Aide pour enlever Xp Antivirus 2008

michou214 Messages postés 3 Date d'inscription   Statut Membre Dernière intervention   -  
zezef Messages postés 21 Date d'inscription   Statut Membre Dernière intervention   -
Bonjour,
Est-ce que vous pourriez m'aider a enlever Xp Antivirus 2008.
J'ai deja regarder comment on pouvait faire pour l'enlever mais il n'est pas encore parti.
Les methodes que j'ai essaier sont:

Afficher les fichiers caché. Redemmarre en mode sans echec. Supprimer les fichiers de Xp Antivirus 2008 apres avoir lancer une recherche.

En utilisant RogueRemover mais ca n'a pas focntionner.

Est-ce qu'il y a une autre solution?
Merci beaucoup.
A voir également:

12 réponses

Réponse 1 / 12
jlpjlp Messages postés 51580 Date d'inscription   Statut Contributeur sécurité Dernière intervention   5 040
 
slt,




télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.


déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

___________

colle un rapport hijackthis


http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes.
1
PB
 
Bravo et merci.
Ça très bien fonctionné pour moi.
0
Réponse 2 / 12
weetabix40 Messages postés 9583 Date d'inscription   Statut Contributeur Dernière intervention   1 724
 
Salut,
XP antivirus 2008 est un Virus.
As tu un antivirus et un Antispyware ?
0
Réponse 3 / 12
michou214 Messages postés 3 Date d'inscription   Statut Membre Dernière intervention  
 
Ok je vais vite le faire et dans mon prochain poste je mets les rapports.
0
Réponse 4 / 12
michou214
 
Bonjour.
Precision je suis sur mon portable et c'est mon ordi fixe qui a le probleme ^d'XP Antivirus.

Voila j'ai fait ce qu'il fallait avec combofix mais j'ai eu un probleme. Je vais decrire ce qui s'est passé.

J'ai bien tout fermer les pare feux, etc et j'ai lancer comboFix.
Arriver a l'etape ou il redemmarre l'ordi, il a buguer. J'ai donc eteins moi meme l'ordi puis rallumer.
L'ordinateur s'allumait correctement (mais pas encore toutes les fonctions pretes) et comboFix est reapparu mais il ne bougeait plus. L'ordi a buguer a ce moment la. Je l'ai donc redemarrer et la un probleme est survenu.
Un fichier de windows etait endommager.

Voila le nouveau probleme. Pour le reparer il me dise qu'il faut reinstaller le fichier mais je n'ose pas tout trafficoter dans le systeme de windows.

Vous pourriez m'aider parce que l'ordi ne fonctionne plus.

(Si il le faut je peux dire quel est le fichier manquant)

Merci beaucoup.
0
jlpjlp Messages postés 51580 Date d'inscription   Statut Contributeur sécurité Dernière intervention   5 040
 
repare windows comme ceci:
https://www.pcastuces.com/pratique/windows/xp/default.htm


ou comme ceci:
http://www.informatruc.com/reparer-windows-xp/
0
michou214 > jlpjlp Messages postés 51580 Date d'inscription   Statut Contributeur sécurité Dernière intervention  
 
Merci mais je crois que c'est encore plus grave. Si je faisais une video de l'ordi quand il demarre tu crois que ca pourrait t'aider a m'aider?

Et vu que je suis pas tres fort en informatique au niveau du systeme de l'ordi je n'ose pas faire trop de truc.
0
jlpjlp Messages postés 51580 Date d'inscription   Statut Contributeur sécurité Dernière intervention   5 040 > michou214
 
tu suis les manuel en 6 et tu devrais y arriver!
0
michou214 > jlpjlp Messages postés 51580 Date d'inscription   Statut Contributeur sécurité Dernière intervention  
 
Ok je vais essaier mais d'abord je vais me documenter sur les termes techniques.
Je te tiens au courant je pense le faire demain soir.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 12
yvan et yvette Messages postés 5 Date d'inscription   Statut Membre Dernière intervention  
 
bonjour je suis plutot novice je sais pas comment me debarasser d'xp antivirus ,
0
Réponse 6 / 12
flo
 
Slt yv yv
commences par passer et nettoyer avec malwarebytes et dit ce qu' il a trouvé
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
0
Réponse 7 / 12
YRT
 
ComboFix 08-09-22.03 - Yves RUINAT 2008-09-23 19:20:58.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.224 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Yves RUINAT\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\exefld
C:\WINDOWS\system32\ban_list.txt
C:\WINDOWS\winhelp.ini
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-23 au 2008-09-23 ))))))))))))))))))))))))))))))))))))
.

2008-09-23 19:13 . 2001-08-17 21:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-09-23 19:12 . 2001-08-23 17:47 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-09-23 19:11 . 2001-08-23 17:46 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-09-23 19:10 . 2001-08-23 17:47 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-09-23 19:09 . 2001-08-23 17:18 899,914 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-09-23 19:08 . 2008-04-14 04:07 2,067,968 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-09-23 19:07 . 2002-08-30 14:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-09-23 19:06 . 2002-08-30 14:00 1,158,818 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.lex
2008-09-23 19:05 . 2002-08-30 14:00 10,129,408 --a--c--- C:\WINDOWS\system32\dllcache\hwxkor.dll
2008-09-23 19:04 . 2001-08-23 17:46 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-09-23 19:03 . 2001-08-17 20:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-09-23 19:02 . 2002-08-30 14:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-09-23 19:01 . 2001-08-17 21:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-09-23 19:00 . 2001-08-23 17:46 382,592 --a--c--- C:\WINDOWS\system32\dllcache\atidrab.dll
2008-09-23 18:59 . 2008-09-23 19:13 <REP> d-------- C:\WINDOWS\LastGood
2008-09-23 18:39 . 2008-09-23 18:45 74,505 --a------ C:\Program Files\Zeb-Restore.zip
2008-09-23 18:21 . 2008-09-23 18:21 4,627,688 --a------ C:\Program Files\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
2008-09-23 09:59 . 2008-09-23 10:00 <REP> d-------- C:\Program Files\SAV
2008-09-23 09:59 . 2008-09-23 09:59 125,956 --a------ C:\WINDOWS\system32\msxml71.dll
2008-09-23 08:53 . 2008-09-23 09:41 <REP> d-------- C:\Program Files\NOS
2008-09-23 08:53 . 2008-09-23 09:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-09-12 18:03 . 2008-09-12 18:03 1,409 --a------ C:\WINDOWS\system32\tmpDD232.FOT
2008-08-28 19:53 . 2008-08-28 19:53 <REP> d-------- C:\WINDOWS\system32\fr
2008-08-28 19:53 . 2008-08-28 19:53 <REP> d-------- C:\WINDOWS\l2schemas
2008-08-27 19:45 . 2008-04-14 04:31 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-08-27 19:44 . 2008-04-14 04:33 651,264 --------- C:\WINDOWS\system32\dot3ui.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-23 06:58 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-09-23 06:19 --------- d-----w C:\Program Files\HOTALBUMMyBOX
2008-09-16 17:21 --------- d-----w C:\Program Files\POB13_la_mer
2008-09-16 16:57 --------- d-----w C:\Program Files\POB14_peint
2008-09-12 17:51 --------- d-----w C:\Program Files\McAfee
2008-08-13 17:59 15,172 ----a-w C:\WINDOWS\system32\drivers\PzWDM.sys
2008-08-13 17:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-13 17:59 --------- d-----w C:\Program Files\CASIO
2008-08-04 17:21 --------- d-----w C:\Program Files\Sun
2008-08-04 17:20 --------- d-----w C:\Program Files\Java
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-09 12:50 59,163,944 ----a-w C:\Program Files\iTunesSetup.exe
2008-01-26 12:07 14,647,309 ----a-w C:\Program Files\x-3gp-video-converter.exe
2007-11-19 19:04 87,608 ----a-w C:\Documents and Settings\Yves RUINAT\Application Data\ezpinst.exe
2007-11-19 19:04 47,360 ----a-w C:\Documents and Settings\Yves RUINAT\Application Data\pcouffin.sys
2005-04-28 17:22 7,741,352 ----a-w C:\Program Files\DivX521XP2K.exe
2005-03-28 12:29 299,352 ----a-w C:\Program Files\Windows-KB890830-V1.2-FRA.exe
2005-03-19 08:34 2,197,663 ----a-w C:\Program Files\VELUXCADCH_FR.exe
2005-04-28 17:22 56 --sh--r C:\WINDOWS\system32\B984232DD5.sys
2007-03-17 14:21 11,690 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"SsAAD.exe"="C:\PROGRA~1\sony\SONICS~1\SsAAD.exe" [2006-11-02 472632]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-31 68856]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 40960]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-06 335872]
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-03-05 36904]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SsAAD.exe"="C:\PROGRA~1\sony\SONICS~1\SsAAD.exe" [2006-11-02 472632]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"RoxWatchTray"="C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 228088]
"MBBalloon"="C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe" [2007-11-30 789144]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Antivirus"="C:\Program Files\SAV\sav.exe" [2008-09-23 404992]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 C:\WINDOWS\AGRSMMSG.exe]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 C:\WINDOWS\system32\Ati2mdxx.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Drag'n Drop CD+DVD]
--------- 2003-06-23 15:33 1171456 C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 Klick;Klick;C:\WINDOWS\system32\drivers\klick.sys [2004-11-19 31435]
R0 Klin;Klin;C:\WINDOWS\system32\drivers\klin.sys [2004-11-19 32232]
R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2008-08-13 15172]
R1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys [2004-11-26 9939]
R2 as260n;as260n;C:\WINDOWS\system32\drivers\as260n.sys [1997-12-31 176352]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys [ ]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
S3 ids00026;ids00026;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys [ ]
S3 klstm;klstm;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\klstm.sys [ ]
S3 Usblink;Usblink Driver;C:\WINDOWS\system32\Drivers\ulink.sys [2003-05-30 39996]
S3 VNic;ULan Network Driver Module;C:\WINDOWS\system32\DRIVERS\VNic.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c35aefa-a3d0-11da-a200-4d6564696130}]
\Shell\AutoRun\command - G:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6434ee5e-af9e-11dc-a66d-000c6e7950d7}]
\Shell\AutoRun\command - H:\InstallTomTomHOME.exe
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-Microsoft--Updates - sxvhost.exe
HKLM-RunServices-Microsoft--Updates - sxvhost.exe
HKU-Default-Run-ALUAlert - C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
SSODL-Web Event Logger-{79FEACFF-FFCE-815E-A900-316290B5B738} - (no file)


.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Yves RUINAT\Application Data\Mozilla\Firefox\Profiles\napn00h4.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.free.fr/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-23 19:24:20
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


**************************************************************************
.
Heure de fin: 2008-09-23 19:28:04
ComboFix-quarantined-files.txt 2008-09-23 17:27:00

Avant-CF: 10ÿ451ÿ492ÿ864 octets libres
Après-CF: 10,926,366,720 octets libres

169 --- E O F --- 2008-09-09 18:22:12
0
Réponse 8 / 12
YRT
 
ComboFix 08-09-22.03 - Yves RUINAT 2008-09-23 19:20:58.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.224 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Yves RUINAT\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\exefld
C:\WINDOWS\system32\ban_list.txt
C:\WINDOWS\winhelp.ini
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-23 au 2008-09-23 ))))))))))))))))))))))))))))))))))))
.

2008-09-23 19:13 . 2001-08-17 21:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-09-23 19:12 . 2001-08-23 17:47 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-09-23 19:11 . 2001-08-23 17:46 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-09-23 19:10 . 2001-08-23 17:47 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-09-23 19:09 . 2001-08-23 17:18 899,914 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-09-23 19:08 . 2008-04-14 04:07 2,067,968 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-09-23 19:07 . 2002-08-30 14:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-09-23 19:06 . 2002-08-30 14:00 1,158,818 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.lex
2008-09-23 19:05 . 2002-08-30 14:00 10,129,408 --a--c--- C:\WINDOWS\system32\dllcache\hwxkor.dll
2008-09-23 19:04 . 2001-08-23 17:46 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-09-23 19:03 . 2001-08-17 20:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-09-23 19:02 . 2002-08-30 14:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-09-23 19:01 . 2001-08-17 21:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-09-23 19:00 . 2001-08-23 17:46 382,592 --a--c--- C:\WINDOWS\system32\dllcache\atidrab.dll
2008-09-23 18:59 . 2008-09-23 19:13 <REP> d-------- C:\WINDOWS\LastGood
2008-09-23 18:39 . 2008-09-23 18:45 74,505 --a------ C:\Program Files\Zeb-Restore.zip
2008-09-23 18:21 . 2008-09-23 18:21 4,627,688 --a------ C:\Program Files\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
2008-09-23 09:59 . 2008-09-23 10:00 <REP> d-------- C:\Program Files\SAV
2008-09-23 09:59 . 2008-09-23 09:59 125,956 --a------ C:\WINDOWS\system32\msxml71.dll
2008-09-23 08:53 . 2008-09-23 09:41 <REP> d-------- C:\Program Files\NOS
2008-09-23 08:53 . 2008-09-23 09:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-09-12 18:03 . 2008-09-12 18:03 1,409 --a------ C:\WINDOWS\system32\tmpDD232.FOT
2008-08-28 19:53 . 2008-08-28 19:53 <REP> d-------- C:\WINDOWS\system32\fr
2008-08-28 19:53 . 2008-08-28 19:53 <REP> d-------- C:\WINDOWS\l2schemas
2008-08-27 19:45 . 2008-04-14 04:31 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-08-27 19:44 . 2008-04-14 04:33 651,264 --------- C:\WINDOWS\system32\dot3ui.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-23 06:58 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-09-23 06:19 --------- d-----w C:\Program Files\HOTALBUMMyBOX
2008-09-16 17:21 --------- d-----w C:\Program Files\POB13_la_mer
2008-09-16 16:57 --------- d-----w C:\Program Files\POB14_peint
2008-09-12 17:51 --------- d-----w C:\Program Files\McAfee
2008-08-13 17:59 15,172 ----a-w C:\WINDOWS\system32\drivers\PzWDM.sys
2008-08-13 17:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-13 17:59 --------- d-----w C:\Program Files\CASIO
2008-08-04 17:21 --------- d-----w C:\Program Files\Sun
2008-08-04 17:20 --------- d-----w C:\Program Files\Java
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-09 12:50 59,163,944 ----a-w C:\Program Files\iTunesSetup.exe
2008-01-26 12:07 14,647,309 ----a-w C:\Program Files\x-3gp-video-converter.exe
2007-11-19 19:04 87,608 ----a-w C:\Documents and Settings\Yves RUINAT\Application Data\ezpinst.exe
2007-11-19 19:04 47,360 ----a-w C:\Documents and Settings\Yves RUINAT\Application Data\pcouffin.sys
2005-04-28 17:22 7,741,352 ----a-w C:\Program Files\DivX521XP2K.exe
2005-03-28 12:29 299,352 ----a-w C:\Program Files\Windows-KB890830-V1.2-FRA.exe
2005-03-19 08:34 2,197,663 ----a-w C:\Program Files\VELUXCADCH_FR.exe
2005-04-28 17:22 56 --sh--r C:\WINDOWS\system32\B984232DD5.sys
2007-03-17 14:21 11,690 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"SsAAD.exe"="C:\PROGRA~1\sony\SONICS~1\SsAAD.exe" [2006-11-02 472632]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-31 68856]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 40960]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-06 335872]
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-03-05 36904]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SsAAD.exe"="C:\PROGRA~1\sony\SONICS~1\SsAAD.exe" [2006-11-02 472632]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"RoxWatchTray"="C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 228088]
"MBBalloon"="C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe" [2007-11-30 789144]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Antivirus"="C:\Program Files\SAV\sav.exe" [2008-09-23 404992]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 C:\WINDOWS\AGRSMMSG.exe]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 C:\WINDOWS\system32\Ati2mdxx.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Drag'n Drop CD+DVD]
--------- 2003-06-23 15:33 1171456 C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 Klick;Klick;C:\WINDOWS\system32\drivers\klick.sys [2004-11-19 31435]
R0 Klin;Klin;C:\WINDOWS\system32\drivers\klin.sys [2004-11-19 32232]
R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2008-08-13 15172]
R1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys [2004-11-26 9939]
R2 as260n;as260n;C:\WINDOWS\system32\drivers\as260n.sys [1997-12-31 176352]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys [ ]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
S3 ids00026;ids00026;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys [ ]
S3 klstm;klstm;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\klstm.sys [ ]
S3 Usblink;Usblink Driver;C:\WINDOWS\system32\Drivers\ulink.sys [2003-05-30 39996]
S3 VNic;ULan Network Driver Module;C:\WINDOWS\system32\DRIVERS\VNic.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c35aefa-a3d0-11da-a200-4d6564696130}]
\Shell\AutoRun\command - G:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6434ee5e-af9e-11dc-a66d-000c6e7950d7}]
\Shell\AutoRun\command - H:\InstallTomTomHOME.exe
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-Microsoft--Updates - sxvhost.exe
HKLM-RunServices-Microsoft--Updates - sxvhost.exe
HKU-Default-Run-ALUAlert - C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
SSODL-Web Event Logger-{79FEACFF-FFCE-815E-A900-316290B5B738} - (no file)


.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Yves RUINAT\Application Data\Mozilla\Firefox\Profiles\napn00h4.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.free.fr/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-23 19:24:20
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


**************************************************************************
.
Heure de fin: 2008-09-23 19:28:04
ComboFix-quarantined-files.txt 2008-09-23 17:27:00

Avant-CF: 10ÿ451ÿ492ÿ864 octets libres
Après-CF: 10,926,366,720 octets libres

169 --- E O F --- 2008-09-09 18:22:12
0
Réponse 9 / 12
jlpjlp Messages postés 51580 Date d'inscription   Statut Contributeur sécurité Dernière intervention   5 040
 
cré ton propre post
0
Réponse 10 / 12
zezef Messages postés 21 Date d'inscription   Statut Membre Dernière intervention   11
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:16, on 12/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600) VOILA MON RAPPORT
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\vVX1000.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - Software - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange HSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Win Base 4 Download] C:\Documents and Settings\All Users\Application Data\Browse Dent Win Base\drv online.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [BiAIiRMPle] C:\Documents and Settings\All Users\Application Data\hybenqjg\jqzklidc.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O9 - Extra button: (no name) - Software - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.01net.com/telecharger/
O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15027/CTPID.cab
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
0
Réponse 11 / 12
zezef Messages postés 21 Date d'inscription   Statut Membre Dernière intervention   11
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:16, on 12/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600) VOILA MON RAPPORT
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\vVX1000.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - Software - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange HSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Win Base 4 Download] C:\Documents and Settings\All Users\Application Data\Browse Dent Win Base\drv online.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [BiAIiRMPle] C:\Documents and Settings\All Users\Application Data\hybenqjg\jqzklidc.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O9 - Extra button: (no name) - Software - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.01net.com/telecharger/
O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15027/CTPID.cab
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
0
Réponse 12 / 12
zezef Messages postés 21 Date d'inscription   Statut Membre Dernière intervention   11
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:16, on 12/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600) VOILA MON RAPPORT
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\vVX1000.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - Software - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange HSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Win Base 4 Download] C:\Documents and Settings\All Users\Application Data\Browse Dent Win Base\drv online.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [BiAIiRMPle] C:\Documents and Settings\All Users\Application Data\hybenqjg\jqzklidc.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O9 - Extra button: (no name) - Software - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.01net.com/telecharger/
O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15027/CTPID.cab
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
0

Discussions similaires

Comment désactiver le mode sécurisé de la Freebox POP.
Cycy -
bazfile -

18 réponses
Retirer le mode sécurisé sur l'écran de la TV connectée Free
beatrice -
baladur13 -

1 réponse
" Échec de l'analyse antivirus " la solution.
bazfile -
bazfile -

0 réponse