ----a-w C:\Program Files\Common Files\ReportPreview.app 2005-01-21 06:53 45,056 ------r C:\Program Files\SetAttrib.exe 2004-11-30 13:23 40,960 ------r C:\Program Files\delete.exe 2008-02-17 11:28 5 --sha-w C:\Windows\System32\afcfdcbd6_g.dll 2007-10-30 22:31 11,270 --sha-w C:\Windows\System32\KGyGaAvL.sys 2006-11-02 12:34 168,960 --sha-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16386_none_09330123522ea8c1\wmplayer.exe . ------- Sigcheck ------- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0243BC71-E8CF-4E60-83AC-710A53BF050E}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3A2BFA2D-8F90-423F-A84F-FA0923BF25EE}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2008-03-27 14:12 1164600 --a------ C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 14:12 1164600] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-03-27 14:12 1164600] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [ ] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE] [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-20 18:26 289088] "PCMService"="c:\Program Files\Powercinema\PCMService.exe" [2006-11-15 16:49 151552] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-24 23:08 107112] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 14:23 200704] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-08-25 12:11 81920] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 12:11 221184] "VistaStartMenu"="C:\Program Files\Vista Start Menu\VistaStartMenu.exe" [2007-10-29 18:47 1682944] "SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2006-10-23 16:49 1092152] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048] "IS CfgWiz"="C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" [2007-11-26 20:46 456072] "Meteo Fusion"="C:\Program Files\Eggiz\Meteo Fusion\Meteo Fusion.exe" [2007-04-12 13:01 294912] "IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-01-23 17:15 2577840] "Skype"="C:\Program Files\Phone\Skype.exe" [2007-09-13 13:31 22880040] "RunSpySweeperScheduleAtStartup"="C:\Windows\system32\msfeedssync.exe" [2008-01-18 23:33 12800] "MzCpuAccelerator"="C:\Program Files\Mz_CpuAcc\MzCpuAccelerator.exe" [2008-05-29 00:15 159744] "SpybotSD TeaTimer"="C:\Program Files\Spybot\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 12:11 221184] "GBMPro8Agent"="C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe" [2008-01-27 09:55 230016] "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 21:21 57344] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-05-28 18:48 1481984] "HDInspector.exe"="C:\Program Files\Hard Drive Inspector\HDInspector.exe" [2008-03-26 18:22 1007368] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] C:\Users\antho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ FullShot 9.lnk - C:\Program Files\Inbit\FullShot 9\FULLSHOT.exe [2007-07-04 01:00:00 3993600] OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 15:41:28 393216] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2007-10-15 17:41:47 1585152] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "AllowLegacyWebView"= 1 (0x1) "AllowUnhashedWebView"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoBandCustomize"= 0 (0x0) "NoMovingBands"= 0 (0x0) "NoCloseDragDropBands"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.avis"= ffvfw.dll "vidc.fvfw"= ffvfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3525442163-3756774792-3855537706-1002] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{01E66E1C-3F58-4100-9979-969E84A0185F}"= UDP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Autoconnect "{7E6503D6-F74C-4404-B1D2-C5F5BFAA3F4C}"= TCP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Autoconnect "{46287467-9706-4F01-87B8-04F8E32FBF8E}"= UDP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:module de connexion AOL "{68EECAC6-165F-4634-8DCF-3EF2D444A33F}"= TCP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:module de connexion AOL "{1809F410-608B-4960-8A0A-8EE63FCDD1E8}"= UDP:C:\Program Files\AOL 9.0 VR\waol.exe:AOL "{01955B9E-02AC-4CA0-9E1B-401FF76EDA0B}"= TCP:C:\Program Files\AOL 9.0 VR\waol.exe:AOL "{BD688FB9-3901-4073-A779-453A3F48E281}"= UDP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed "{2E6E59BC-17D0-4C9F-88A9-260913C3B64F}"= TCP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed "{FD843E49-9219-4181-9B2D-836C7F552C04}"= UDP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader "{E2CE24DB-1978-41EF-BE46-B742741D090D}"= TCP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader "{581C3C69-E48E-440B-BCDC-736440C35946}"= UDP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information "{5B4E6F60-A58C-4A40-99EB-C8078B8B3CA9}"= TCP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information "{FDE4E33C-94E9-40AA-9ED4-C4057CDCF405}"= UDP:C:\Program Files\Powercinema\PowerCinema.exe:CyberLink PowerCinema "{59F25144-3256-4102-940E-7C16BBBE40AC}"= TCP:C:\Program Files\Powercinema\PowerCinema.exe:CyberLink PowerCinema "{E73B0411-5451-4930-AC79-C0D016568B1C}"= UDP:C:\Program Files\Powercinema\PCMService.exe:CyberLink PowerCinema Resident Program "{C74E8417-8F17-4E34-B212-2C3AFE355A2C}"= TCP:C:\Program Files\Powercinema\PCMService.exe:CyberLink PowerCinema Resident Program "{91DBBC18-3919-4F47-B3CA-457DC4B9E0C7}"= UDP:C:\Windows\System32\WindowsAnytimeUpgrade.exe:Achat de mise à niveau en ligne "{74AE9E5F-5689-41AB-9A6F-E6D03E117267}"= TCP:C:\Windows\System32\WindowsAnytimeUpgrade.exe:Achat de mise à niveau en ligne "TCP Query User{07A95485-2F6E-4CE0-8053-0CC0A04051E4}C:\users\antho\documents\logiciels et autres applications\emule.exe"= UDP:C:\users\antho\documents\logiciels et autres applications\emule.exe:emule.exe "UDP Query User{8BBBA791-BA17-431D-A9FE-0DC0A29D4090}C:\users\antho\documents\logiciels et autres applications\emule.exe"= TCP:C:\users\antho\documents\logiciels et autres applications\emule.exe:emule.exe "TCP Query User{6A2D8392-0021-4BEF-BFB6-F9E638563201}C:\program files\emule\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule "UDP Query User{6FA76C49-8162-44A3-92DC-14EB9B2BA6F7}C:\program files\emule\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule "{0C22D93B-237C-4F96-A5BB-70A4DFEE4EDA}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent "{97492C02-5B44-4F5D-AFB0-605C6A2A9B87}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent "TCP Query User{37A804FE-AEFC-44DD-A9A6-36C14A337080}D:\emule, divx\emule.exe"= UDP:D:\emule, divx\emule.exe:eMule "UDP Query User{6632D0CD-0207-4DC5-B535-844EBBF9D289}D:\emule, divx\emule.exe"= TCP:D:\emule, divx\emule.exe:eMule "TCP Query User{6B7F931C-CD1C-4129-8275-075A30DEBA14}C:\program files\emule\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule "UDP Query User{E353D420-15BC-4837-9CAB-065E359589B3}C:\program files\emule\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule "TCP Query User{2F15F38A-4B46-48E3-8921-FF6FE6D0DFC1}C:\program files\dap\dap.exe"= UDP:C:\program files\dap\dap.exe:Download Accelerator Plus (DAP) "UDP Query User{B6CECE21-CD78-4D4C-A655-7324754C0290}C:\program files\dap\dap.exe"= TCP:C:\program files\dap\dap.exe:Download Accelerator Plus (DAP) "TCP Query User{5703F225-1E15-48AF-B1A4-94C64DE51EFC}C:\program files\gamespy arcade\aphex.exe"= UDP:C:\program files\gamespy arcade\aphex.exe:GameSpy Arcade 1.0 "UDP Query User{E102D4C9-31AC-4E12-B321-5BB85028DBFD}C:\program files\gamespy arcade\aphex.exe"= TCP:C:\program files\gamespy arcade\aphex.exe:GameSpy Arcade 1.0 "TCP Query User{85C72ECC-4223-42B4-8FD0-098CB40C3810}C:\users\antho\downloads\emule\incoming\smiley's center pack.exe"= UDP:C:\users\antho\downloads\emule\incoming\smiley's center pack.exe:smiley's center pack.exe "UDP Query User{5DC80A59-8230-4D1E-93A2-8A4E498A6517}C:\users\antho\downloads\emule\incoming\smiley's center pack.exe"= TCP:C:\users\antho\downloads\emule\incoming\smiley's center pack.exe:smiley's center pack.exe "TCP Query User{C75FFE1D-25D9-436F-985D-E1FB04DB9111}C:\users\antho\downloads\emule\incoming\smiley's center pack avatar.exe"= UDP:C:\users\antho\downloads\emule\incoming\smiley's center pack avatar.exe:smiley's center pack avatar.exe "UDP Query User{BB43F992-B6E7-41D7-8C11-18DEF9AA53EF}C:\users\antho\downloads\emule\incoming\smiley's center pack avatar.exe"= TCP:C:\users\antho\downloads\emule\incoming\smiley's center pack avatar.exe:smiley's center pack avatar.exe "{B52B2D78-8313-4D9D-9207-409385E90B8A}"= UDP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA "{A03A8A84-55C9-4D98-89FB-2D4FF17FAE98}"= TCP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA "{88C3B4D9-57B2-4C73-B30E-1B99F358899B}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent "{A08C9179-3A45-4858-ADE5-9AF3878334D9}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent "TCP Query User{3A71837B-35D6-4379-AE96-F97E83202840}C:\users\antho\program files\bittorrent_dna\dna.exe"= UDP:C:\users\antho\program files\bittorrent_dna\dna.exe:dna.exe "UDP Query User{2D83D689-E235-4C81-990F-9F37CC15C882}C:\users\antho\program files\bittorrent_dna\dna.exe"= TCP:C:\users\antho\program files\bittorrent_dna\dna.exe:dna.exe "TCP Query User{51B2DD42-91F6-4C04-9BB5-675D05ED9126}C:\program files\kss\peertv\peercast.exe"= UDP:C:\program files\kss\peertv\peercast.exe:PeerCast "UDP Query User{6E97BDF2-FAB2-4E6A-B054-92F8C72D4307}C:\program files\kss\peertv\peercast.exe"= TCP:C:\program files\kss\peertv\peercast.exe:PeerCast "TCP Query User{873F9C4F-C846-445B-832A-263418F90C7B}C:\program files\pando networks\pando\pando.exe"= UDP:C:\program files\pando networks\pando\pando.exe:pando "UDP Query User{A7E8F0C4-823E-4FE9-835B-C9C3C12A140F}C:\program files\pando networks\pando\pando.exe"= TCP:C:\program files\pando networks\pando\pando.exe:pando "TCP Query User{DF59C06F-B5DE-4B3E-91B1-1A08CABD9313}C:\users\antho\program files\bittorrent_dna\dna.exe"= UDP:C:\users\antho\program files\bittorrent_dna\dna.exe:dna.exe "UDP Query User{8C79AA92-2EA1-49D0-94D8-ADEA5E249222}C:\users\antho\program files\bittorrent_dna\dna.exe"= TCP:C:\users\antho\program files\bittorrent_dna\dna.exe:dna.exe "TCP Query User{3493BFB2-928E-482F-864F-CD93A687EF7F}C:\program files\bittorrent\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent "UDP Query User{45CDA921-4560-406D-9069-60D42022F657}C:\program files\bittorrent\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent "{D587302D-09DD-43B9-9A41-650B80DCCA73}"= UDP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza "{57FB543D-CC56-4A52-B0EC-5BC25ACCBDDC}"= TCP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza "TCP Query User{B818DD14-FA04-473E-91BB-B4DB118E0CE4}C:\program files\utorrent\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:utorrent "UDP Query User{C7A621C3-F0D6-4C38-9312-74F29F76297A}C:\program files\utorrent\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:utorrent "{A9FF4EEF-81E5-472B-BF29-EDF1A6E21584}"= UDP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza "{04BE99E0-11FB-4B1B-A929-3B4F001BACBB}"= TCP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza "TCP Query User{965FAB58-D1E0-4FCF-8306-5732D844CFF5}C:\program files\limewire\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire "UDP Query User{E12C5356-75E2-4506-AE9A-440FD39764E1}C:\program files\limewire\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire "TCP Query User{84087DB4-DA5B-43AF-A0CC-CC9F7CC226E9}C:\users\antho\program files\bittorrent\bittorrent.exe"= UDP:C:\users\antho\program files\bittorrent\bittorrent.exe:bittorrent.exe "UDP Query User{C0F9C65E-2B48-4FAD-A3C4-10E03B031BEC}C:\users\antho\program files\bittorrent\bittorrent.exe"= TCP:C:\users\antho\program files\bittorrent\bittorrent.exe:bittorrent.exe "TCP Query User{1EA8784C-D890-4410-B7F2-9A76E5480521}C:\users\antho\program files\bittorrent\bittorrent.exe"= UDP:C:\users\antho\program files\bittorrent\bittorrent.exe:bittorrent.exe "UDP Query User{63364818-7361-4227-9407-D97DBA1799B7}C:\users\antho\program files\bittorrent\bittorrent.exe"= TCP:C:\users\antho\program files\bittorrent\bittorrent.exe:bittorrent.exe "TCP Query User{F56E73AA-21E1-49B2-B47B-8B8969D3C3B2}C:\program files\limewire\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire "UDP Query User{15B978BF-686C-4370-BB6B-0EF15DAAD918}C:\program files\limewire\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire "{400FE3C7-136D-4019-81FE-FD5FBC2DF407}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008 "{45651627-9F7B-4B5D-BA95-952807C491A1}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008 "TCP Query User{06FB6572-7F2A-4942-9100-E850B48B4F46}C:\program files\amsn\bin\wish.exe"= UDP:C:\program files\amsn\bin\wish.exe:Wish Application "UDP Query User{89C18C01-D10B-4E50-A0E4-5CD977C0C710}C:\program files\amsn\bin\wish.exe"= TCP:C:\program files\amsn\bin\wish.exe:Wish Application "{7CB965AD-DD8F-4761-AB07-159C89BF8BE3}"= Disabled:UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008 "{759B9853-CB02-4ED5-9500-B2253BF1183F}"= Disabled:TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008 "{6722D139-34A5-4A31-8C05-570D1149A893}"= UDP:C:\Program Files\DNA\btdna.exe:DNA "{41D95863-086B-4981-9D6A-F42AFCAD6BBD}"= TCP:C:\Program Files\DNA\btdna.exe:DNA "TCP Query User{636866E4-5E6C-403B-8403-37276E8F6364}C:\users\antho\documents\logiciels et autres applications\emule.exe"= UDP:C:\users\antho\documents\logiciels et autres applications\emule.exe:emule.exe "UDP Query User{77E2DA1E-EF5F-45D2-9A89-F7B4C639BDF2}C:\users\antho\documents\logiciels et autres applications\emule.exe"= TCP:C:\users\antho\documents\logiciels et autres applications\emule.exe:emule.exe "TCP Query User{BCAF9AAE-45EE-4C58-B05F-79C1FDC8CCB0}C:\users\antho\program files\dna\btdna.exe"= UDP:C:\users\antho\program files\dna\btdna.exe:btdna.exe "UDP Query User{021CC62D-A463-4DBB-8AD5-58C6B649185E}C:\users\antho\program files\dna\btdna.exe"= TCP:C:\users\antho\program files\dna\btdna.exe:btdna.exe "TCP Query User{DB02C6CC-914C-4403-93FD-A5FFF31BCA68}C:\program files\acronis\trueimageconsole\trueimageremoteconsole.exe"= UDP:C:\program files\acronis rueimageconsole rueimageremoteconsole.exe:True Image Remote Console "UDP Query User{8CE30D40-894F-407B-9E7B-9688F67DE45C}C:\program files\acronis\trueimageconsole\trueimageremoteconsole.exe"= TCP:C:\program files\acronis rueimageconsole rueimageremoteconsole.exe:True Image Remote Console "TCP Query User{3D5C1F4A-F5A6-4CB1-A943-8300599EAFBC}C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup "UDP Query User{65F25515-EA6B-4F98-A19D-542C3D5ADD5F}C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup "TCP Query User{DB84317C-DB98-4AEC-B6F1-A4E17280F064}C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\french\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\french\setup.exe:Programme d'installation de Kaspersky Internet Security 7.0 "UDP Query User{C609A5E1-509B-48D2-88EC-37CAEEDEF07D}C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\french\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\french\setup.exe:Programme d'installation de Kaspersky Internet Security 7.0 "TCP Query User{6B4F1D6A-E864-419C-84E5-3D5DF6853790}C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup "UDP Query User{85E1D39A-F6E0-4AAB-BAD3-561C98E2D124}C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup "TCP Query User{0930AD54-DCB8-4862-B3AF-0E7090175125}C:\program files\opera\opera.exe"= UDP:C:\program files\opera\opera.exe:Opera Internet Browser "UDP Query User{3F44E42A-930C-42DF-88CC-F66B8312C2E2}C:\program files\opera\opera.exe"= TCP:C:\program files\opera\opera.exe:Opera Internet Browser "{6802CD02-E0C1-47B2-AF31-8637867F49A9}"= UDP:C:\Program Files\DNA\btdna.exe:DNA "{966EFDE7-0453-45F0-8C1B-61D7C49979D4}"= TCP:C:\Program Files\DNA\btdna.exe:DNA "{4E381DEF-8434-4CC4-8786-8E5953C99457}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "TCP Query User{25EFF61B-BF19-4B9F-84E3-170358469854}C:\program files\phone\skype.exe"= Disabled:UDP:C:\program files\phone\skype.exe:Skype. Take a deep breath "UDP Query User{C72BDAC5-DA32-4EAA-8E29-054B2B6722F2}C:\program files\phone\skype.exe"= Disabled:TCP:C:\program files\phone\skype.exe:Skype. Take a deep breath "{2A99A101-D0E9-483E-BEE9-3C054D7C5B8F}"= UDP:C:\Users\antho\AppData\Roaming\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{A48DB6EA-B739-452F-B394-F1E959A294EE}"= TCP:C:\Users\antho\AppData\Roaming\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{661A2346-E86A-4112-B532-C0ED421FA844}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{1843B412-B58F-45F0-89CB-DE10C507F606}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{9346C052-B7CE-42F8-B09D-F78F303BFD07}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{6D82BDFA-5151-476E-836B-E813DA28C41D}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{9368C9B5-0101-4FF1-AA87-00D840DBDBF9}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{37519672-0D57-4FB8-90BA-1C602D884CE9}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "DoNotAllowExceptions"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) "DoNotAllowExceptions"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\BitTorrent\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 17:22] R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys [2008-05-28 18:49] R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys [2008-05-28 18:49] R1 ElRawDisk;ElRawDisk;C:\Windows\system32\drivers\elrawdsk.sys [2007-09-20 14:12] R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe [2008-04-23 11:59] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot\SDWinSec.exe [2008-01-28 11:43] R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-24 15:46] R3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS etr61.sys [2007-05-11 17:28] S3 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [2006-10-20 05:10] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ccd3e16-5701-11dc-8efb-00038a000015}] \shell\1\Command - autorun.pif \shell\2\Command - autorun.pif \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.pif [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ccd3e1b-5701-11dc-8efb-00038a000015}] \shell\AutoRun\command - K:\LaunchU3.exe -a *Newly Created Service* - COMHOST . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-06-07 20:55:12 C:\Windows\Tasks\User_Feed_Synchronization-{75918A0B-DC7E-4F07-9959-955064C5C2E5}.job" - C:\Windows\system32\msfeedssync.exe "2008-06-08 18:35:00 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"

jlpjlp · Answer

pour fusionner:

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

____________


Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :





File::
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL




Registry::


[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0243BC71-E8CF-4E60-83AC-710A53BF050E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3A2BFA2D-8F90-423F-A84F-FA0923BF25EE}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"=-


Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

patmoss · Answer

Puis-je le faire plus tard demain par exemple. Car là je ne pourrais pas. Je peut eteindre le PC ou le mettre en veille en attendant, qu'est-ce qui est préconiser? En tout cas merci pour tout. Au demarrage AntiVir avait détécté un virus dans C:/Combofix, est-ce normal?

jlpjlp · Answer

il faut désactiver antivir le temps de la procdure que tu peux faire demain ( donc tu peux eteindre le pc)

a plus

patmoss · Answer

ComboFix 08-06-05.3 - antho 2008-06-09 13:04:15.3 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.1.1036.18.242 [GMT 2:00] Endroit: C:\Users\antho\Desktop\ComboFix.exe Command switches used :: C:\Users\antho\Desktop\CFscript.txt FILE :: C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll . ---- Previous Run ------- . C:\Program Files\internet explorer\msimg32.dll C:\Windows\System32\abIRtCfe.ini C:\Windows\System32\abIRtCfe.ini2 C:\Windows\system32\awttRhGY.dll C:\Windows\system32\byXonnmL.dll C:\Windows\system32\f3PSSavr.scr C:\Windows\System32\fOpAaccf.ini C:\Windows\System32\fOpAaccf.ini2 C:\Windows\System32\IQBLRqru.ini C:\Windows\System32\IQBLRqru.ini2 C:\Windows\system32\jkkJyXRH.dll C:\Windows\system32\khfcbawW.dll C:\Windows\System32\kkklSvut.ini C:\Windows\System32\kkklSvut.ini2 C:\Windows\System32\KTtvuwEg.ini C:\Windows\System32\KTtvuwEg.ini2 C:\Windows\System32\LmnnoXyb.ini C:\Windows\System32\LmnnoXyb.ini2 C:\Windows\System32\PWvvCcfe.ini C:\Windows\System32\PWvvCcfe.ini2 C:\Windows\System32\rBehOXyb.ini C:\Windows\System32\rBehOXyb.ini2 C:\Windows\System32\rYFgMnnn.ini C:\Windows\System32\rYFgMnnn.ini2 C:\Windows\System32\vGiiRXbc.ini C:\Windows\System32\vGiiRXbc.ini2 C:\Windows\system32\yayaWPGY.dll C:\Windows\system32\YGPWayay.ini C:\Windows\System32\YGPWayay.ini2 . ((((((((((((((((((((((((((((( Fichiers créés 2008-05-09 to 2008-06-09 )))))))))))))))))))))))))))))))))))) . 2008-06-08 12:03 . 2008-06-08 19:41 d-------- C:\HijackThis 2008-06-08 11:01 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll 2008-06-08 10:01 . 2008-06-08 10:01 d-------- C:\Program Files\Microsoft.NET 2008-06-08 10:01 . 2008-06-08 10:01 d-------- C:\Program Files\HDDGURU LLF Tool 2008-06-08 09:51 . 2008-06-08 09:51 d-------- C:\Program Files\Microsoft Visual Studio 8 2008-06-08 09:47 . 2008-06-08 10:06 d-------- C:\Windows\SHELLNEW 2008-06-08 09:45 . 2008-06-08 11:08 d-------- C:\ProgramData\Microsoft Help 2008-06-08 09:03 . 2008-06-08 09:08 d-a------ C:\office 2007 2008-06-07 21:31 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-06-07 21:31 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll 2008-06-07 17:49 . 2008-06-07 17:49 d-------- C:\Program Files\Hard Drive Inspector 2008-06-07 12:09 . 2008-06-07 19:59 d-------- C:\Program Files\PeerGuardian2 2008-06-07 11:08 . 2008-06-07 11:08 d-------- C:\Users\antho\AppData\Roaming\HDD Thermometer 2008-06-07 11:08 . 2008-06-07 11:08 d-------- C:\ProgramData\HDD Thermometer 2008-06-07 10:47 . 2008-06-07 10:47 d-------- C:\_OTMoveIt 2008-06-06 19:02 . 2008-06-06 19:02 d-------- C:\Users\antho\AppData\Roaming\Malwarebytes 2008-06-06 19:01 . 2008-06-06 19:01 d-------- C:\ProgramData\Malwarebytes 2008-06-06 18:02 . 2008-06-05 10:44 d-------- C:\SDFix 2008-06-06 17:53 . 2008-06-06 19:34 d-------- C:\VundoFix Backups 2008-06-06 17:14 . 2008-06-06 17:14 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-06-06 13:32 . 2008-06-06 21:32 d-------- C:\__eetemp 2008-06-05 22:21 . 2008-06-06 17:13 559 --a------ C:\Windows\wininit.ini 2008-06-04 23:21 . 2008-06-04 23:21 dr------- C:\Windows\System32\config\systemprofile\Videos 2008-06-04 23:21 . 2008-06-04 23:21 dr------- C:\Windows\System32\config\systemprofile\Searches 2008-06-04 23:21 . 2008-06-04 23:21 dr------- C:\Windows\System32\config\systemprofile\Saved Games 2008-06-04 23:21 . 2008-06-04 23:21 dr------- C:\Windows\System32\config\systemprofile\Pictures 2008-06-04 23:21 . 2008-06-04 23:21 dr------- C:\Windows\System32\config\systemprofile\Links 2008-06-04 23:21 . 2008-06-04 23:21 dr------- C:\Windows\System32\config\systemprofile\Downloads 2008-06-04 21:50 . 2008-06-04 20:11 152,576 --a------ C:\Windows\System32\SPWizUI.dll 2008-06-04 21:50 . 2008-06-04 20:11 47,560 --a------ C:\Windows\System32\SPReview.exe 2008-06-04 21:24 . 2008-01-18 23:33 193,024 --a------ C:\Windows\System32\recdisc.exe 2008-06-04 21:24 . 2008-01-18 23:36 6,656 --a------ C:\Windows\System32\sdspres.dll 2008-06-04 21:22 . 2008-01-18 23:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe 2008-06-04 21:20 . 2008-01-18 23:36 142,336 --a------ C:\Windows\System32\spp.dll 2008-06-04 21:20 . 2008-01-18 23:36 28,160 --a------ C:\Windows\System32\sxproxy.dll 2008-06-04 21:18 . 2008-06-04 21:21 d-------- C:\Windows\A1C4EE2BDF144488BC8AF9336D588E97.TMP 2008-06-04 21:15 . 2008-01-18 23:35 4,495,360 --a------ C:\Windows\System32\NlsData0816.dll 2008-06-04 21:14 . 2008-01-18 23:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll 2008-06-04 21:13 . 2008-01-18 23:33 5,714,432 --a------ C:\Windows\System32\logon.scr 2008-06-04 21:11 . 2008-01-18 23:36 2,153,472 --a------ C:\Windows\System32\oobefldr.dll 2008-06-04 21:10 . 2008-01-18 23:33 2,927,104 --a------ C:\Windows\explorer.exe 2008-06-04 21:09 . 2008-01-18 23:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll 2008-06-04 21:07 . 2008-01-18 23:33 3,216,896 --a------ C:\Windows\System32\WinSAT.exe 2008-06-04 21:05 . 2008-01-18 23:43 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys 2008-06-04 21:04 . 2008-01-18 23:32 691,200 --a------ C:\Windows\System32\TabletPC.cpl 2008-06-04 21:02 . 2008-01-18 23:33 8,139,264 --a------ C:\Windows\System32\ssBranded.scr 2008-06-04 21:01 . 2008-01-18 21:31 8,322,048 --a------ C:\Windows\System32\spwizimg.dll 2008-06-04 21:00 . 2008-01-18 23:36 1,505,792 --a------ C:\Windows\System32\tquery.dll 2008-06-04 20:59 . 2008-01-18 23:36 2,588,160 --a------ C:\Windows\System32\UIHub.dll 2008-06-04 20:58 . 2008-01-18 21:28 226,816 --a------ C:\Windows\System32\drivers\udfs.sys 2008-06-04 20:58 . 2008-01-18 23:36 208,384 --a------ C:\Windows\System32\uDWM.dll 2008-06-04 20:58 . 2008-01-18 23:36 152,064 --a------ C:\Windows\System32\UIAutomationCore.dll 2008-06-04 20:58 . 2008-01-18 23:36 92,672 --a------ C:\Windows\System32\ufat.dll 2008-06-04 20:58 . 2008-01-18 23:36 89,088 --a------ C:\Windows\System32\txflog.dll 2008-06-04 20:58 . 2008-01-18 23:36 56,320 --a------ C:\Windows\System32\uexfat.dll 2008-06-04 20:58 . 2008-01-18 23:33 35,840 --a------ C:\Windows\System32\UI0Detect.exe 2008-06-04 20:58 . 2008-01-05 03:21 28,672 --a------ C:\Windows\System32\TsWpfWrp.exe 2008-06-04 20:58 . 2008-01-18 21:55 23,040 --a------ C:\Windows\System32\drivers\tunnel.sys 2008-06-04 20:58 . 2008-01-18 21:55 15,360 --a------ C:\Windows\System32\drivers\TUNMP.SYS 2008-06-04 20:25 . 2008-01-18 23:33 44,032 --a------ C:\Windows\System32\cbsra.exe 2008-06-04 20:11 . 2008-06-04 20:11 d-------- C:\96c2110d97d1b8b8abf446f4818453 2008-06-04 18:43 . 2008-06-04 18:52 d-------- C:\ProgramData\Spybot - Search & Destroy 2008-06-04 18:43 . 2008-06-08 19:21 d-------- C:\Program Files\Spybot 2008-06-03 20:21 . 2008-06-03 20:21 d-------- C:\Program Files\NeoSmart Technologies 2008-06-03 20:19 . 2008-06-03 20:20 d-------- C:\Program Files\Mz_CpuAcc 2008-06-03 20:17 . 2008-06-03 20:17 d-------- C:\Program Files\FreshDevices 2008-06-01 15:51 . 2008-06-04 20:09 d-------- C:\Program Files\Hard Disk Sentinel 2008-06-01 00:24 . 2008-06-01 00:24 d-------- C:\Program Files\Microsoft Silverlight 2008-06-01 00:05 . 2008-01-18 23:34 15,872 --a------ C:\Windows\System32\hcrstco.dll 2008-05-31 21:30 . 2008-05-31 21:30 d-------- C:\ProgramData\TechSmith 2008-05-31 21:27 . 2008-05-31 21:27 d-------- C:\Program Files\TechSmith 2008-05-30 20:03 . 2008-05-30 20:03 d-------- C:\Program Files\AxBx 2008-05-29 21:51 . 2008-05-29 21:52 d-------- C:\Program Files\Windows Live Toolbar 2008-05-29 21:40 . 2008-05-29 21:40 d-------- C:\Windows\PCHEALTH 2008-05-29 21:40 . 2008-06-05 18:59 d-------- C:\Program Files\MSN Messenger 2008-05-29 21:18 . 2006-10-30 17:22 8,192 --a------ C:\Windows\System32\drivers\AtiPcie.sys 2008-05-29 19:05 . 2008-05-29 19:05 d-------- C:\Windows\Repair 2008-05-28 23:19 . 2007-07-04 00:16 1,820 --a------ C:\Windows\System32\rasctrnm.h 2008-05-28 23:04 . 2008-06-04 21:53 81,920 --a------ C:\Windows\SPInstall.etl 2008-05-28 22:10 . 2008-06-04 18:42 0 --ah----- C:\Users\Default.LOG2 2008-05-28 22:10 . 2008-06-04 18:42 0 --ah----- C:\Users\Default.LOG1 2008-05-28 22:10 . 2008-05-28 22:10 0 --ah----- C:\ProgramData.LOG2 2008-05-28 22:10 . 2008-05-28 22:10 0 --ah----- C:\ProgramData.LOG1 2008-05-28 20:01 . 2008-06-05 08:09 d-------- C:\Users\antho\AppData\Roaming\ESTsoft 2008-05-28 20:01 . 2008-05-28 20:02 d-------- C:\Program Files\ESTsoft 2008-05-28 19:42 . 2008-05-28 19:45 d-------- C:\Users\antho\AppData\Roaming\Notepad++ 2008-05-28 19:42 . 2008-05-28 19:42 d-------- C:\Program Files\Notepad++ 2008-05-28 19:31 . 2008-05-28 19:31 d-------- C:\Program Files\Intel 2008-05-28 18:28 . 2008-05-28 18:28 d-------- C:\Program Files\COMODO 2008-05-28 18:28 . 2008-05-28 18:49 76,280 --a------ C:\Windows\System32\drivers\cmdGuard.sys 2008-05-28 18:28 . 2008-05-28 18:49 24,568 --a------ C:\Windows\System32\drivers\cmdhlp.sys 2008-05-28 13:22 . 2006-10-25 19:09 758,352 --a------ C:\fwconfig.exe 2008-05-28 13:22 . 2006-10-25 19:09 131,072 --a------ C:\clicapi.dll 2008-05-26 21:49 . 2008-05-26 21:49 d-------- C:\ProgramData\Avira 2008-05-26 21:49 . 2008-05-26 21:49 d-------- C:\Program Files\Avira 2008-05-26 19:28 . 2008-05-26 20:23 81,984 --a------ C:\Windows\System32\bdod.bin 2008-05-25 14:42 . 2008-05-26 20:27 121 --a------ C:\Windows\bdagent.INI 2008-05-25 14:06 . 2008-05-26 20:30 d-------- C:\Program Files\BitDefender 2008-05-25 14:03 . 2008-05-26 20:30 d-------- C:\Program Files\Common Files\BitDefender 2008-05-25 13:59 . 2008-05-25 13:59 d-------- C:\Programas 2008-05-24 18:42 . 2007-12-15 18:35 1,626 --a------ C:\[u]0/u2B780B8.key 2008-05-24 14:06 . 2008-05-25 13:35 d-------- C:\ProgramData\Kaspersky Lab 2008-05-18 09:57 . 2008-05-18 09:57 d-------- C:\ProgramData\Kaspersky Lab Setup Files 2008-05-17 21:09 . 2008-05-18 09:04 171,136 -rahs---- C:\grldr 2008-05-17 08:37 . 2008-05-17 08:38 d-------- C:\Program Files\Opera 2008-05-16 09:00 . 2008-05-16 09:00 d-------- C:\ProgramData\eMule 2008-05-15 19:55 . 2008-05-15 19:55 d-------- C:\Program Files\BSD Concept 2008-05-15 12:42 . 2008-05-15 12:42 d-------- C:\Program Files\MagicISO 2008-05-14 22:11 . 2008-06-06 13:41 0 ---hs---- C:\Windows\S164E22E3.tmp 2008-05-14 22:06 . 2008-05-14 22:06 d-------- C:\Program Files\SlySoft 2008-05-11 13:03 . 2008-05-11 13:08 d-------- C:\Program Files\Common Files\Adobe 2008-05-09 16:29 . 2008-05-09 16:29 d-------- C:\Program Files\Ligos 2008-05-09 16:29 . 2000-06-23 14:05 136,704 --a------ C:\Windows\System32\iacenc.dll 2008-05-09 16:29 . 2000-06-22 13:09 56,320 --------- C:\Windows\System32\iyvu9_32.dll 2008-05-09 16:21 . 2008-05-09 16:21 d-------- C:\Program Files\MediaTV 2008-05-09 16:09 . 2008-05-11 09:54 d-------- C:\Program Files\DivXCodec . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-09 11:03 --------- d-----w C:\Users\antho\AppData\Roaming\DNA 2008-06-09 10:58 --------- d-----w C:\Users\antho\AppData\Roaming\DMCache 2008-06-09 10:53 --------- d-----w C:\Users\antho\AppData\Roaming\Skype 2008-06-08 18:33 --------- d-----w C:\Users\antho\AppData\Roaming\OpenOffice.org2 2008-06-08 17:21 --------- d-----w C:\Program Files\Internet Download Manager 2008-06-08 10:15 --------- d-----w C:\Users\antho\AppData\Roaming\Vista Start Menu 2008-06-08 09:43 --------- d-----w C:\Users\antho\AppData\Roaming\uTorrent 2008-06-08 08:10 --------- d-----w C:\Program Files\Microsoft Works 2008-06-08 08:09 --------- d-----w C:\Program Files\MSBuild 2008-06-08 06:42 --------- d-----w C:\Program Files\Common Files\L&H 2008-06-08 01:08 --------- d-----w C:\Program Files\Windows Mail 2008-06-07 21:26 --------- d-----w C:\ProgramData\Roxio 2008-06-07 20:45 24,306 ----a-w C:\Users\antho\AppData\Roaming\wklnhst.dat 2008-06-06 17:09 --------- d-----w C:\Program Files\PowerISO 2008-06-05 20:41 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-06-05 18:58 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-06-05 16:28 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-05 16:13 --------- d-----w C:\Program Files\Common Files\Acronis 2008-06-04 21:15 174 --sha-w C:\Program Files\desktop.ini 2008-06-04 20:52 --------- d-----w C:\Program Files\Windows Sidebar 2008-06-04 20:52 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-06-04 20:52 --------- d-----w C:\Program Files\Windows Collaboration 2008-06-04 20:52 --------- d-----w C:\Program Files\Windows Calendar 2008-06-04 20:51 --------- d-----w C:\Program Files\Windows Defender 2008-06-04 20:06 82,432 ----a-w C:\Windows\System32\axaltocm.dll 2008-06-04 20:06 101,888 ----a-w C:\Windows\System32\ifxcardm.dll 2008-06-01 18:41 --------- d-----w C:\Program Files\RALINK 2008-05-31 01:15 --------- d-----w C:\Program Files\Learning Essentials 2008-05-29 20:16 --------- d-----w C:\Program Files\ATI 2008-05-28 20:41 --------- d-----w C:\Users\antho\AppData\Roaming\Packard Bell 2008-05-28 16:49 139,008 ----a-w C:\Windows\System32\guard32.dll 2008-05-28 16:28 --------- d-----w C:\Users\antho\AppData\Roaming\Comodo 2008-05-26 17:51 --------- d-----w C:\Program Files\Symantec 2008-05-24 16:58 --------- d-----w C:\Program Files\Alwil Software 2008-05-24 16:56 --------- d-----w C:\Users\antho\AppData\Roaming\IDM 2008-05-16 06:55 --------- d-----w C:\Program Files\eMule 2008-05-01 07:34 --------- d-----w C:\ProgramData\Symantec 2008-04-26 09:49 --------- d-----w C:\Program Files\AOL 9.0 VR 2008-04-26 09:47 --------- d-----w C:\Users\antho\AppData\Roaming\LimeWire 2008-04-25 20:32 --------- d-----w C:\Program Files\Quicken 2008-04-25 20:06 --------- d-----w C:\Users\antho\AppData\Roaming\Systweak 2008-04-25 20:06 --------- d-----w C:\Program Files\Advanced System Optimizer 2008-04-25 19:51 --------- d-----w C:\Users\antho\AppData\Roaming\Application Data 2008-04-25 19:43 --------- d-----w C:\Program Files\Philips 2008-04-25 17:17 --------- d-----w C:\Program Files\Auralog 2008-04-25 10:02 --------- d-----w C:\Users\antho\AppData\Roaming\BSDh9 2008-04-24 18:44 --------- d---a-w C:\ProgramData\TEMP 2008-04-24 12:59 --------- d-----w C:\Users\antho\AppData\Roaming\iolo 2008-04-23 15:25 100,904 ----a-w C:\Users\antho\AppData\Roaming\GDIPFONTCACHEV1.DAT 2008-04-23 11:41 --------- d-----w C:\Program Files\SweetIM 2008-04-23 11:39 --------- d-----w C:\ProgramData\SweetIM 2008-04-23 08:24 --------- d-----w C:\ProgramData\Genie-Soft 2008-04-23 08:21 --------- d-----w C:\Program Files\Common Files\PX Storage Engine 2008-04-23 08:19 --------- d-----w C:\Program Files\Genie-Soft 2008-04-21 21:03 --------- d-----w C:\Program Files\OpenOffice.org 2.4 2008-04-21 18:49 --------- d-----w C:\ProgramData\iolo 2008-04-14 17:56 --------- d-----w C:\Users\antho\AppData\Roaming\Simply Super Software 2008-04-14 17:56 --------- d-----w C:\ProgramData\Simply Super Software 2008-04-13 19:17 --------- d-----w C:\ProgramData\BVRP Software 2008-04-13 18:57 --------- d-----w C:\Users\antho\AppData\Roaming\Avanquest 2008-04-13 18:57 --------- d-----w C:\ProgramData\Avanquest 2008-04-13 18:45 --------- d-----w C:\Program Files\Avanquest 2008-04-13 09:55 74,703 ----a-w C:\Windows\System32\mfc45.dll 2008-04-12 10:14 --------- d-----w C:\Program Files\Microsoft Etudes 2008-04-10 19:09 --------- d--h--w C:\ProgramData\{A526BBD6-4321-4B38-BF34-B3C9B982DA32} 2008-04-10 18:58 --------- d-----w C:\ProgramData\{CFAB4006-0AE0-414D-866A-DCB2C46553CF} 2008-04-10 18:56 --------- d-----w C:\Program Files\Blaze Media Pro 2007-10-11 17:33 278,528 ----a-w C:\Program Files\Common Files\FDEUnInstaller.exe 2005-11-04 15:59 135,525 ----a-w C:\Program Files\Common Files\ReportPreview.app 2005-01-21 06:53 45,056 ------r C:\Program Files\SetAttrib.exe 2004-11-30 13:23 40,960 ------r C:\Program Files\delete.exe 2008-02-17 11:28 5 --sha-w C:\Windows\System32\afcfdcbd6_g.dll 2007-10-30 22:31 11,270 --sha-w C:\Windows\System32\KGyGaAvL.sys 2006-11-02 12:34 168,960 --sha-w C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16386_none_09330123522ea8c1\wmplayer.exe . ------- Sigcheck ------- . ((((((((((((((((((((((((((((( snapshot@2008-06-06_21.40.20.17 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-18 21:33:42 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll + 2008-03-08 04:19:20 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll - 2008-01-18 21:33:42 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll + 2008-03-08 04:19:20 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll - 2006-11-02 07:11:38 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll + 2008-03-08 01:58:43 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll - 2008-01-18 21:33:42 459,264 ----a-w C:\Windows\AppPatch\AcSpecfc.dll + 2008-03-08 04:19:21 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll - 2008-01-18 21:33:44 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll + 2008-03-08 04:19:21 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll - 2007-10-28 17:15:38 110,592 ----a-w C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll + 2008-06-08 08:10:09 110,592 ----a-w C:\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll + 2008-06-08 08:10:15 4,608 ----a-w C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll + 2008-06-08 08:09:59 1,215,328 ----a-w C:\Windows\assembly\GAC\IACore\1.7.6223.0__31bf3856ad364e35\IACore.dll + 2008-06-08 08:10:00 82,784 ----a-w C:\Windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll + 2008-06-08 08:09:38 31,560 ----a-w C:\Windows\assembly\GAC\ipdmctrl\11.0.0.0__71e9bce111e9429c\IPDMCTRL.DLL + 2008-06-08 08:10:07 8,007,680 ----a-w C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll + 2008-06-08 08:09:38 16,712 ----a-w C:\Windows\assembly\GAC\Microsoft.Office.InfoPath.Permission\12.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Permission.dll + 2008-06-08 08:02:34 80,696 ----a-w C:\Windows\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll + 2008-06-08 08:06:15 1,612,592 ----a-w C:\Windows\assembly\GAC\Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll + 2008-06-08 08:06:16 1,276,720 ----a-w C:\Windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll + 2008-06-08 08:06:16 150,320 ----a-w C:\Windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll + 2008-06-08 08:09:41 404,296 ----a-w C:\Windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.SemiTrust\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.SemiTrust.dll + 2008-06-08 08:06:24 88,896 ----a-w C:\Windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll + 2008-06-08 08:06:22 146,232 ----a-w C:\Windows\assembly\GAC\Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll + 2008-06-08 08:08:54 17,208 ----a-w C:\Windows\assembly\GAC\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OneNote.dll + 2008-06-08 08:06:18 920,376 ----a-w C:\Windows\assembly\GAC\Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll + 2008-06-08 08:06:19 35,648 ----a-w C:\Windows\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll + 2008-06-08 08:06:20 248,632 ----a-w C:\Windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll + 2008-06-08 08:06:20 232,248 ----a-w C:\Windows\assembly\GAC\Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll + 2008-06-08 08:06:17 20,280 ----a-w C:\Windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll + 2008-06-08 08:06:21 781,104 ----a-w C:\Windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll + 2008-06-08 08:10:04 13,312 ----a-w C:\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll + 2008-06-08 08:06:16 371,496 ----a-w C:\Windows\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll + 2008-06-08 08:06:21 64,288 ----a-w C:\Windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll + 2008-06-08 08:06:18 416,544 ----a-w C:\Windows\assembly\GAC\Office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL + 2008-06-08 08:02:26 12,104 ----a-w C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Access.dll + 2008-06-08 08:02:37 12,096 ----a-w C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll + 2008-06-08 08:07:25 12,096 ----a-w C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll + 2008-06-08 08:09:43 12,616 ----a-w C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml.dll + 2008-06-08 08:09:41 12,616 ----a-w C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.dll + 2008-06-08 08:09:03 12,104 ----a-w C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Outlook.dll + 2008-06-08 08:08:54 12,632 ----a-w C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl.dll + 2008-06-08 08:09:03 12,112 ----a-w C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll + 2008-06-08 08:09:24 12,104 ----a-w C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Publisher.dll + 2008-06-08 08:08:29 12,104 ----a-w C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll + 2008-06-08 08:09:33 12,096 ----a-w C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll + 2008-06-08 08:08:35 12,080 ----a-w C:\Windows\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll + 2008-06-08 08:08:34 11,544 ----a-w C:\Windows\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll + 2008-06-08 08:09:39 118,112 ----a-w C:\Windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll + 2008-06-08 08:10:35 367,400 ----a-w C:\Windows\assembly\GAC_32\Microsoft.VisualStudio.Tools.Applications.InteropAdapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.InteropAdapter.dll + 2008-06-08 08:09:39 609,104 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Client.Internal.Host\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.dll + 2008-06-08 08:09:38 43,840 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.FormControl\12.0.0.0__71e9bce111e9429c\microsoft.office.infopath.formcontrol.dll + 2008-06-08 08:09:42 39,728 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Vsta\12.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Vsta.dll + 2008-06-08 08:09:39 60,200 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.dll + 2008-06-08 08:09:57 211,736 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Adapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Adapter.dll + 2008-06-08 08:09:57 105,248 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInManager\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.AddInManager.dll + 2008-06-08 08:09:55 330,520 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Blueprints\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Blueprints.dll + 2008-06-08 08:09:57 39,712 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll + 2008-06-08 08:09:58 39,704 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Contract\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Contract.dll + 2008-06-08 08:09:56 72,472 ----a-w C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.DesignTime\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.DesignTime.dll + 2008-06-08 08:09:58 47,832 ----a-w C:\Windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll + 2008-06-08 08:09:58 39,624 ----a-w C:\Windows\assembly\GAC_MSIL\System.AddIn\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.dll - 2008-06-06 19:23:57 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-06-09 10:32:59 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-06-08 09:04:05 1,165,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe + 2008-06-08 09:04:06 20,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe + 2008-06-08 09:04:05 159,504 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe + 2008-06-08 09:04:06 184,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe + 2008-06-08 09:04:06 217,864 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe + 2008-06-08 09:04:06 18,704 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe + 2008-06-08 09:04:07 35,088 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe + 2008-06-08 09:04:06 845,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe + 2008-06-08 09:04:06 922,384 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe + 2008-06-08 09:04:06 272,648 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe + 2008-06-08 09:04:07 888,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe + 2008-06-08 09:04:05 1,172,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe + 2008-06-08 07:46:36 217,864 ----a-r C:\Windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe + 2008-06-07 19:49:27 32,768 ----a-r C:\Windows\Installer\{C523D256-313D-4866-B36A-F3DE528246EF}\icon.exe + 2008-06-08 18:23:10 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-06-08 18:23:10 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2008-06-06 19:24:46 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat + 2008-06-08 18:25:58 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat - 2008-06-06 19:24:46 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat + 2008-06-08 18:25:52 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat + 2008-06-08 18:25:52 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2008-06-06 15:27:45 1,672 ----a-w C:\Windows\SoftwareDistribution\EventCache\{8F66E85A-166A-4F9E-AB4D-C48795EABEF2}.bin + 2008-06-08 09:47:36 7,858 ----a-w C:\Windows\SoftwareDistribution\EventCache\{8F66E85A-166A-4F9E-AB4D-C48795EABEF2}.bin - 2008-06-06 17:13:44 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-06-09 10:53:36 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-06-06 17:13:44 98,304 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-06-09 10:53:36 98,304 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-06-06 17:13:44 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-06-09 10:53:36 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 1999-10-17 18:01:42 1,129,232 ----a-w C:\Windows\System32\FM20.DLL + 2006-10-26 12:10:08 1,190,688 ----a-w C:\Windows\System32\FM20.DLL - 1999-10-17 18:01:16 26,384 ----a-w C:\Windows\System32\FM20ENU.DLL + 2006-10-26 12:10:06 33,088 ----a-w C:\Windows\System32\FM20ENU.DLL - 2008-06-06 11:42:17 391,112 ----a-w C:\Windows\System32\FNTCACHE.DAT + 2008-06-08 16:57:20 476,352 ----a-w C:\Windows\System32\FNTCACHE.DAT + 2008-02-27 03:50:08 189,704 ----a-w C:\Windows\System32\HDDSvc.exe - 2007-05-08 13:03:04 1,275,392 ----a-w C:\Windows\System32\msxml4.dll + 2007-08-24 16:08:24 1,275,392 ----a-w C:\Windows\System32\msxml4.dll - 2008-06-06 18:55:17 104,742 ----a-w C:\Windows\System32\perfc009.dat + 2008-06-08 18:36:16 104,940 ----a-w C:\Windows\System32\perfc009.dat - 2008-06-06 18:55:17 127,798 ----a-w C:\Windows\System32\perfc00C.dat + 2008-06-08 18:36:16 128,004 ----a-w C:\Windows\System32\perfc00C.dat - 2008-06-06 18:55:17 595,308 ----a-w C:\Windows\System32\perfh009.dat + 2008-06-08 18:36:16 595,506 ----a-w C:\Windows\System32\perfh009.dat - 2008-06-06 18:55:17 196,388 ----a-w C:\Windows\System32\perfh00C.dat + 2008-06-08 18:36:16 196,626 ----a-w C:\Windows\System32\perfh00C.dat - 1998-03-24 19:54:08 15,872 ----a-w C:\Windows\System32\SCP32.DLL + 2006-07-24 08:50:40 39,728 ----a-w C:\Windows\System32\SCP32.DLL - 2008-06-06 11:39:08 6,029,312 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat + 2008-06-08 01:09:33 6,029,312 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat + 2006-10-26 17:56:16 864,080 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\msonpdrv.dll + 2006-10-26 17:56:14 67,408 ----a-w C:\Windows\System32\spool\drivers\w32x86\3\msonpui.dll + 2006-10-26 17:56:16 864,080 ----a-w C:\Windows\System32\spool\drivers\w32x86\msonpdrv.dll + 2006-10-26 17:56:14 67,408 ----a-w C:\Windows\System32\spool\drivers\w32x86\msonpui.dll + 2006-10-26 17:56:12 33,104 ----a-w C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll - 1999-11-24 16:40:50 40,960 ----a-w C:\Windows\System32\VBAME.DLL + 2006-07-24 08:50:40 47,920 ----a-w C:\Windows\System32\VBAME.DLL - 2008-06-06 11:46:11 13,166 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3525442163-3756774792-3855537706-1002_UserData.bin + 2008-06-08 18:26:45 13,484 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3525442163-3756774792-3855537706-1002_UserData.bin - 2008-06-06 11:46:11 68,456 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-06-08 18:26:44 69,228 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-06-06 11:38:22 5,490 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat + 2008-06-08 11:36:54 5,490 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat - 2008-06-06 11:46:06 71,398 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-06-08 01:14:27 72,194 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin - 2008-06-04 16:18:06 281,894 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2008-06-09 10:33:28 286,248 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin - 2008-06-04 21:01:34 250,276,053 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin + 2008-06-07 19:49:47 250,278,469 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin + 2008-03-08 00:22:51 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16651_none_0a06ea31f54d7fe8\AcRes.dll + 2008-03-08 00:15:10 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.20788_none_0a77193f0e7d24e6\AcRes.dll + 2008-03-08 01:58:43 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18032_none_0c03c8f9f262f24e\AcRes.dll + 2008-03-08 01:56:45 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22132_none_0c8d65c50b809218\AcRes.dll + 2008-03-08 04:30:03 2,144,256 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16651_none_0a08eac5f54bb296\AcGenral.dll + 2008-03-08 04:15:43 2,144,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.20788_none_0a7919d30e7b5794\AcGenral.dll + 2008-03-08 04:19:20 2,153,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18032_none_0c05c98df26124fc\AcGenral.dll + 2008-03-08 04:09:28 2,153,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22132_none_0c8f66590b7ec4c6\AcGenral.dll + 2008-03-08 04:30:03 449,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16651_none_0a09eb0ff54acbed\AcSpecfc.dll + 2008-03-08 04:15:44 450,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.20788_none_0a7a1a1d0e7a70eb\AcSpecfc.dll + 2008-03-08 04:19:21 458,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18032_none_0c06c9d7f2603e53\AcSpecfc.dll + 2008-03-08 04:09:29 458,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22132_none_0c9066a30b7dde1d\AcSpecfc.dll + 2008-03-08 04:30:03 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16651_none_0a0aeb59f549e544\AcLayers.dll + 2008-03-08 04:30:03 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16651_none_0a0aeb59f549e544\AcXtrnal.dll + 2008-03-08 04:15:44 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20788_none_0a7b1a670e798a42\AcLayers.dll + 2008-03-08 04:15:44 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20788_none_0a7b1a670e798a42\AcXtrnal.dll + 2008-03-08 04:19:20 540,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18032_none_0c07ca21f25f57aa\AcLayers.dll + 2008-03-08 04:19:21 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18032_none_0c07ca21f25f57aa\AcXtrnal.dll + 2008-03-08 04:09:28 540,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22132_none_0c9166ed0b7cf774\AcLayers.dll + 2008-03-08 04:09:30 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22132_none_0c9166ed0b7cf774\AcXtrnal.dll + 2008-03-08 04:30:04 1,686,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16651_none_3fe50116c43e1596\gameux.dll + 2008-03-08 00:37:02 4,247,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16651_none_3fe50116c43e1596\GameUXLegacyGDFs.dll + 2008-03-08 04:16:23 1,686,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20788_none_40553023dd6dba94\gameux.dll + 2008-03-08 00:29:38 4,247,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20788_none_40553023dd6dba94\GameUXLegacyGDFs.dll + 2008-03-08 04:21:55 1,695,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18032_none_41e1dfdec15387fc\gameux.dll + 2008-03-08 02:08:55 4,240,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18032_none_41e1dfdec15387fc\GameUXLegacyGDFs.dll + 2008-03-08 04:10:46 1,695,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22132_none_426b7ca9da7127c6\gameux.dll + 2008-03-08 02:09:25 4,240,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22132_none_426b7ca9da7127c6\GameUXLegacyGDFs.dll + 2008-04-16 00:49:12 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16674_none_f05a2d326e88eb29\OESpamFilter.dat + 2008-04-16 00:44:28 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20815_none_f125abb58774f9cb\OESpamFilter.dat + 2008-04-16 00:44:37 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18054_none_f2560bb06b9f4438\OESpamFilter.dat + 2008-04-16 00:43:45 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22159_none_f2e4a9ed84b862b5\OESpamFilter.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-20 18:26 289088] "PCMService"="c:\Program Files\Powercinema\PCMService.exe" [2006-11-15 16:49 151552] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 14:23 200704] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-08-25 12:11 81920] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 12:11 221184] "VistaStartMenu"="C:\Program Files\Vista Start Menu\VistaStartMenu.exe" [2007-10-29 18:47 1682944] "SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2006-10-23 16:49 1092152] "Meteo Fusion"="C:\Program Files\Eggiz\Meteo Fusion\Meteo Fusion.exe" [2007-04-12 13:01 294912] "IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-01-23 17:15 2577840] "Skype"="C:\Program Files\Phone\Skype.exe" [2007-09-13 13:31 22880040] "RunSpySweeperScheduleAtStartup"="C:\Windows\system32\msfeedssync.exe" [2008-01-18 23:33 12800] "MzCpuAccelerator"="C:\Program Files\Mz_CpuAcc\MzCpuAccelerator.exe" [2008-05-29 00:15 159744] "SpybotSD TeaTimer"="C:\Program Files\Spybot\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 12:11 221184] "GBMPro8Agent"="C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe" [2008-01-27 09:55 230016] "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 21:21 57344] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-05-28 18:48 1481984] "HDInspector.exe"="C:\Program Files\Hard Drive Inspector\HDInspector.exe" [2008-03-26 18:22 1007368] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] C:\Users\antho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ FullShot 9.lnk - C:\Program Files\Inbit\FullShot 9\FULLSHOT.exe [2007-07-04 01:00:00 3993600] OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 15:41:28 393216] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2007-10-15 17:41:47 1585152] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "AllowLegacyWebView"= 1 (0x1) "AllowUnhashedWebView"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoBandCustomize"= 0 (0x0) "NoMovingBands"= 0 (0x0) "NoCloseDragDropBands"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.avis"= ffvfw.dll "vidc.fvfw"= ffvfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a------ 2006-10-24 23:08 107112 C:\Program Files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz] --a------ 2007-11-26 20:46 456072 C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng] --a------ 2008-01-29 17:38 583048 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3525442163-3756774792-3855537706-1002] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{01E66E1C-3F58-4100-9979-969E84A0185F}"= UDP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Autoconnect "{7E6503D6-F74C-4404-B1D2-C5F5BFAA3F4C}"= TCP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Autoconnect "{46287467-9706-4F01-87B8-04F8E32FBF8E}"= UDP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:module de connexion AOL "{68EECAC6-165F-4634-8DCF-3EF2D444A33F}"= TCP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:module de connexion AOL "{1809F410-608B-4960-8A0A-8EE63FCDD1E8}"= UDP:C:\Program Files\AOL 9.0 VR\waol.exe:AOL "{01955B9E-02AC-4CA0-9E1B-401FF76EDA0B}"= TCP:C:\Program Files\AOL 9.0 VR\waol.exe:AOL "{BD688FB9-3901-4073-A779-453A3F48E281}"= UDP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed "{2E6E59BC-17D0-4C9F-88A9-260913C3B64F}"= TCP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed "{FD843E49-9219-4181-9B2D-836C7F552C04}"= UDP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader "{E2CE24DB-1978-41EF-BE46-B742741D090D}"= TCP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader "{581C3C69-E48E-440B-BCDC-736440C35946}"= UDP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information "{5B4E6F60-A58C-4A40-99EB-C8078B8B3CA9}"= TCP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information "{FDE4E33C-94E9-40AA-9ED4-C4057CDCF405}"= UDP:C:\Program Files\Powercinema\PowerCinema.exe:CyberLink PowerCinema "{59F25144-3256-4102-940E-7C16BBBE40AC}"= TCP:C:\Program Files\Powercinema\PowerCinema.exe:CyberLink PowerCinema "{E73B0411-5451-4930-AC79-C0D016568B1C}"= UDP:C:\Program Files\Powercinema\PCMService.exe:CyberLink PowerCinema Resident Program "{C74E8417-8F17-4E34-B212-2C3AFE355A2C}"= TCP:C:\Program Files\Powercinema\PCMService.exe:CyberLink PowerCinema Resident Program "{91DBBC18-3919-4F47-B3CA-457DC4B9E0C7}"= UDP:C:\Windows\System32\WindowsAnytimeUpgrade.exe:Achat de mise à niveau en ligne "{74AE9E5F-5689-41AB-9A6F-E6D03E117267}"= TCP:C:\Windows\System32\WindowsAnytimeUpgrade.exe:Achat de mise à niveau en ligne "TCP Query User{07A95485-2F6E-4CE0-8053-0CC0A04051E4}C:\users\antho\documents\logiciels et autres applications\emule.exe"= UDP:C:\users\antho\documents\logiciels et autres applications\emule.exe:emule.exe "UDP Query User{8BBBA791-BA17-431D-A9FE-0DC0A29D4090}C:\users\antho\documents\logiciels et autres applications\emule.exe"= TCP:C:\users\antho\documents\logiciels et autres applications\emule.exe:emule.exe "TCP Query User{6A2D8392-0021-4BEF-BFB6-F9E638563201}C:\program files\emule\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule "UDP Query User{6FA76C49-8162-44A3-92DC-14EB9B2BA6F7}C:\program files\emule\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule "{0C22D93B-237C-4F96-A5BB-70A4DFEE4EDA}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent "{97492C02-5B44-4F5D-AFB0-605C6A2A9B87}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent "TCP Query User{37A804FE-AEFC-44DD-A9A6-36C14A337080}D:\emule, divx\emule.exe"= UDP:D:\emule, divx\emule.exe:eMule "UDP Query User{6632D0CD-0207-4DC5-B535-844EBBF9D289}D:\emule, divx\emule.exe"= TCP:D:\emule, divx\emule.exe:eMule "TCP Query User{6B7F931C-CD1C-4129-8275-075A30DEBA14}C:\program files\emule\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule "UDP Query User{E353D420-15BC-4837-9CAB-065E359589B3}C:\program files\emule\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule "TCP Query User{2F15F38A-4B46-48E3-8921-FF6FE6D0DFC1}C:\program files\dap\dap.exe"= UDP:C:\program files\dap\dap.exe:Download Accelerator Plus (DAP) "UDP Query User{B6CECE21-CD78-4D4C-A655-7324754C0290}C:\program files\dap\dap.exe"= TCP:C:\program files\dap\dap.exe:Download Accelerator Plus (DAP) "TCP Query User{5703F225-1E15-48AF-B1A4-94C64DE51EFC}C:\program files\gamespy arcade\aphex.exe"= UDP:C:\program files\gamespy arcade\aphex.exe:GameSpy Arcade 1.0 "UDP Query User{E102D4C9-31AC-4E12-B321-5BB85028DBFD}C:\program files\gamespy arcade\aphex.exe"= TCP:C:\program files\gamespy arcade\aphex.exe:GameSpy Arcade 1.0 "TCP Query User{85C72ECC-4223-42B4-8FD0-098CB40C3810}C:\users\antho\downloads\emule\incoming\smiley's center pack.exe"= UDP:C:\users\antho\downloads\emule\incoming\smiley's center pack.exe:smiley's center pack.exe "UDP Query User{5DC80A59-8230-4D1E-93A2-8A4E498A6517}C:\users\antho\downloads\emule\incoming\smiley's center pack.exe"= TCP:C:\users\antho\downloads\emule\incoming\smiley's center pack.exe:smiley's center pack.exe "TCP Query User{C75FFE1D-25D9-436F-985D-E1FB04DB9111}C:\users\antho\downloads\emule\incoming\smiley's center pack avatar.exe"= UDP:C:\users\antho\downloads\emule\incoming\smiley's center pack avatar.exe:smiley's center pack avatar.exe "UDP Query User{BB43F992-B6E7-41D7-8C11-18DEF9AA53EF}C:\users\antho\downloads\emule\incoming\smiley's center pack avatar.exe"= TCP:C:\users\antho\downloads\emule\incoming\smiley's center pack avatar.exe:smiley's center pack avatar.exe "{B52B2D78-8313-4D9D-9207-409385E90B8A}"= UDP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA "{A03A8A84-55C9-4D98-89FB-2D4FF17FAE98}"= TCP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA "{88C3B4D9-57B2-4C73-B30E-1B99F358899B}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent "{A08C9179-3A45-4858-ADE5-9AF3878334D9}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent "TCP Query User{3A71837B-35D6-4379-AE96-F97E83202840}C:\users\antho\program files\bittorrent_dna\dna.exe"= UDP:C:\users\antho\program files\bittorrent_dna\dna.exe:dna.exe "UDP Query User{2D83D689-E235-4C81-990F-9F37CC15C882}C:\users\antho\program files\bittorrent_dna\dna.exe"= TCP:C:\users\antho\program files\bittorrent_dna\dna.exe:dna.exe "TCP Query User{51B2DD42-91F6-4C04-9BB5-675D05ED9126}C:\program files\kss\peertv\peercast.exe"= UDP:C:\program files\kss\peertv\peercast.exe:PeerCast "UDP Query User{6E97BDF2-FAB2-4E6A-B054-92F8C72D4307}C:\program files\kss\peertv\peercast.exe"= TCP:C:\program files\kss\peertv\peercast.exe:PeerCast "TCP Query User{873F9C4F-C846-445B-832A-263418F90C7B}C:\program files\pando networks\pando\pando.exe"= UDP:C:\program files\pando networks\pando\pando.exe:pando "UDP Query User{A7E8F0C4-823E-4FE9-835B-C9C3C12A140F}C:\program files\pando networks\pando\pando.exe"= TCP:C:\program files\pando networks\pando\pando.exe:pando "TCP Query User{DF59C06F-B5DE-4B3E-91B1-1A08CABD9313}C:\users\antho\program files\bittorrent_dna\dna.exe"= UDP:C:\users\antho\program files\bittorrent_dna\dna.exe:dna.exe "UDP Query User{8C79AA92-2EA1-49D0-94D8-ADEA5E249222}C:\users\antho\program files\bittorrent_dna\dna.exe"= TCP:C:\users\antho\program files\bittorrent_dna\dna.exe:dna.exe "TCP Query User{3493BFB2-928E-482F-864F-CD93A687EF7F}C:\program files\bittorrent\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent "UDP Query User{45CDA921-4560-406D-9069-60D42022F657}C:\program files\bittorrent\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent "{D587302D-09DD-43B9-9A41-650B80DCCA73}"= UDP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza "{57FB543D-CC56-4A52-B0EC-5BC25ACCBDDC}"= TCP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza "TCP Query User{B818DD14-FA04-473E-91BB-B4DB118E0CE4}C:\program files\utorrent\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:utorrent "UDP Query User{C7A621C3-F0D6-4C38-9312-74F29F76297A}C:\program files\utorrent\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:utorrent "{A9FF4EEF-81E5-472B-BF29-EDF1A6E21584}"= UDP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza "{04BE99E0-11FB-4B1B-A929-3B4F001BACBB}"= TCP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza "TCP Query User{965FAB58-D1E0-4FCF-8306-5732D844CFF5}C:\program files\limewire\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire "UDP Query User{E12C5356-75E2-4506-AE9A-440FD39764E1}C:\program files\limewire\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire "TCP Query User{84087DB4-DA5B-43AF-A0CC-CC9F7CC226E9}C:\users\antho\program files\bittorrent\bittorrent.exe"= UDP:C:\users\antho\program files\bittorrent\bittorrent.exe:bittorrent.exe "UDP Query User{C0F9C65E-2B48-4FAD-A3C4-10E03B031BEC}C:\users\antho\program files\bittorrent\bittorrent.exe"= TCP:C:\users\antho\program files\bittorrent\bittorrent.exe:bittorrent.exe "TCP Query User{1EA8784C-D890-4410-B7F2-9A76E5480521}C:\users\antho\program files\bittorrent\bittorrent.exe"= UDP:C:\users\antho\program files\bittorrent\bittorrent.exe:bittorrent.exe "UDP Query User{63364818-7361-4227-9407-D97DBA1799B7}C:\users\antho\program files\bittorrent\bittorrent.exe"= TCP:C:\users\antho\program files\bittorrent\bittorrent.exe:bittorrent.exe "TCP Query User{F56E73AA-21E1-49B2-B47B-8B8969D3C3B2}C:\program files\limewire\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire "UDP Query User{15B978BF-686C-4370-BB6B-0EF15DAAD918}C:\program files\limewire\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire "{400FE3C7-136D-4019-81FE-FD5FBC2DF407}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008 "{45651627-9F7B-4B5D-BA95-952807C491A1}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008 "TCP Query User{06FB6572-7F2A-4942-9100-E850B48B4F46}C:\program files\amsn\bin\wish.exe"= UDP:C:\program files\amsn\bin\wish.exe:Wish Application "UDP Query User{89C18C01-D10B-4E50-A0E4-5CD977C0C710}C:\program files\amsn\bin\wish.exe"= TCP:C:\program files\amsn\bin\wish.exe:Wish Application "{7CB965AD-DD8F-4761-AB07-159C89BF8BE3}"= Disabled:UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008 "{759B9853-CB02-4ED5-9500-B2253BF1183F}"= Disabled:TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008 "{6722D139-34A5-4A31-8C05-570D1149A893}"= UDP:C:\Program Files\DNA\btdna.exe:DNA "{41D95863-086B-4981-9D6A-F42AFCAD6BBD}"= TCP:C:\Program Files\DNA\btdna.exe:DNA "TCP Query User{636866E4-5E6C-403B-8403-37276E8F6364}C:\users\antho\documents\logiciels et autres applications\emule.exe"= UDP:C:\users\antho\documents\logiciels et autres applications\emule.exe:emule.exe "UDP Query User{77E2DA1E-EF5F-45D2-9A89-F7B4C639BDF2}C:\users\antho\documents\logiciels et autres applications\emule.exe"= TCP:C:\users\antho\documents\logiciels et autres applications\emule.exe:emule.exe "TCP Query User{BCAF9AAE-45EE-4C58-B05F-79C1FDC8CCB0}C:\users\antho\program files\dna\btdna.exe"= UDP:C:\users\antho\program files\dna\btdna.exe:btdna.exe "UDP Query User{021CC62D-A463-4DBB-8AD5-58C6B649185E}C:\users\antho\program files\dna\btdna.exe"= TCP:C:\users\antho\program files\dna\btdna.exe:btdna.exe "TCP Query User{DB02C6CC-914C-4403-93FD-A5FFF31BCA68}C:\program files\acronis\trueimageconsole\trueimageremoteconsole.exe"= UDP:C:\program files\acronis\trueimageconsole\trueimageremoteconsole.exe:True Image Remote Console "UDP Query User{8CE30D40-894F-407B-9E7B-9688F67DE45C}C:\program files\acronis\trueimageconsole\trueimageremoteconsole.exe"= TCP:C:\program files\acronis\trueimageconsole\trueimageremoteconsole.exe:True Image Remote Console "TCP Query User{3D5C1F4A-F5A6-4CB1-A943-8300599EAFBC}C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup "UDP Query User{65F25515-EA6B-4F98-A19D-542C3D5ADD5F}C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup "TCP Query User{DB84317C-DB98-4AEC-B6F1-A4E17280F064}C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\french\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\french\setup.exe:Programme d'installation de Kaspersky Internet Security 7.0 "UDP Query User{C609A5E1-509B-48D2-88EC-37CAEEDEF07D}C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\french\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\french\setup.exe:Programme d'installation de Kaspersky Internet Security 7.0 "TCP Query User{6B4F1D6A-E864-419C-84E5-3D5DF6853790}C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup "UDP Query User{85E1D39A-F6E0-4AAB-BAD3-561C98E2D124}C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup "TCP Query User{0930AD54-DCB8-4862-B3AF-0E7090175125}C:\program files\opera\opera.exe"= UDP:C:\program files\opera\opera.exe:Opera Internet Browser "UDP Query User{3F44E42A-930C-42DF-88CC-F66B8312C2E2}C:\program files\opera\opera.exe"= TCP:C:\program files\opera\opera.exe:Opera Internet Browser "{6802CD02-E0C1-47B2-AF31-8637867F49A9}"= UDP:C:\Program Files\DNA\btdna.exe:DNA "{966EFDE7-0453-45F0-8C1B-61D7C49979D4}"= TCP:C:\Program Files\DNA\btdna.exe:DNA "{4E381DEF-8434-4CC4-8786-8E5953C99457}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "TCP Query User{25EFF61B-BF19-4B9F-84E3-170358469854}C:\program files\phone\skype.exe"= Disabled:UDP:C:\program files\phone\skype.exe:Skype. Take a deep breath "UDP Query User{C72BDAC5-DA32-4EAA-8E29-054B2B6722F2}C:\program files\phone\skype.exe"= Disabled:TCP:C:\program files\phone\skype.exe:Skype. Take a deep breath "{2A99A101-D0E9-483E-BEE9-3C054D7C5B8F}"= UDP:C:\Users\antho\AppData\Roaming\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{A48DB6EA-B739-452F-B394-F1E959A294EE}"= TCP:C:\Users\antho\AppData\Roaming\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{661A2346-E86A-4112-B532-C0ED421FA844}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{1843B412-B58F-45F0-89CB-DE10C507F606}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{9346C052-B7CE-42F8-B09D-F78F303BFD07}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{6D82BDFA-5151-476E-836B-E813DA28C41D}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{9368C9B5-0101-4FF1-AA87-00D840DBDBF9}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{37519672-0D57-4FB8-90BA-1C602D884CE9}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "DoNotAllowExceptions"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) "DoNotAllowExceptions"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\BitTorrent\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 17:22] R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys [2008-05-28 18:49] R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys [2008-05-28 18:49] R1 ElRawDisk;ElRawDisk;C:\Windows\system32\drivers\elrawdsk.sys [2007-09-20 14:12] R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe [2008-04-23 11:59] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot\SDWinSec.exe [2008-01-28 11:43] R3 R300;R300;C:\Windows

patmoss · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:18:18, on 09/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Powercinema\PCMService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Eggiz\Meteo Fusion\Meteo Fusion.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Phone\Skype.exe
C:\Program Files\Mz_CpuAcc\MzCpuAccelerator.exe
C:\Program Files\Spybot\TeaTimer.exe
C:\Program Files\Inbit\FullShot 9\FULLSHOT.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32
otepad.exe
C:\Windows\explorer.exe
C:\Program Files\Opera\Opera.exe
C:\HijackThis\Serfnn.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [GBMPro8Agent] "C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [HDInspector.exe] C:\Program Files\Hard Drive Inspector\HDInspector.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [PCMService] "c:\Program Files\Powercinema\PCMService.exe"
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe"
O4 - HKCU\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [Meteo Fusion] "C:\Program Files\Eggiz\Meteo Fusion\Meteo Fusion.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{75918A0B-DC7E-4F07-9959-955064C5C2E5}
O4 - HKCU\..\Run: [C:\Program Files\Advanced System Optimizer\wallpaper.exe  -minimize] wallpaper.exe  -minimize
O4 - HKCU\..\Run: [MzCpuAccelerator] "C:\Program Files\Mz_CpuAcc\MzCpuAccelerator.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: FullShot 9.lnk = C:\Program Files\Inbit\FullShot 9\FULLSHOT.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: &Search - ?p=ZJfox000
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O13 - Gopher Prefix: 
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs:  "C:\PROGRA~1\Google\Google Desktop Search\GoogleDesktopNetwork3.dll" C:\Windows\system32\guard32.dll
O23 - Service: Avira AntiVir Personal &#8211; Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal &#8211; Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\Program Files\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\Program Files\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/ - C:\Windows\system32\HDDSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot\SDWinSec.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

patmoss · Answer

Par contre il ne m'a pas été demandé type 1 or 2. Le scan s'est fait, et une fois terminé, ComboFix.txt c'est ouvert mais ni la barre des tâches, ni le fond d'écran y été -fond noir- alors j'ai relancé avec "explorer.exe" puis là réapparition de mon fond d'écran génial! Donc j'ai exécuté Hijackthis et voilà ; merci beaucoup! Est-ce fini?
Que dois je faire maintenant tout semble redevenu normal a par quelques ralentissements, j'ai nettoyé avec Ccleaner donc j'attends une réponse stp, merci.

jlpjlp · Answer

recolle un rapport hijackthis pour verifier


et colle un rapport avec antivir que tu as

patmoss · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:30:41, on 11/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32	askeng.exe
C:\Program Files\Microsoft Works\WksDict.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Powercinema\PCMService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Mz_CpuAcc\MzCpuAccelerator.exe
C:\Program Files\Spybot\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Windows\system32\conime.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\HijackThis\Nhgddf.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: (no name) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [GBMPro8Agent] "C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [HDInspector.exe] C:\Program Files\Hard Drive Inspector\HDInspector.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [PCMService] "c:\Program Files\Powercinema\PCMService.exe"
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe"
O4 - HKCU\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [Meteo Fusion] "C:\Program Files\Eggiz\Meteo Fusion\Meteo Fusion.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{75918A0B-DC7E-4F07-9959-955064C5C2E5}
O4 - HKCU\..\Run: [C:\Program Files\Advanced System Optimizer\wallpaper.exe  -minimize] wallpaper.exe  -minimize
O4 - HKCU\..\Run: [MzCpuAccelerator] "C:\Program Files\Mz_CpuAcc\MzCpuAccelerator.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: FullShot 9.lnk = C:\Program Files\Inbit\FullShot 9\FULLSHOT.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: &Search - ?p=ZJfox000
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O13 - Gopher Prefix: 
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs:  "C:\PROGRA~1\Google\Google Desktop Search\GoogleDesktopNetwork3.dll" C:\Windows\system32\guard32.dll
O23 - Service: Avira AntiVir Personal &#8211; Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal &#8211; Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\Program Files\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\Program Files\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/ - C:\Windows\system32\HDDSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot\SDWinSec.exe

patmoss · Answer

Avec Ccleaner j'ai fait réparer toutes les erreurs du registres il y en avait plus de 200. Alors je ne sais pas si c'est ça qui fait que sa ralentit, puis des fois les fenetre en cours ne répondent plus! Je ne sais pas mais Office 2007 je viens de l'installer et c'est lent car ça ouvre en "compatibility mode". Le scan de AntiVir est en cours. 
Pour HijackThis c'est bon?
Dois-je refaire un ComboFix ou pas?

jlpjlp · Answer

Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked". 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)



j'attends antivir pour voir

patmoss · Answer

Dès qu'Antivir trouve un virus je fais quoi, je le mets en quarantaine?

patmoss · Answer

Avira AntiVir Personal Report file date: mercredi 11 juin 2008 20:58 Scanning for 1327179 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows Vista Windows version: (Service Pack 1) [6.0.6001] Boot mode: Save mode with network Username: antho Computer name: PC-DE-ANTHO Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56 AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37 LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23 LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58 ANTIVIR2.VDF : 7.0.4.120 2206720 Bytes 01/06/2008 06:21:41 ANTIVIR3.VDF : 7.0.4.180 326144 Bytes 11/06/2008 17:22:52 Engineversion : 8.1.0.55 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21 AESCRIPT.DLL : 8.1.0.40 266618 Bytes 07/06/2008 07:32:53 AESCN.DLL : 8.1.0.21 119156 Bytes 07/06/2008 07:32:51 AERDL.DLL : 8.1.0.20 418165 Bytes 26/05/2008 19:57:00 AEPACK.DLL : 8.1.1.5 364918 Bytes 26/05/2008 19:56:58 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 26/05/2008 19:56:56 AEHEUR.DLL : 8.1.0.30 1253750 Bytes 07/06/2008 07:32:50 AEHELP.DLL : 8.1.0.15 115063 Bytes 29/05/2008 20:15:48 AEGEN.DLL : 8.1.0.28 307572 Bytes 07/06/2008 07:32:48 AEEMU.DLL : 8.1.0.6 430451 Bytes 26/05/2008 19:56:42 AECORE.DLL : 8.1.0.31 168310 Bytes 07/06/2008 07:32:47 AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53 AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47 AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25 RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: medium Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: mercredi 11 juin 2008 20:58 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'Opera.exe' - '1' Module(s) have been scanned Scan process 'unsecapp.exe' - '1' Module(s) have been scanned Scan process 'HelpPane.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsm.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'wininit.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 24 processes with 24 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Starting to scan the registry. The registry was scanned ( '16' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Users\antho\AppData\Roaming\Thunderbird\Profiles\8zuk2mom.default\Mail\pop.gmail.com\Inbox [0] Archive type: Netscape/Mozilla Mailbox --> Mailbox_[From: "eBay" ][Subject: tanthojj66, information importante sur les tari][Message-ID: <1137680900674.eBay.439864845.61552.0@reply3.eb]646.mim [1] Archive type: MIME --> file1.html [DETECTION] Contains suspicious code HEUR/HTML.Malware [WARNING] This file is a mailbox. To avoid damaging your emails this file will not be repaired or deleted! C:\Users\antho\Desktop\ComboFix.exe [DETECTION] Contains detection pattern of the application APPL/Tool.NirCmd.D [DETECTION] Contains detection pattern of the application APPL/Rmadmin.131072 [DETECTION] Contains detection pattern of the SPR/Tool.PV program [NOTE] The file was moved to '48bd2971.qua'! C:\Windows\winsxs\Temp\PendingRenames\9a9168e7c1cac8012a02000084158417.ifxcardm.dll [WARNING] The file could not be opened! C:\Windows\winsxs\Temp\PendingRenames\fdf95ac0c1cac8012902000084158417.axaltocm.dll [WARNING] The file could not be opened! End of the scan: mercredi 11 juin 2008 22:11 Used time: 1:13:19 min The scan has been done completely. 20796 Scanning directories 470998 Files were scanned 3 viruses and/or unwanted programs were found 1 Files were classified as suspicious: 0 files were deleted 0 files were repaired 1 files were moved to quarantine 0 files were renamed 3 Files cannot be scanned 470995 Files not concerned 5416 Archives were scanned 4 Warnings 1 Notes

jlpjlp · Answer

tu as un mail infecté fais le menage dans thundirbird (venat de EBAY) C:\Users\antho\AppData\Roaming\Thunderbird\Profiles\8zuk2mom.default\Mail\pop.gmail.com\Inbox [0] Archive type: Netscape/Mozilla Mailbox --> Mailbox_[From: "eBay" ][Subject: tanthojj66, information importante sur les tari][Message-ID: <1137680900674.eBay.439864845.61552.0@reply3.eb]646.mim [1] Archive type: MIME ________________ analyse ce fichier sur virus total et colle le rapport: https://www.virustotal.com/gui/ C:\Windows\winsxs\Temp\PendingRenames\9a9168e7c1cac8012a02000084158417.ifxcardm.dll

patmoss · Answer

Vous n'avez pas l'autorisation d'ouvrir ce fichier. Message d'erreur donc, pourtant c'est moi l'administrateur j'ai qu'une session d'ouverte. Je ne comprends pas?

patmoss · Answer

Alors, peut-tu m'aider car ce fichier me semble til ne m'appartient pas. Donc comment faire?

jlpjlp · Answer

télécharge OTMoveIt 
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.  Ou sur  https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer. 
copie la liste qui se trouve en citation ci-dessous, 
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved. 

Citation : 
C:\Windows\winsxs\Temp\PendingRenames\9a9168e7c1cac8012a02000084158417.ifxcardm.dll


clique sur MoveIt! pour lancer la suppression. 
le résultat apparaitra dans le cadre "Results". 
clique sur Exit pour fermer. 
poste le rapport situé dans C:\_OTMoveIt\MovedFiles. 

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes. 


88888888888888888

ENCORE DES SOUCIS,

patmoss · Answer

LoadLibrary failed for C:\Windows\winsxs\Temp\PendingRenames\9a9168e7c1cac8012a02000084158417.ifxcardm.dll
C:\Windows\winsxs\Temp\PendingRenames\9a9168e7c1cac8012a02000084158417.ifxcardm.dll NOT unregistered.
File move failed. C:\Windows\winsxs\Temp\PendingRenames\9a9168e7c1cac8012a02000084158417.ifxcardm.dll scheduled to be moved on reboot.
 
OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06122008_221359

Files moved on Reboot...
LoadLibrary failed for C:\Windows\winsxs\Temp\PendingRenames\9a9168e7c1cac8012a02000084158417.ifxcardm.dll
C:\Windows\winsxs\Temp\PendingRenames\9a9168e7c1cac8012a02000084158417.ifxcardm.dll NOT unregistered.
File move failed. C:\Windows\winsxs\Temp\PendingRenames\9a9168e7c1cac8012a02000084158417.ifxcardm.dll scheduled to be moved on reboot.

jlpjlp · Answer

encore des soucis?

http://www.commentcamarche.net/forum/affich 3549288 contenu des repertoires prefetch et winsxs

patmoss · Answer

Oui, c'est valable pour XP, j'ai pas bien compris ce qu'il faut faire c'est trop technique. De l'aide encore!

jlpjlp · Answer

utilise  pour supprimer tes traces 

CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo 

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html



___________

explique tes problemes actuels

patmoss · Answer

Je l'ai déjà Ccleaner, je répare 3 fois le registre de suite?
Sans installer la barre Yahoo? Quelle barre lors de l'installation (au quel cas cela ne me concerne pas)?

________________________________________

Mes problêmes actuels sont que d'une part mon PC chauffe anormalement vite,  et d'autre part, il arrive que  les fenêtre ou applications ne repondent pas (plus) et quand je clique un message apparaît avec arrêter le processus ou annuler (je crois) -et le fond est grisé et intouchable alors-. 

Je possède un PC portable, est-ce que JK defrag est conseillé pour défragmenter?
Car je défragmente avec celui-ci, en existe t-il un plus efficace?
Et puis est-ce que Vista Ultimate est possible pour une machine qui tourne en edition familiale basique (32 bits)?

Alors peut-tu m'aider? J'ai bel et bien desinstaller Symantec Norton Security. 
Et je sais déjà que mon fond écran à réapparu. Donc Combofix avec le CFScript à fonctionné. 
Ces problêmes proviennent-ils du mail infecté d'eBay?

patmoss · Answer

RAPPORT HIJACKTHIS ET LISTE DE MES PROGRAMMES (si cela peut t'aider à m'aider)

Logfile of HijackThis v1.99.1
Scan saved at 21:00:06, on 14/06/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Powercinema\PCMService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Phone\Skype.exe
C:\Program Files\Mz_CpuAcc\MzCpuAccelerator.exe
C:\Program Files\Spybot\TeaTimer.exe
C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trialemoveit.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Inbit\FullShot 9\FULLSHOT.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Microsoft Works\WksDict.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Opera\Opera.exe
C:\Windows\Explorer.exe
C:\Windows\system32\prevhost.exe
C:\Program Files\Windows Media Player\wmprph.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\hijackthis\DErs323.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: (no name) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [GBMPro8Agent] "C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [HDInspector.exe] C:\Program Files\Hard Drive Inspector\HDInspector.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [PCMService] "c:\Program Files\Powercinema\PCMService.exe"
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe"
O4 - HKCU\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [Meteo Fusion] "C:\Program Files\Eggiz\Meteo Fusion\Meteo Fusion.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{75918A0B-DC7E-4F07-9959-955064C5C2E5}
O4 - HKCU\..\Run: [C:\Program Files\Advanced System Optimizer\wallpaper.exe  -minimize] wallpaper.exe  -minimize
O4 - HKCU\..\Run: [MzCpuAccelerator] "C:\Program Files\Mz_CpuAcc\MzCpuAccelerator.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblueegistrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [RemoveIT Pro XT] C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trialemoveit.exe
O4 - Startup: FullShot 9.lnk = C:\Program Files\Inbit\FullShot 9\FULLSHOT.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: &Search - ?p=ZJfox000
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32
laapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32
apinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix: 
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs:  "C:\PROGRA~1\Google\Google Desktop Search\GoogleDesktopNetwork3.dll" C:\Windows\system32\guard32.dll
O23 - Service: Avira AntiVir Personal &#8211; Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal &#8211; Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\Program Files\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\Program Files\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/ - C:\Windows\system32\HDDSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Expérience audio-vidéo haute qualité Windows (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30001 (WAS) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

LISTE DES PROGRAMMES (Ccleaner)

µTorrent
Adobe Reader 8.1.2
Advanced System Optimizer 2.10
ALZip
ATI Catalyst Control Center Ex
ATI Catalyst Install Manager
Avira AntiVir Personal &#8211; Free Antivirus
Blaze Media Pro
CCleaner (remove only)
CloneCD
COMODO Firewall Pro
Contenu Étudiant pour Les Indispensables Éducation
DNA
EasyBCD 1.7.2
eMule
EZ Photo Calendar Creator Plus
FreshUI
FullShot 9
Genie Backup Manager Pro 8.0
Gmail POP Troubleshooter
Google Desktop
Guitar Pro 5.2
Hard Disk Low Level Format Tool 2.36 build 1181
Hard Drive Inspector Professional 2.80 build # 464
HDReg France
HijackThis 1.99.1
Indeo® Software
Internet Download Manager
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 6
Les Indispensables Éducation pour Microsoft Office
LogonStudio Vista
Magic ISO Maker v5.4 (build 0251)
Malwarebytes' Anti-Malware
Meteo Fusion 1.5.9.11
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft Encarta Maths
Microsoft Office Enterprise 2007
Microsoft Office Excel Viewer 2003
Microsoft Reader Text-to-Speech pour le français
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mise à jour Encarta_Les Indispensables Éducation
Mozilla Firefox (2.0.0.14)
Mozilla Thunderbird (2.0.0.12)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
Mz Cpu Accelerator
Notepad++
OpenOffice.org 2.4
Opera 9.27
PC SECURITY TEST 2008
PeerGuardian 2.0
Philips Gogear HDD08x
QVGDM Seconde Edition
Ralink Wireless LAN
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
RemoveIT Pro v4 (Trial)
Roxio Activation Module
Roxio Creator 9 LE
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Tools
Roxio DVD Info Pro
Roxio Express Labeler
RTC Client API v1.2
Skype&#8482; 3.5
SnagIt 8
Sony Sound Forge Audio Studio 9.0
Spybot - Search & Destroy
SweetIM for Messenger 2.5
SweetIM Toolbar for Internet Explorer 3.1
TELL ME MORE
TerraExplorer
TI Connect 1.6
Uniblue RegistryBooster 2
Vista Codec Package
Winamp
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
WinRAR archiver
Yahoo! Install Manager
Yahoo! Toolbar avec bloqueur de fenêtres pop-up

jlpjlp · Answer

Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked". 


R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"


O8 - Extra context menu item: &Search - ?p=ZJfox000

____________________

scan avec 
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/ 
____________________


Colle le rapport :
Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.

&#61623;  Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean 
&#61623;  Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec 
&#61623;  Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.
Manuel de clean :
http://kerio.probb.fr/tuto-Clean-h37.html
https://kerio.probb.fr/

patmoss · Answer

Malwarebytes' Anti-Malware 1.17
Version de la base de données: 856

10:01:13 15/06/2008
mbam-log-6-15-2008 (10-01-13).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 197042
Temps écoulé: 1 hour(s), 25 minute(s), 0 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Windows\System32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

jlpjlp · Answer

encore des problèmes? explique



Colle le rapport :
Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.

&#61623; Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean
&#61623; Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec
&#61623; Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.
Manuel de clean :
http://kerio.probb.fr/tuto-Clean-h37.html
https://kerio.probb.fr/

patmoss · Answer

Script executed in Safe Mode 
Rapport clean par Malekal_morte - http://www.malekal.com 
Script executed in Safe Mode 15/06/2008 a 10:46:10,19 

Microsoft Windows [version 6.0.6000]
 
*** Suppression  C: 
 
*** Suppression  C:\Windows\ 
 
*** Suppression  C:\Windows\system32 
tentative de suppression de C:\Windows\system32\bdod.bin 
tentative de suppression de C:\Windows\system32\wininit.exe 
Impossible de supprimer C:\Windows\system32\wininit.exe  
tentative de suppression de C:\Windows\system32\wininit.exe 
Impossible de supprimer C:\Windows\system32\wininit.exe  
 
*** Suppression  C:\Program Files 
tentative de suppression de "C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll" 
tentative de suppression de "C:\Program Files\Viewpoint\" 
 
*** Deletion of the registry keys successful..

jlpjlp · Answer

encore des problèmes? explique

patmoss · Answer

Non, pour le moment ça à l'air d'aller mieux. 
Je t'avertirai d'ici peut si tant est que je constate une quelconque anomalie. 
Pour l'heure, merci beaucoup.

jlpjlp · Answer

pour virer ce que je t'ai fais utiliser:



Télécharge ToolsCleaner sur ton bureau. 
-->  http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ... 
# Clique sur Suppression pour finaliser. 
# Tu peux, si tu le souhaites, te servir des Options facultatives. 
# Clique sur Quitter pour obtenir le rapport. 
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\). 

ps : pas besoin de m´envoyer le rapport si tout a ete supprimer ;-)

patmoss · Answer

Tools Cleaner2 ne fonctionne pas ou mal sous Vista. Puis, mon PC à toujours des soucis. 
D'une part je le lance donc "recherche" puis là un instant plus tard plus rien "Ne repond plus". Donc, impossible de processeder à cette suppression pour l'instant. 
Et d'autre par j'ai toujours des ralentissement, le curseur des fois s'arrête une vingtaine de secondes... 
Puis les programmes ne répondent plus etc... Je perd pas mal de temps.
Enfin, c'est déjà bien mieux qu'auparavant.
Alors comment remedier à tout cela?

jlpjlp · Answer

repare vista:

http://www.vista-xp.fr/forum/topic39.html

patmoss · Answer

J'ai pas le DVD, de plus je ne veux pas perdre mes donnés.
Comment faire?

jlpjlp · Answer

tu regarde dans ton manuel comment cré un DVD car il te sera toujours necessaire

patmoss · Answer

J'en ai marre, je ne sais plus que faire : mon PC chauffe anormalement vite et il y a toujours des soucis avec Office 2007, bref... J'ai 16 Go de libre sur 66.

J'ai bien lu mon bouquin fourni et suis aller sur le lien "forum vista...", le souci c'est je ne sais plus quoi executer après "diagnostic de mémoire", "réparer les erreurs de démarrage" et enfin "restauration -à un etat antérieur-".

Suite à cette restauration à une date antérieure, je ne peut plus activer AntiVir, j'ai fait les mises à jour d'AntiVir mais rien n'y fait. Donc, je te propose un scan d'Hijackthis. Ens esperant que tu puisse me venir en aide.

Logfile of HijackThis v1.99.1
Scan saved at 11:54:46, on 21/06/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32	askeng.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Hard Drive Inspector\HDInspector.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\DNA\btdna.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Powercinema\PCMService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Eggiz\Meteo Fusion\Meteo Fusion.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Phone\Skype.exe
C:\Program Files\Mz_CpuAcc\MzCpuAccelerator.exe
C:\Program Files\Spybot\TeaTimer.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Inbit\FullShot 9\FULLSHOT.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
C:\Windows\system32undll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\hijackthis\DErs323.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [GBMPro8Agent] "C:\Program Files\Genie-Soft\GBMPro8\GBMAgent.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [HDInspector.exe] C:\Program Files\Hard Drive Inspector\HDInspector.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [PCMService] "c:\Program Files\Powercinema\PCMService.exe"
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe"
O4 - HKCU\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [Meteo Fusion] "C:\Program Files\Eggiz\Meteo Fusion\Meteo Fusion.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{75918A0B-DC7E-4F07-9959-955064C5C2E5}
O4 - HKCU\..\Run: [C:\Program Files\Advanced System Optimizer\wallpaper.exe  -minimize] wallpaper.exe  -minimize
O4 - HKCU\..\Run: [MzCpuAccelerator] "C:\Program Files\Mz_CpuAcc\MzCpuAccelerator.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe
O4 - Startup: FullShot 9.lnk = C:\Program Files\Inbit\FullShot 9\FULLSHOT.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32
laapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32
apinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix: 
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs:  "C:\PROGRA~1\Google\Google Desktop Search\GoogleDesktopNetwork3.dll" C:\Windows\system32\guard32.dll
O23 - Service: Avira AntiVir Personal &#8211; Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal &#8211; Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\Program Files\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\Program Files\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/ - C:\Windows\system32\HDDSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Expérience audio-vidéo haute qualité Windows (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30001 (WAS) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

jlpjlp · Answer

regarde ici peut etre que la manip est la meme pour reparer packard bell

http://www.commentcamarche.net/forum/affich 4023251 restauration smart restore packard bell

Trojan TR/Crypt.XPACK.GEN

50 réponses

Discussions similaires