Recherche google impossible, ralentissement..

MySt -  
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   -
Bonjour,
Je n'arrive plus a faire aucune recherche google, et la plupart des sites me sont inaccessibles.Quand je veux faire une recherche, ca m'affiche "en attente de google.fr...". Ce n'est pas lié a firefox, j'ai essayé plusieurs explorers.
C'est peut-être dû a des scripts msn que j'ai dl.
J'ai fait un scan avira antivir qui n'a rien donné de concret.
Aussi, je ne sais pas si ça a un rapport, mais au démarrage un message d'erreur s'affiche avec marqué que le fichier sapfcrcw.dll est introuvable dans system32.

Enfin, passons au log hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:30:57, on 15/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\winsys2.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\LDLC\ACU.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.talti.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {13F20E4F-F379-41EA-8F80-CCAAE787362A} - C:\WINDOWS\system32\opnkhhgf.dll
O2 - BHO: (no name) - {4E5A0734-5C51-4D34-863A-B08F6112DE96} - C:\WINDOWS\system32\qoMDTjhg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {b9e479d5-7606-fdc8-3b04-dfdbdb2e432a} - {a234e2bd-bdfd-40b3-8cdf-60675d974e9b} - C:\WINDOWS\system32\mmyismto.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ACU] "C:\Program Files\LDLC\ACU.exe" -nogui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [f0d77614] rundll32.exe "C:\WINDOWS\system32\sapfcrcw.dll",b
O4 - HKLM\..\Run: [BMf3e44588] Rundll32.exe "C:\WINDOWS\system32\iinjykvm.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [himem] "c:\windows\himem.exe" 3fff 8ffff
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{8521E5C7-BFC8-49C4-B964-702319CD9488}: NameServer = 212.27.32.176,212.27.32.177
O20 - Winlogon Notify: opnkhhgf - C:\WINDOWS\SYSTEM32\opnkhhgf.dll
O23 - Service: LDLC Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: netpker - Unknown owner - C:\Program Files\Internet Explorer\svchost.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
A voir également:

12 réponses

Réponse 1 / 12
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
Salut,

tu es infecté par vundo...

Télécharge FixWareout d'un de ces deux sites sur le bureau:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

*Poste (Copie/colle) le contenu du rapport qui va s'afficher à l'écran (report.txt)

puis

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Post egalement un nouveau rapport hijack this stp

@+
0
Réponse 2 / 12
MySt
 
Merci de ton aide,

J'ai lancé fixwareout avec succès. je n'ai pas senti de changements après. Cependant j'ai perdu le log, il semble pas s'etre enregistré, et j'ai lancé combofix direct et ce dernier a reboot apres scan.
maintenant google et les autres sites ne me boudent plus :-).

Je post qd meme le rapport combofix:


ComboFix 08-06-12.2 - Admin 2008-06-15 18:01:31.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1501 [GMT 2:00]
Endroit: C:\Documents and Settings\Admin\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMf3e44588.xml
C:\WINDOWS\config.ini
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\CALIBRIB.TTF
C:\WINDOWS\msnimport.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\eruixvvh.ini
C:\WINDOWS\system32\ghjTDMoq.ini
C:\WINDOWS\system32\ghjTDMoq.ini2
C:\WINDOWS\system32\godmtadq.ini
C:\WINDOWS\system32\iinjykvm.dll
C:\WINDOWS\system32\imlvhnhs.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mmyismto.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\opnkhhgf.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pdybmxnm.dll
C:\WINDOWS\system32\qdatmdog.dll
C:\WINDOWS\system32\qoMDTjhg.dll
C:\WINDOWS\system32\ryfrfhjg.ini
C:\WINDOWS\system32\sfmmtipc.dll
C:\WINDOWS\system32\uxafswis.dll
C:\WINDOWS\system32\wcrcfpas.ini
C:\WINDOWS\system32\winsys.exe
C:\WINDOWS\system32\wjqxcoxx.ini

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-15 to 2008-06-15 ))))))))))))))))))))))))))))))))))))
.

2008-06-15 17:48 . 2008-06-15 17:57 <REP> d-------- C:\fixwareout
2008-06-15 15:30 . 2008-06-15 15:30 <REP> d-------- C:\Program Files\Trend Micro
2008-06-14 02:09 . 2008-06-14 02:09 <REP> d-------- C:\Documents and Settings\Admin\Application Data\GarageGames
2008-06-14 01:20 . 2008-06-14 01:20 <REP> d-------- C:\Program Files\Opera
2008-06-12 17:19 . 2008-06-12 17:19 <REP> d-------- C:\Documents and Settings\NetworkService\Mes documents
2008-06-12 17:18 . 2008-06-15 14:33 <REP> d-------- C:\WINDOWS\system32\netrax01
2008-06-12 17:18 . 2008-06-12 17:18 <REP> d-------- C:\temp\itmp4
2008-06-12 01:16 . 2008-06-12 01:16 <REP> d-------- C:\Program Files\Total Video Converter
2008-06-11 21:38 . 2008-06-11 21:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-06-11 21:38 . 2008-06-11 21:38 <REP> d-------- C:\Documents and Settings\Admin\Application Data\AVS4YOU
2008-06-11 21:37 . 2008-06-11 21:37 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia
2008-06-11 21:37 . 2008-06-11 21:37 <REP> d-------- C:\Program Files\AVS4YOU
2008-06-11 21:37 . 2007-02-27 19:36 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll
2008-06-11 21:37 . 2007-02-27 19:36 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2008-06-11 21:37 . 2007-02-27 19:36 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-06-11 02:22 . 2008-06-11 16:52 <REP> d-------- C:\Program Files\SplitCam
2008-06-11 02:10 . 2008-06-15 15:08 <REP> d-------- C:\Program Files\MessengerDiscovery
2008-06-08 15:10 . 2008-06-08 15:10 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Viewpoint
2008-05-27 17:42 . 2008-06-08 15:06 <REP> d-------- C:\WINDOWS\nvidia icons
2008-05-27 17:42 . 2008-05-03 05:46 182,347 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-05-26 22:14 . 2008-05-26 22:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\media center programs
2008-05-26 01:18 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-05-26 01:18 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll
2008-05-26 01:18 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
2008-05-26 01:18 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll
2008-05-26 01:18 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
2008-05-26 01:18 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll
2008-05-26 00:49 . 2008-05-26 00:49 <REP> d-------- C:\Program Files\Funcom
2008-05-26 00:49 . 2008-05-26 00:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Funcom
2008-05-25 03:16 . 2008-05-25 03:16 <REP> d-------- C:\Movies
2008-05-25 03:16 . 2008-05-25 03:16 <REP> d-------- C:\directx
2008-05-25 03:16 . 2008-05-25 03:17 641,307,350 --a------ C:\9.dat.partial
2008-05-25 03:16 . 2008-05-25 03:17 55,943,504 --a------ C:\data-de.exe.partial
2008-05-25 03:16 . 2008-05-25 03:16 55,942,416 --a------ C:\data-fr.exe.partial
2008-05-25 03:16 . 2008-05-25 03:16 55,941,896 --a------ C:\data-es.exe.partial
2008-05-25 03:16 . 2008-05-25 03:16 55,940,328 --a------ C:\data-en.exe.partial
2008-05-25 03:16 . 2008-05-25 03:16 95,472 --a------ C:\setup.exe.partial
2008-05-25 03:16 . 2008-05-25 03:16 1,110 --a------ C:\setup.dat.partial
2008-05-25 03:14 . 2008-05-25 03:17 990,497,682 --a------ C:\19.dat.partial
2008-05-25 03:14 . 2008-05-25 03:17 823,260,709 --a------ C:\20.dat.partial
2008-05-25 03:14 . 2008-05-25 03:17 249,832,645 --a------ C:\2.dat.partial
2008-05-25 03:13 . 2008-05-25 03:17 1,043,815,156 --a------ C:\18.dat.partial
2008-05-25 03:13 . 2008-05-25 03:17 1,013,305,442 --a------ C:\17.dat.partial
2008-05-25 03:13 . 2008-05-25 03:17 751,547,311 --a------ C:\16.dat.partial
2008-05-25 03:13 . 2008-05-25 03:17 681,577,211 --a------ C:\15.dat.partial
2008-05-25 03:13 . 2008-05-25 03:16 599,686,024 --a------ C:\14.dat.partial
2008-05-25 03:12 . 2008-05-25 03:17 687,281,147 --a------ C:\11.dat.partial
2008-05-25 03:12 . 2008-05-25 03:16 646,879,264 --a------ C:\10.dat.partial
2008-05-25 03:12 . 2008-05-25 03:17 609,204,688 --a------ C:\13.dat.partial
2008-05-25 03:12 . 2008-05-25 03:17 588,906,175 --a------ C:\12.dat.partial
2008-05-25 03:12 . 2008-05-25 03:14 169,915,504 --a------ C:\1.dat.partial
2008-05-19 22:45 . 2008-05-21 21:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-05-19 22:31 . 2008-05-19 22:33 <REP> d-------- C:\Program Files\TmNationsForever
2008-05-17 14:42 . 2008-05-17 14:42 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-15 21:22 . 2008-05-21 19:06 230 --a------ C:\config.xml
2008-05-15 20:43 . 2008-05-15 20:43 <REP> d-------- C:\Program Files\Microsoft Research

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-15 16:07 --------- d-----w C:\Program Files\Steam
2008-06-11 00:22 13,824 ----a-w C:\WINDOWS\system32\drivers\splitcam.sys
2008-06-11 00:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-08 12:36 --------- d-----w C:\Documents and Settings\Admin\Application Data\Free Download Manager
2008-06-08 12:23 --------- d-----w C:\Documents and Settings\Admin\Application Data\FileZilla
2008-06-08 12:15 --------- d-----w C:\Program Files\FileZilla Client
2008-06-02 20:56 --------- d-----w C:\Documents and Settings\Admin\Application Data\LimeWire
2008-05-21 18:16 --------- d-----w C:\Documents and Settings\Admin\Application Data\teamspeak2
2008-05-20 23:32 --------- d-----w C:\Program Files\Guitar Pro 5
2008-05-20 23:28 --------- d-----w C:\Documents and Settings\Admin\Application Data\Azureus
2008-05-20 18:47 --------- d-----w C:\Program Files\Java
2008-05-17 12:43 --------- d-----w C:\Program Files\Windows Live
2008-05-17 12:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-10 14:10 --------- d-----w C:\Program Files\7-Zip
2008-05-03 03:46 6,554,496 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-05-01 13:35 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-01 13:33 --------- d-----w C:\Program Files\Reality Pump
2008-04-27 14:43 --------- d-----w C:\Program Files\VstPlugins
2008-04-27 14:43 --------- d-----w C:\Program Files\Image-Line
2008-04-27 14:42 --------- d-----w C:\Program Files\Outsim
2008-04-21 14:30 --------- d-----w C:\Program Files\Audiosurf
2008-04-21 13:56 --------- d-----w C:\Program Files\Fiddler2
2008-03-30 22:24 360,580 ----a-w C:\WINDOWS\eSellerateEngine.dll
2007-12-05 15:56 22,328 -c--a-w C:\Documents and Settings\Admin\Application Data\PnkBstrK.sys
2007-11-07 23:04 54 -c--a-w C:\Program Files\inc1.bat
2007-11-07 23:04 41 -c--a-w C:\Program Files\sleep.bat
2007-11-07 23:04 1,354,764 -c--a-w C:\Program Files\temp3.exe
2007-11-07 23:04 1,354,665 -c--a-w C:\Program Files\temp2.exe
2007-11-07 23:03 88,544 -c--a-w C:\Documents and Settings\Admin\Application Data\serial2.zip
2007-11-07 23:03 88,544 -c--a-w C:\Documents and Settings\Admin\Application Data\serial2.dat
2007-11-07 22:09 1,354,655 -c--a-w C:\Program Files\Win.All The Witcher crack.exe
2007-10-14 18:36 1 -c--a-w C:\Documents and Settings\Admin\SI.bin
2007-10-01 21:07 382,786 -csha-r C:\Documents and Settings\Admin\Application Data\wunauclt.zip
2007-09-05 10:06 598,528 -csha-w C:\Documents and Settings\Admin\Application Data\7z.dll
2007-09-05 10:01 147,456 -csha-r C:\Documents and Settings\Admin\Application Data\7z.exe
2007-05-27 07:44 152,576 -c--a-w C:\Documents and Settings\Admin\Application Data\7-zip.dll
2006-06-23 06:48 32,768 -c--a-r C:\WINDOWS\inf\UpdateUSB.exe
.

------- Sigcheck -------

2005-07-26 15:01 578048 0df75fb73f705b011630159a43d7c354 C:\WINDOWS\system32\user32.dll

2005-12-14 13:12 662528 e41e8fdf62cf20f2e2b16d800d96eb51 C:\WINDOWS\system32\wininet.dll

2005-09-18 12:29 359936 0df628756fb71111955be60bac216a70 C:\WINDOWS\system32\drivers\tcpip.sys

2005-10-12 10:33 2017280 50b3a210b6fa8d3089a36a32e7d8b21f C:\WINDOWS\system32\ntkrnlpa.exe

2005-07-26 15:01 2137600 e75f7aa5a33479f29c636fd0890f5762 C:\WINDOWS\system32\ntoskrnl.exe

2005-07-26 15:01 1036288 0bee3b07ace3303ee57698808e1d2de3 C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-10-04 22:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 22:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"Free Uploader Oe Integration"="C:\Program Files\Free Download Manager\FUM\fumoei.exe" [2007-06-10 19:02 40960]
"himem"="c:\windows\himem.exe" [ ]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 03:21 1271032]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2006-09-10 22:56 86960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 12:07 843776]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 10:45 385024]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-12-15 04:58 208896]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-12-15 04:58 69632]
"WinSys2"="C:\WINDOWS\system32\winsys2.exe" [2006-12-15 04:59 217088]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-19 20:43 262401]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ACU"="C:\Program Files\LDLC\ACU.exe" [2007-03-05 10:18 399076]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46 13529088]
"nwiz"="nwiz.exe" [2008-05-03 05:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 09:16 528384]
"WinampAgent"="C:\Program Files\Winamp\wianmpa.exe" [ ]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 23:32 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 23:31 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 23:32 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 23:32 455168]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 13:41 196608]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 05:46 86016]
"f0d77614"="C:\WINDOWS\system32\sapfcrcw.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Config"="C:\WINDOWS\system32\run.cmd" [2005-08-23 11:24 341]
"nlsf"="cmd.exe" [2004-08-19 16:09 400896 C:\WINDOWS\system32\cmd.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 15:52 44544]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Free Download Manager\\fdm.exe"=
"C:\\Program Files\\Steam\\steamapps\\nebul0n\\source sdk base\\hl2.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\adslTV\\adsltv.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\Program Files\\Steam\\steamapps\\nebul0n\\team fortress 2\\hl2.exe"=
"C:\\Program Files\\Anno 1701\\Anno1701.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\TmNationsForever\\TmForever.exe"=
"C:\\Program Files\\Steam\\steam.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"6881:TCP"= 6881:TCP:torrent
"6882:TCP"= 6882:TCP:6882
"6883:TCP"= 6883:TCP:6883
"6884:TCP"= 6884:TCP:6884
"6885:TCP"= 6885:TCP:6885
"6888:TCP"= 6888:TCP:6888
"6889:TCP"= 6889:TCP:6889
"57269:TCP"= 57269:TCP:Pando P2P TCP Listening Port
"57269:UDP"= 57269:UDP:Pando P2P UDP Listening Port

R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-08-28 18:57]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-07-28 06:28]
S2 netpker;netpker;C:\Program Files\Internet Explorer\svchost.exe []
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-24 09:53:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-19 19:30:23 C:\WINDOWS\Tasks\Scar tissue.job"
- C:\Documents and Settings\Admin\Mes documents\Ma musique\Red hot Chili Pepper\Californication\Scar tissue.mp3
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-15 18:07:09
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\acs.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-15 18:09:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-15 16:09:57

Pre-Run: 85,477,810,176 octets libres
Post-Run: 86,902,755,328 octets libres

294


Et le deuxième rapport HIJACKTHIS:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:16:00, on 15/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\winsys2.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\LDLC\ACU.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.talti.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ACU] "C:\Program Files\LDLC\ACU.exe" -nogui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [f0d77614] rundll32.exe "C:\WINDOWS\system32\sapfcrcw.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [himem] "c:\windows\himem.exe" 3fff 8ffff
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{8521E5C7-BFC8-49C4-B964-702319CD9488}: NameServer = 212.27.32.176,212.27.32.177
O23 - Service: LDLC Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: netpker - Unknown owner - C:\Program Files\Internet Explorer\svchost.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
0
Réponse 3 / 12
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
ccol.

cependant il reste encore des slaoperies....

fais analyser ceci :

c:\windows\himem.exe

sur ce site :

http://virusscan.jotti.org/de/

post le rapport stp

@+
0
MySt
 
Heuuu là par contre je ne trouve pas cet exe.
J'ai pourtant affiché les fichiers et dossiers cachés...
0
Réponse 4 / 12
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
Salut myst,

excuse pour le delay...

on va faire ceci :

Copie le texte ci-dessous :

File::
c:\windows\himem.exe
C:\WINDOWS\system32\sapfcrcw.dll
C:\WINDOWS\system32\drivers\oreans32.sys
C:\Program Files\Internet Explorer\svchost.exe

Folder::
C:\WINDOWS\system32\netrax01
C:\temp\itmp4

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"himem"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"f0d77614"=-

Driver::
oreans32
netpker

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 12
MySt
 
salut et merci.

J'ai fait la procédure que tu m'as dit, cependant au redémarrage le scan n'a pas abouti a un log. Combofix a affiché qu'il n'avait pas accès a un fichier, puis le message a disparu et a laissé un écran bleu vide.

J'ai ensuite fait un scan hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:01, on 2008-06-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\winsys2.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\LDLC\ACU.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.talti.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ACU] "C:\Program Files\LDLC\ACU.exe" -nogui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{8521E5C7-BFC8-49C4-B964-702319CD9488}: NameServer = 212.27.32.176,212.27.32.177
O23 - Service: LDLC Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
0
Réponse 6 / 12
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
Salut,

Télécharge ComboScan sur ton Bureau en bas de cette pae en clickant sur download file

-> http://www.geekstogo.com/forum/files/

Ferme toutes les applications en cours : antivirus, pare-feu, etc ..
Double-clic sur comboscan.exe, dans la fenêtre qui s'affiche, clic sur OK.
Soit patient...
Le rapport Comboscan.txt s'affichera, copie et colle le contenu de ce fichier ici.

Le rapport peut-être long et en deux morceaux vérifie qu'il soit en entier.

@+
0
MySt
 
Merci encore de m'accorder ton aide.


Main.txt: 
1: 2008-06-15 16:00:52 UTC - RP1 - Point de vérification système


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Admin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:15, on 2008-06-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\winsys2.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\LDLC\ACU.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Free Download Manager\FUM\fumoei.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Admin\Bureau\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.talti.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ACU] "C:\Program Files\LDLC\ACU.exe" -nogui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{8521E5C7-BFC8-49C4-B964-702319CD9488}: NameServer = 212.27.32.176,212.27.32.177
O23 - Service: LDLC  Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 8556 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.10.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.10.0>
R3 AR5211 (LDLC Wireless Network Adapter Service) - c:\windows\system32\drivers\ar5211.sys <Not Verified; LDLC, Inc.; LDLC 108P Wireless Network Adapter>
R3 SPLITCAM (Splitcam, WDM Camera Stream Splitter) - c:\windows\system32\drivers\splitcam.sys <Not Verified; LoteSoft Co.; Video Capture Splitter driver>

S3 catchme - c:\combofix\catchme.sys (file missing)
S3 GMSIPCI - e:\install\gmsipci.sys (file missing)
S3 MSICPL - e:\install4\msicpl.sys (file missing)
S3 NTACCESS - e:\ntaccess.sys (file missing)
S3 SetupNTGLM7X - e:\ntglm7x.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ACS (LDLC  Configuration Service) - c:\windows\system32\acs.exe
R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\program files\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 Apple Mobile Device - "c:\program files\fichiers communs\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Carte réseau 1394
Device ID: V1394\NIC1394\1271C3A11D800
Manufacturer: Microsoft
Name: Carte réseau 1394
PNP Device ID: V1394\NIC1394\1271C3A11D800
Service: NIC1394


-- Scheduled Tasks -------------------------------------------------------------

2007-11-24 11:53:01       284 --a----c- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-11-19 21:30:23       562 --a----c- C:\WINDOWS\Tasks\Scar tissue.job


-- Files created between 2008-05-18 and 2008-06-18 -----------------------------

2008-06-17 21:47:19     53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-06-16 23:07:52   1970176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-06-16 23:07:52    679936 --a------ C:\WINDOWS\system32\D3DX81ab.dll <Not Verified; Generated by JEDI; D3DX81>
2008-06-16 23:07:52         0 d-------- C:\Program Files\Cheat Engine
2008-06-15 18:00:43     68096 --a------ C:\WINDOWS\zip.exe
2008-06-15 18:00:43     49152 --a------ C:\WINDOWS\VFind.exe
2008-06-15 18:00:43    212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-15 18:00:43    136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-15 18:00:43    161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-15 18:00:43     98816 --a------ C:\WINDOWS\sed.exe
2008-06-15 18:00:43     80412 --a------ C:\WINDOWS\grep.exe
2008-06-15 18:00:43     89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-15 15:30:37         0 d-------- C:\Program Files\Trend Micro
2008-06-14 02:09:08         0 d-------- C:\Documents and Settings\Admin\Application Data\GarageGames
2008-06-14 01:20:19         0 d-------- C:\Documents and Settings\Admin\Application Data\Opera
2008-06-14 01:20:02         0 d-------- C:\Program Files\Opera
2008-06-12 17:19:30         0 d-------- C:\Documents and Settings\NetworkService\Mes documents
2008-06-12 17:18:57         0 d-------- C:\Documents and Settings\NetworkService\Application Data\Adobe
2008-06-12 01:16:11         0 d-------- C:\Program Files\Total Video Converter
2008-06-11 21:38:08         0 d-------- C:\Documents and Settings\Admin\Application Data\AVS4YOU
2008-06-11 21:38:06         0 d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-06-11 21:37:39         0 d-------- C:\Program Files\Fichiers communs\AVSMedia
2008-06-11 21:37:38         0 d-------- C:\Program Files\AVS4YOU
2008-06-11 02:22:11     13824 --a------ C:\WINDOWS\system32\drivers\splitcam.sys <Not Verified; LoteSoft Co.; Video Capture Splitter driver>
2008-06-11 02:22:05         0 d-------- C:\Program Files\SplitCam
2008-06-11 02:10:31         0 d-------- C:\Program Files\MessengerDiscovery
2008-06-08 15:10:37         0 d-------- C:\Documents and Settings\Admin\Application Data\Viewpoint
2008-05-27 17:42:23         0 d-------- C:\WINDOWS\nvidia icons
2008-05-26 22:14:37         0 d-------- C:\Documents and Settings\All Users\Application Data\media center programs
2008-05-26 00:49:54         0 d-------- C:\Program Files\Funcom
2008-05-26 00:49:19         0 d-------- C:\Documents and Settings\All Users\Application Data\Funcom
2008-05-25 10:22:24         0 d-------- C:\Documents and Settings\Autres\Application Data\Adobe
2008-05-25 03:16:23         0 d-------- C:\Movies
2008-05-25 03:16:21         0 d-------- C:\directx
2008-05-19 22:45:04         0 d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-05-19 22:31:23         0 d-------- C:\Program Files\TmNationsForever


-- Find3M Report ---------------------------------------------------------------

2008-06-18 15:44:35         0 d-------- C:\Program Files\Steam
2008-06-18 15:44:33        53 --a------ C:\biosinfo
2008-06-11 21:37:39         0 d-------- C:\Program Files\Fichiers communs
2008-06-11 02:22:05         0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-08 14:36:31         0 d-------- C:\Documents and Settings\Admin\Application Data\Free Download Manager
2008-06-08 14:23:33         0 d-------- C:\Documents and Settings\Admin\Application Data\FileZilla
2008-06-08 14:15:11         0 d-------- C:\Program Files\FileZilla Client
2008-06-02 22:56:18         0 d-------- C:\Documents and Settings\Admin\Application Data\LimeWire
2008-06-01 03:13:05       102 --a------ C:\WINDOWS\Times New Roman
2008-06-01 03:13:05       220 --a------ C:\WINDOWS\Faux
2008-06-01 03:13:05      1681 --a------ C:\WINDOWS\0
2008-05-21 20:16:50         0 d-------- C:\Documents and Settings\Admin\Application Data\teamspeak2
2008-05-21 01:32:53         0 d-------- C:\Program Files\Guitar Pro 5
2008-05-21 01:28:43         0 d-------- C:\Documents and Settings\Admin\Application Data\Azureus
2008-05-20 20:47:33         0 d-------- C:\Program Files\Java
2008-05-19 21:58:49         0 d-------- C:\Documents and Settings\Admin\Application Data\Mozilla
2008-05-17 14:43:26         0 d-------- C:\Program Files\Windows Live
2008-05-17 14:42:56         0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-15 20:43:55         0 d-------- C:\Program Files\Microsoft Research
2008-05-10 16:10:06         0 d-------- C:\Program Files\7-Zip
2008-05-03 05:46:00   1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-03 05:46:00   1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-03 05:46:00   1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-03 05:46:00    466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-03 05:46:00   1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-03 05:46:00   1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-03 05:46:00    442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-03 05:46:00    425984 --a------ C:\WINDOWS\system32\keystone.exe
2008-05-01 15:35:57         0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-01 15:33:06         0 d-------- C:\Program Files\Reality Pump
2008-04-27 17:04:09      2074 --a----c- C:\WINDOWS\mozver.dat
2008-04-27 16:43:14         0 d-------- C:\Program Files\VstPlugins
2008-04-27 16:43:13         0 d-------- C:\Program Files\Image-Line
2008-04-27 16:42:55         0 d-------- C:\Program Files\Outsim
2008-04-21 22:08:13       664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-21 16:30:42         0 d-------- C:\Program Files\Audiosurf
2008-04-21 15:56:45         0 d-------- C:\Program Files\Fiddler2
2008-03-31 00:24:45    360580 --a------ C:\WINDOWS\eSellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>
2008-03-30 15:05:05    458648 --a----c- C:\WINDOWS\system32\perfh00C.dat
2008-03-30 15:05:05     71488 --a----c- C:\WINDOWS\system32\perfc00C.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 22:06 1135968]

[-HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 12:07]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 10:45]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-12-15 04:58]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-12-15 04:58]
"WinSys2"="C:\WINDOWS\system32\winsys2.exe" [2006-12-15 04:59]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-19 20:43]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25]
"ACU"="C:\Program Files\LDLC\ACU.exe" [2007-03-05 10:18]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46]
"nwiz"="nwiz.exe" [2008-05-03 05:46 C:\WINDOWS\system32\nwiz.exe]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 09:16]
"WinampAgent"="C:\Program Files\Winamp\wianmpa.exe" []
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 23:32]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 23:31]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 23:32]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 23:32]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 13:41]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 05:46]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34]
"Free Uploader Oe Integration"="C:\Program Files\Free Download Manager\FUM\fumoei.exe" [2007-06-10 19:02]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 03:21]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2006-09-10 22:56]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"Config"=%systemroot%\system32\run.cmd
"nlsf"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoStartBanner"=01000000
"NoSMHelp"=1 (0x1)
"MemCheckBoxInRunDlg"=1 (0x1)
"NoSMBalloonTip"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"NoWelcomeScreen"=1 (0x1)
"NoAutoUpdate"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoStartBanner"=01000000
"NoSMHelp"=1 (0x1)
"MemCheckBoxInRunDlg"=1 (0x1)
"NoSMBalloonTip"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"NoWelcomeScreen"=1 (0x1)
"NoAutoUpdate"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-06-18 16:16:24 ------------




Extra.txt: 

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professionnel (build 2600) SP 2.0
Architecture: X86; Language: French

CPU 0: Intel(R) Core(TM)2 Duo CPU     E6550  @ 2.33GHz
CPU 1: Intel(R) Core(TM)2 Duo CPU     E6550  @ 2.33GHz
Percentage of Memory in Use: 19%
Physical Memory (total/avail): 2047.11 MiB / 1641.26 MiB
Pagefile Memory (total/avail): 2661.02 MiB / 2367.99 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1934.75 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 216.8 GiB total, 80.55 GiB free. 
D: is Fixed (NTFS) - 81.28 GiB total, 60.45 GiB free. 
E: is CDROM (CDFS)
F: is CDROM (No Media)
H: is CDROM (No Media)
J: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD3200AAKS-00SBA0 - 298.09 GiB - 2 partitions
  \PARTITION0 (bootable) - Système de fichiers installable - 216.8 GiB - C:
  \PARTITION1 - Étendu avec Inter. 13 étendue - 81.28 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
UpdatesDisableNotify is set.
AntivirusOverride is set.
FirewallOverride is set.

AV: Avira AntiVir PersonalEdition v8.0.1.18 (Avira GmbH) [COLOR=RED]Disabled/COLOR

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Free Download Manager\\fdm.exe"="C:\\Program Files\\Free Download Manager\\fdm.exe:*:Enabled:Free Download Manager"
"C:\\Program Files\\Steam\\steamapps\\nebul0n\\source sdk base\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\nebul0n\\source sdk base\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\adslTV\\adsltv.exe"="C:\\Program Files\\adslTV\\adsltv.exe:*:Enabled:adsltv"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe:*:Enabled:Crysis_32"
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\\Program Files\\Steam\\steamapps\\nebul0n\\team fortress 2\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\nebul0n\\team fortress 2\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Anno 1701\\Anno1701.exe"="C:\\Program Files\\Anno 1701\\Anno1701.exe:*:Enabled:Anno 1701"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"="C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\TmNationsForever\\TmForever.exe"="C:\\Program Files\\TmNationsForever\\TmForever.exe:*:Enabled:TmForever"
"C:\\Program Files\\Steam\\steam.exe"="C:\\Program Files\\Steam\\steam.exe:*:Enabled:Steam"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Admin\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=NEBU
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA8
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Admin
LOGONSERVER=\\NEBU
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Mozilla Firefox;C:\Program Files\Fichiers communs\Teleca Shared;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Admin\LOCALS~1\Temp
TMP=C:\DOCUME~1\Admin\LOCALS~1\Temp
USERDOMAIN=NEBU
USERNAME=Admin
USERPROFILE=C:\Documents and Settings\Admin
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Admin [I](admin)/I
Autres


-- Add/Remove Programs ---------------------------------------------------------

 --> MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57 --> "C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
adsl TV --> C:\Program Files\adslTV\Uninstal.exe
Age of Chivalry 1.1.1 --> c:\program files\steam\SteamApps\SourceMods\ageofchivalry\uninst.exe
Age of Conan : Hyborian Adventures --> "C:\Program Files\Funcom\Age of Conan\unins000.exe"
AGEIA PhysX v7.09.13 --> MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Anno 1701 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A2433A63-5F5D-40E5-B529-9123C2B3E734}\setup.exe" -l0x9  -removeonly
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe
Ares 2.0.9 --> "C:\Program Files\Ares\uninstall.exe"
ASIO4ALL --> C:\Program Files\ASIO4ALL v2\uninstall.exe
Assistant de connexion Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Attansic Giga Ethernet Utility --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F698102-5739-441E-96F0-74F4EA540F06}\setup.exe" -l0x9 
Attansic L1 Gigabit Ethernet Driver --> rundll32.exe C:\WINDOWS\system32\Attansic\L1\atcInst.dll,AtcUninst C:\WINDOWS\system32\Attansic\L1 x86 1969 1048 L1
Audiosurf --> "C:\Program Files\Steam\steam.exe" steam://uninstall/12900
Audiosurf Beta --> "C:\Program Files\Audiosurf\unins000.exe"
Avira AntiVir Personal – Free Antivirus --> C:\Program Files\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
AVS Video Converter 6 --> "C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe"
AVS4YOU Software Navigator 1.2 --> "C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Azureus --> C:\Program Files\Azureus\Uninstall.exe
Black & White® 2 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}\setup.exe" -l0x40c  -removeonly
Cheat Engine 5.1.1 --> "C:\Program Files\Cheat Engine\unins000.exe"
Collab --> C:\Program Files\Image-Line\Collab\uninstall.exe
Crysis(R) --> MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
Dark Messiah Might and Magic Multi-Player --> "C:\Program Files\Steam\steam.exe" steam://uninstall/2130
Dark Messiah Might and Magic Single Player --> "C:\Program Files\Steam\steam.exe" steam://uninstall/2100
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Doom 3 --> "C:\Program Files\Steam\steam.exe" steam://uninstall/9050
eMule --> "C:\Program Files\eMule\Uninstall.exe"
Enemy Territory - QUAKE Wars(TM) Demo 1.1 Patch --> C:\Program Files\InstallShield Installation Information\{B7B6C0BE-C919-425C-A493-DF9FF11249F5}\setup.exe -runfromtemp -l0x0409
Fiddler2 (remove only) --> "C:\Program Files\Fiddler2\uninst.exe"
FileZilla Client 3.0.10 --> C:\Program Files\FileZilla Client\uninstall.exe
FL Studio 8 --> C:\Program Files\Image-Line\FL Studio 8\uninstall.exe
Fraps (remove only) --> "C:\Fraps\uninstall.exe"
Free Download Manager 2.5 --> "C:\Program Files\Free Download Manager\unins000.exe"
Galerie de photos Windows Live --> MsiExec.exe /X{9D442283-88AD-4F49-8568-18CE6EAA15AF}
Garry's Mod --> "C:\Program Files\Steam\steam.exe" steam://uninstall/4000
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Guitar Pro 5.2 --> "C:\Program Files\Guitar Pro 5\unins000.exe"
Half-Life 2 --> "C:\Program Files\Steam\steam.exe" steam://uninstall/220
Half-Life 2: Deathmatch --> "C:\Program Files\Steam\steam.exe" steam://uninstall/320
Half-Life 2: Deathmatch --> "C:\Program Files\Steam\steam.exe" steam://uninstall/320
Half-Life 2: Episode One --> "C:\Program Files\Steam\steam.exe" steam://uninstall/380
Half-Life 2: Episode Two --> "C:\Program Files\Steam\steam.exe" steam://uninstall/420
High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hitman: Blood Money --> "C:\Program Files\Steam\steam.exe" steam://uninstall/6860
IL Download Manager --> C:\Program Files\Image-Line\Downloader\uninstall.exe
Ink --> MsiExec.exe /I{9FCB2876-554D-491D-A2CD-58F8252D6C64}
IOSS 2008 Beta 1.0 --> "c:\program files\steam\SteamApps\SourceMods\ios\unins000.exe"
iTunes --> MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
JRAID --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x40c  -removeonly
LDLC Client Installation Program --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe" -l0x9  -removeonly
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Medieval II: Total War --> "C:\Program Files\Steam\steam.exe" steam://uninstall/4700
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft AppLocale --> MsiExec.exe /I{394BE3D9-7F57-4638-A8D1-1D88671913B7}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows Application Compatibility Database --> C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb"
Microsoft WorldWide Telescope --> MsiExec.exe /I{F9C80FE8-DB25-4EE5-AE6D-4332FB0E8B83}
Mise à jour pour Windows XP (KB898461) --> 
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mp3tag v2.39 --> C:\Program Files\Mp3tag\Mp3tagUninstall.EXE
MSN Polygamy 8.1 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{952DEE45-7C0B-4CDF-80B3-D14BE6B02678}\Setup.exe" 
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Opera 9.50 --> MsiExec.exe /X{7472B5B4-3FB7-446F-BC78-6BBA506EC473}
Peggle Extreme --> "C:\Program Files\Steam\steam.exe" steam://uninstall/3483
Plasma Pong v1.3b --> "C:\Program Files\Plasma Pong\unins000.exe"
PoiZone --> C:\Program Files\Image-Line\PoiZone\uninstall.exe
Portal --> "C:\Program Files\Steam\steam.exe" steam://uninstall/400
Prey --> "C:\Program Files\Steam\steam.exe" steam://uninstall/3970
Project: Snowblind --> "C:\Program Files\Steam\steam.exe" steam://uninstall/7010
PunkBuster Services --> C:\WINDOWS\system32\pbsvc.exe -u
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
Sid Meier's Civilization 4 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x40c  -removeonly
Sid Meier's Civilization IV --> "C:\Program Files\Steam\steam.exe" steam://uninstall/3900
Sony Ericsson Device Data --> MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}
Sony Ericsson Drivers --> MsiExec.exe /I{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}
Sony Ericsson PC Suite --> C:\WINDOWS\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\Setup.exe /uninstall
Sony Ericsson PC Suite --> MsiExec.exe /I{25BEC3AB-5CD4-481D-9143-215C1BBB189E}
SoundMAX --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x40c  -removeonly
Source SDK Base --> "C:\Program Files\Steam\steam.exe" steam://uninstall/215
Source SDK Base --> "C:\Program Files\Steam\steam.exe" steam://uninstall/215
SplitCam --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{00718491-55BF-46C6-83EF-4B3B95AC807A}\setup.exe" -l0x9  -removeonly
Sport cérébral Brain challenge --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DA9AC5A3-6625-4B3A-B9CB-51294566D0B4}\Setup.exe" -l0x40c  -removeonly
STALKER: Shadow of Chernobyl --> "C:\Program Files\Steam\steam.exe" steam://uninstall/4500
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Team Fortress 2 --> "C:\Program Files\Steam\steam.exe" steam://uninstall/440
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
The Witcher --> "C:\Program Files\InstallShield Installation Information\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}\setup.exe" -runfromtemp -l0x040c -removeonly
Titan Quest --> "C:\Program Files\Steam\steam.exe" steam://uninstall/4540
TmNationsForever --> "C:\Program Files\TmNationsForever\unins000.exe"
Toribash 3.24 --> "c:\Games\Toribash-3.24\unins000.exe"
Total Video Converter 3.12 080330 --> "C:\Program Files\Total Video Converter\unins000.exe"
Toxic Biohazard --> C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe
TrackMania United Forever --> "C:\Program Files\Steam\steam.exe" steam://uninstall/7200
ValveTestApp8810 --> "C:\Program Files\Steam\steam.exe" steam://uninstall/8810
Vampire: The Masquerade - Bloodlines --> "C:\Program Files\Steam\steam.exe" steam://uninstall/2600
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Winamp Toolbar --> "C:\Program Files\Winamp Toolbar\uninstall.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger --> MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live Writer --> MsiExec.exe /X{3DFF4274-EBB0-4356-9692-972965018954}
XnView 1.92 --> "C:\Program Files\XnView\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type8524 / Success
Event Submitted/Written: 06/18/2008 03:44:49 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type8512 / Success
Event Submitted/Written: 06/18/2008 00:36:24 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type8505 / Success
Event Submitted/Written: 06/17/2008 10:25:54 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type8487 / Success
Event Submitted/Written: 06/17/2008 05:27:11 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type8467 / Success
Event Submitted/Written: 06/16/2008 10:46:36 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type11492 / Error
Event Submitted/Written: 06/17/2008 05:26:06 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Le service netpker n'a pas pu démarrer en raison de l'erreur : 
%%2

Event Record #/Type11473 / Error
Event Submitted/Written: 06/16/2008 10:45:15 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Le service netpker n'a pas pu démarrer en raison de l'erreur : 
%%2

Event Record #/Type11468 / Error
Event Submitted/Written: 06/16/2008 08:55:53 PM
Event ID/Source: 8003 / MRxSmb
Event Description:
Le maître explorateur a reçu une annonce de serveur de l'ordinateur MACMINI
qui pense qu'il est le maître explorateur sur le domaine pour le transport NetBT_Tcpip_{8521E5C7-BFC8-49C4-B.
Le maître explorateur s'arrête ou une élection est provoquée.

Event Record #/Type11467 / Error
Event Submitted/Written: 06/16/2008 06:48:06 PM
Event ID/Source: 8003 / MRxSmb
Event Description:
Le maître explorateur a reçu une annonce de serveur de l'ordinateur MACMINI
qui pense qu'il est le maître explorateur sur le domaine pour le transport NetBT_Tcpip_{8521E5C7-BFC8-49C4-B.
Le maître explorateur s'arrête ou une élection est provoquée.

Event Record #/Type11466 / Error
Event Submitted/Written: 06/16/2008 03:13:45 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM a reçu l'erreur "%%1058" lors de la mise en route du service ImapiService avec les arguments "-Service"
pour démarrer le serveur :
{520CCA63-51A5-11D3-9144-00104BA11C5E}



-- End of Deckard's System Scanner: finished at 2008-06-18 16:16:24 ------------
0
Réponse 7 / 12
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
salut,

le script de combofix est bien passé...

passe ceci maintenant :

Fais un scan avec cet antispyware :

Telecharge malwarebytes + tutoriel :

-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.

@+
0
Réponse 8 / 12
MySt
 
Voil) le rapport:

Malwarebytes' Anti-Malware 1.17
Version de la base de données: 867

23:58:07 2008-06-18
mbam-log-6-18-2008 (23-58-05).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 185792
Temps écoulé: 29 minute(s), 45 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 10

Processus mémoire infecté(s):
C:\WINDOWS\system32\WinSys2.exe (Trojan.Agent) -> No action taken.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\run\WinSys2 (Trojan.Agent) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\Save (Adware.WhenUSave) -> No action taken.

Fichier(s) infecté(s):
C:\Program Files\Save\Save.exe (Adware.WhenUSave) -> No action taken.
C:\Program Files\Save\ffext.mod (Adware.WhenUSave) -> No action taken.
C:\Program Files\Save\save.db (Adware.WhenUSave) -> No action taken.
C:\Program Files\Save\save.htm (Adware.WhenUSave) -> No action taken.
C:\Program Files\Save\SaveUninst.exe (Adware.WhenUSave) -> No action taken.
C:\Program Files\Save\store.db (Adware.WhenUSave) -> No action taken.
C:\WINDOWS\system32\WinSys2.exe (Trojan.Agent) -> No action taken.
C:\Program Files\temp2.exe (Trojan.FakeAlert) -> No action taken.
C:\Program Files\temp3.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> No action taken.
0
Réponse 9 / 12
MySt
 
up, j'ai effacé la selection comme tu m'as dit, mais après avoir C/c le log. Donc pas de prob pour cette étape.
0
Réponse 10 / 12
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
Salut Myst,

tres bien pour malwarebytes : )

passe ceci :

Télécharge Clean:

-> http://www.malekal.com/download/clean.zip

-> Dézippe tout le contenu dans un dossier que tu auras cré au préalable (sur ton bureau par exemple). Double clic sur clean ou clean.cmd choisie l'option 1.

Un rapport va s'ouvrir, copie et colle le contenu sur le forum.

-> pour ceux ou celles qui auraient un doute sur comment deziper un fichier :

http://www.tutopat.com/viewtopic.php?t=933&sid=34215b238376bfb22ef9e8eca9995914

@+
0
Réponse 11 / 12
MySt
 
j'ai fait le scan clean, antivir m'a alors signalé plusieurs fichiers de vundo que j'ai delete.

Niveau rapport, je trouve pas grand chose a part ça.


Rapport Clean
2008-06-23 a 15:27:16.17

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32

*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\thriXXX\" FOUND
"C:\Program Files\Viewpoint\" FOUND
0
Réponse 12 / 12
g!rly Messages postés 18215 Date d'inscription   Statut Contributeur Dernière intervention   406
 
Salut myst :

la suite :

-> Redémarre en mode sans échec :

Comment redémarrer en mode sans echec?

Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
Ps : si F8 ne marche pas utilise la touche F5.

-> Tuto : http://forum.telecharger.01net.com/forum/high-tech/SECURITE/Securite/redemarrer-mode-echec-sujet_1526_1.htm

-> Une fois en mode sans echec, ouvre le dossier que tu auvais crée et click sur clean.cmd et choisis l'option 2.

-> Redémarre normalement et poste le rapport de clean.

puis repasse combofix pour voir et post son rapport : regarde les instructions plus haut pour l´executer comme il faut...

Post donc le rapport de clean ainsi que celui de combofix

@+
0