Probleme de Cid... encore et encore...

Résolu/Fermé
titus01 - 13 juil. 2008 à 22:15
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 - 17 juil. 2008 à 22:13
Bonjour,

Lorsque j'ouvre IE, des fenetres pubicitaires s'affichent sans y etre invitées... comment faire pour s'en débarrasser? merci a vous de m'aider...

24 réponses

ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
13 juil. 2008 à 22:19
Bonsoir

Télécharge LOP S&D d'Eric71 ici https://sites.google.com/site/eric71mespages/lop.sd.exe

Double-clique dessus pour lancer l'installation.
Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau.
Séléctionne la langue souhaitée , puis choisis l'Option 2 ( Suppression )
Patiente jusqu'à la fin du scan.
Poste le rapport généré (situé aussi ici C:\lopR.txt )

( Si le Bureau ne réapparaît pas, lance le gestionnaire des tâches en cliquant sur Ctrl + Alt + Suppr , puis Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )
1
aldo42 Messages postés 8 Date d'inscription dimanche 13 juillet 2008 Statut Membre Dernière intervention 13 juillet 2008
13 juil. 2008 à 22:18
install kaspersky internet securite
0
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 295
13 juil. 2008 à 22:19
Salut,

---> Désactive l'antivirus
---> Télécharge Lop S&D sur ton Bureau
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
---> Double-clique dessus pour lancer l'installation
---> Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
---> Séléctionne la langue souhaitée, puis choisis l'option 1 (Recherche)
---> Patiente jusqu'à la fin du scan
---> Réactive l'antivirus
---> Poste le rapport généré (C:\lopR.txt)

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

Si tu as un problème pour utiliser Lop S&D, regarde dans le tutorial :
http://bibou0007.com/outils-specifiques-f78/tutorial-lop-sd-t956.htm#11431
0
voici le rapport...

-----------------------[ Lop S&D 4.2.2-1 XP/Vista ]---------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Administrateur ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 13/07/2008 | 22:29:14,40 ] [ PC : HPMAISON ]
[ MAJ : 09-07-2008 | 21:02 ]

-------------[ Listing des dossiers dans APPLIC~1 ]------------

[25/06/2008|18:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
[16/11/2007|18:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\AdobeUM
[21/05/2007|22:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
[21/06/2008|10:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\axis dvd 4
[30/05/2008|19:38] C:\DOCUME~1\ADMINI~1\APPLIC~1\cerasus.media
[30/04/2007|21:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\Creative
[27/10/2003|18:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
[25/02/2008|14:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\Gaijin Ent
[26/03/2008|16:43] C:\DOCUME~1\ADMINI~1\APPLIC~1\Gamelab
[04/07/2008|16:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\G-Force Prefs (WindowsMediaPlayer).txt
[02/04/2007|15:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
[26/09/2007|17:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\Help
[13/11/2007|08:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\HP
[01/07/2008|21:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\Icone
[14/05/2008|20:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[05/12/2007|20:15] C:\DOCUME~1\ADMINI~1\APPLIC~1\Image Zone Express
[16/03/2007|20:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\InterVideo
[23/06/2008|17:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\ITTNord
[14/05/2008|20:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\Jane s Hotel Family Hero
[26/04/2007|18:55] C:\DOCUME~1\ADMINI~1\APPLIC~1\Leadertech
[18/02/2008|18:41] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[22/03/2008|10:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[23/01/2008|17:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\Motive
[13/03/2008|16:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\MSN6
[19/03/2008|12:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\Oberon
[13/07/2008|21:39] C:\DOCUME~1\ADMINI~1\APPLIC~1\OpenOffice.org2
[26/06/2008|17:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\Otto
[30/06/2008|17:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\PlayFirst
[27/10/2003|22:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView
[26/04/2007|18:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic
[27/10/2003|19:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[07/10/2007|20:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
[02/06/2007|09:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\TaoUSign
[16/06/2007|10:18] C:\DOCUME~1\ADMINI~1\APPLIC~1\Unreal Streaming
[11/04/2008|15:45] C:\DOCUME~1\ADMINI~1\APPLIC~1\Valusoft
[26/02/2008|11:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\ViquaSoft
[22/04/2008|13:17] C:\DOCUME~1\ADMINI~1\APPLIC~1\wklnhst.dat
[14/05/2008|20:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\Zylom

[23/02/2008|16:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[02/02/2008|16:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Alexandra Ledermann 8
[17/05/2007|13:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[20/06/2007|18:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[27/10/2003|18:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[08/03/2008|15:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DivoGames
[03/05/2008|17:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fashion Solitaire 1.2
[19/06/2008|18:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fugazo
[13/07/2008|20:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar
[29/03/2008|12:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Gogii
[13/07/2008|20:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[27/10/2003|20:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
[04/10/2007|22:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[13/07/2008|20:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
[17/05/2008|15:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
[13/02/2008|15:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Legacy Interactive
[21/06/2008|10:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Memo save stupid creative
[08/02/2008|19:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[27/10/2003|22:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
[13/03/2008|16:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[18/02/2008|17:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NannyMania
[19/03/2008|13:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon
[23/02/2008|17:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon Games
[26/06/2008|17:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Otto
[30/06/2008|17:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
[05/03/2008|17:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
[27/10/2003|18:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[06/04/2008|19:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[06/04/2008|23:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[01/07/2008|19:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[25/02/2008|18:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\The Game Equation
[11/04/2008|15:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Valusoft
[13/03/2007|22:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[10/05/2007|17:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[26/01/2008|16:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
[01/07/2008|16:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[27/02/2008|19:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

[27/10/2003|18:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[27/10/2003|18:25] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[27/10/2003|20:42] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[27/10/2003|22:40] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView
[27/10/2003|21:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sonic
[27/10/2003|19:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[28/10/2003|23:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

[27/11/2007|01:39] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[27/10/2003|18:30] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[27/10/2003|18:30] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[29/08/2007|13:17] C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[13/07/2008 22:00][--ah-----] C:\WINDOWS\tasks\A38B26229188A362.job
[20/08/2003 00:47][-rah-----] C:\WINDOWS\tasks\desktop.ini
[13/07/2008 21:37][--ah-----] C:\WINDOWS\tasks\SA.DAT

A38B26229188A362.job <--> c:\docume~1\admini~1\applic~1\axisdv~1\moveclosestupid.exe

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[26/01/2008|11:43] C:\Program Files\A.S.C
[23/02/2008|16:27] C:\Program Files\Adobe
[06/04/2008|19:35] C:\Program Files\Alwil Software
[19/10/2007|18:27] C:\Program Files\AMV Converter 4.17
[11/03/2007|20:45] C:\Program Files\ArcSoft
[24/06/2008|09:44] C:\Program Files\Atout Clic CE1
[21/06/2008|10:56] C:\Program Files\axis dvd 4
[20/06/2007|18:52] C:\Program Files\Boonty
[20/06/2007|18:52] C:\Program Files\BoontyGames
[11/04/2008|18:43] C:\Program Files\Call of Duty
[12/05/2007|07:21] C:\Program Files\Cdiscount photos
[20/03/2008|16:47] C:\Program Files\Circle Developement
[13/03/2008|18:46] C:\Program Files\Common Files
[27/10/2003|18:18] C:\Program Files\ComPlus Applications
[11/03/2007|20:43] C:\Program Files\Creative
[07/10/2007|23:11] C:\Program Files\DJ Mix Pro
[27/08/2007|14:24] C:\Program Files\EA Games
[27/10/2003|22:36] C:\Program Files\Easy Internet signup
[26/06/2008|16:52] C:\Program Files\EnglishOtto
[06/04/2008|21:59] C:\Program Files\Fichiers communs
[27/10/2003|21:55] C:\Program Files\FrenchOtto
[01/07/2008|21:32] C:\Program Files\Gamenext
[19/06/2008|17:10] C:\Program Files\GamesBar
[26/01/2008|22:34] C:\Program Files\GameSpy Arcade
[27/10/2003|21:56] C:\Program Files\GemMasterFrench
[13/07/2008|21:37] C:\Program Files\Google
[05/06/2008|23:22] C:\Program Files\Hewlett-Packard
[04/10/2007|22:20] C:\Program Files\HP
[27/10/2003|22:28] C:\Program Files\HP Pavilion PC Help
[11/03/2007|20:34] C:\Program Files\I386
[07/07/2008|21:33] C:\Program Files\Icone
[02/06/2008|13:28] C:\Program Files\InstallShield Installation Information
[01/07/2008|21:07] C:\Program Files\Internet Explorer
[24/03/2008|17:50] C:\Program Files\InternetGameBox
[27/10/2003|21:50] C:\Program Files\InterVideo
[13/07/2008|19:54] C:\Program Files\Java
[07/07/2008|21:33] C:\Program Files\LETMIN
[01/04/2008|20:28] C:\Program Files\LimeWire
[16/05/2007|20:54] C:\Program Files\Logitech
[22/05/2007|18:10] C:\Program Files\Macrogaming
[31/05/2008|15:07] C:\Program Files\Maxis
[16/03/2007|19:41] C:\Program Files\Messenger
[05/06/2008|21:05] C:\Program Files\Messenger Plus! Live
[05/11/2007|07:54] C:\Program Files\Micro Application
[07/06/2007|18:52] C:\Program Files\Microsoft AutoRoute
[11/05/2007|09:50] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[07/06/2007|18:59] C:\Program Files\Microsoft Encarta
[27/10/2003|18:26] C:\Program Files\microsoft frontpage
[20/12/2007|21:09] C:\Program Files\Microsoft Games
[07/06/2007|18:51] C:\Program Files\Microsoft Money
[07/06/2007|18:45] C:\Program Files\Microsoft Office
[07/06/2007|18:58] C:\Program Files\Microsoft Picture It! 9
[07/06/2007|18:46] C:\Program Files\Microsoft Works
[07/06/2007|18:36] C:\Program Files\Microsoft Works Suite 2004
[14/03/2007|02:03] C:\Program Files\Movie Maker
[13/10/2007|21:51] C:\Program Files\MSBuild
[29/02/2008|21:36] C:\Program Files\MSN Games
[27/10/2003|18:15] C:\Program Files\MSN Gaming Zone
[16/03/2007|19:40] C:\Program Files\MSXML 4.0
[13/10/2007|21:55] C:\Program Files\MSXML 6.0
[11/03/2007|20:41] C:\Program Files\Multimedia Card Reader
[14/03/2007|02:00] C:\Program Files\NetMeeting
[20/03/2007|00:23] C:\Program Files\OpenOffice.org 2.1
[13/06/2007|21:45] C:\Program Files\Outlook Express
[17/05/2007|13:58] C:\Program Files\QuickTime
[27/10/2003|21:52] C:\Program Files\RecordNow!
[13/10/2007|21:45] C:\Program Files\Reference Assemblies
[05/09/2007|17:08] C:\Program Files\Rockstar Games
[31/01/2008|11:45] C:\Program Files\SAGEM
[27/10/2003|22:36] C:\Program Files\Services en ligne
[06/05/2007|15:36] C:\Program Files\SLD Codec Pack
[27/10/2003|21:52] C:\Program Files\Sonic
[06/04/2008|17:15] C:\Program Files\Spybot - Search & Destroy
[06/04/2008|22:03] C:\Program Files\Symantec
[13/07/2008|20:06] C:\Program Files\UBISOFT
[05/11/2007|08:03] C:\Program Files\Uninstall Information
[05/06/2008|21:00] C:\Program Files\VirtualDJ
[30/01/2008|12:25] C:\Program Files\Wanadoo
[13/03/2007|22:13] C:\Program Files\Wanadoo Messager
[13/07/2008|20:05] C:\Program Files\Windows Live
[26/01/2008|22:38] C:\Program Files\Windows Live Toolbar
[13/10/2007|21:29] C:\Program Files\Windows Media Player
[14/03/2007|02:00] C:\Program Files\Windows NT
[27/10/2003|18:17] C:\Program Files\WindowsUpdate
[27/10/2003|18:26] C:\Program Files\xerox
[05/06/2008|20:58] C:\Program Files\Zylom Games

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[23/02/2008|16:27] C:\Program Files\Fichiers communs\Adobe
[20/06/2007|18:53] C:\Program Files\Fichiers communs\BOONTY Shared
[07/06/2007|18:45] C:\Program Files\Fichiers communs\Designer
[27/10/2003|20:38] C:\Program Files\Fichiers communs\Hewlett-Packard
[05/01/2008|00:44] C:\Program Files\Fichiers communs\HP
[19/03/2007|09:03] C:\Program Files\Fichiers communs\InstallShield
[27/10/2003|19:49] C:\Program Files\Fichiers communs\Java
[16/05/2007|20:57] C:\Program Files\Fichiers communs\logishrd
[16/05/2007|20:58] C:\Program Files\Fichiers communs\Logitech
[08/02/2008|19:24] C:\Program Files\Fichiers communs\Microsoft Shared
[27/10/2003|22:11] C:\Program Files\Fichiers communs\Microsoft Visual J# .NET Setup
[27/10/2003|18:20] C:\Program Files\Fichiers communs\MSSoap
[03/05/2008|14:55] C:\Program Files\Fichiers communs\Oberon Media
[27/10/2003|18:10] C:\Program Files\Fichiers communs\ODBC
[12/03/2007|04:28] C:\Program Files\Fichiers communs\Services
[27/10/2003|21:52] C:\Program Files\Fichiers communs\Sonic
[27/10/2003|18:10] C:\Program Files\Fichiers communs\SpeechEngines
[27/10/2003|21:52] C:\Program Files\Fichiers communs\SureThing Shared
[13/07/2008|21:37] C:\Program Files\Fichiers communs\Symantec Shared
[13/06/2007|21:45] C:\Program Files\Fichiers communs\System
[13/12/2007|20:54] C:\Program Files\Fichiers communs\WindowsLiveInstaller

---------------------------[ Process ]--------------------------

... 61

iexplore.exe ~ [3424]
iexplore.exe ~ [3576]
iexplore.exe ~ [4980]

----------------------[ Recherche avec S_Lop ]---------------------

Aucun fichier / dossier Lop trouvé !

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Memo save stupid creative
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Memo save stupid creative\Proxy mode.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\axisdv~1
C:\DOCUME~1\ADMINI~1\APPLIC~1\axisdv~1\Help Ping Bone.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\axisdv~1\Holemoregriddash.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\axisdv~1\malgqgmh.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\axisdv~1\move close stupid.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\axisdv~1\ncxqogcn.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\axisdv~1\qtfymwjr.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\axisdv~1\vrekgqty.exe
C:\Program Files\axisdv~1
C:\Program Files\Circle Developement
C:\Program Files\Circle Developement\Uninstall.exe
C:\WINDOWS\Prefetch\PROXY MODE.EXE-16A7DEA1.pf
C:\WINDOWS\Prefetch\HELP PING BONE.EXE-06F35768.pf
C:\WINDOWS\Prefetch\MOVE CLOSE STUPID.EXE-3439A6FA.pf
C:\DOCUME~1\ADMINI~1\Cookies\administrateur@adopt.euroclick[1].txt
C:\WINDOWS\Tasks\A38B26229188A362.job

----------------------[ Verification du Registre ]----------------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Curb error"="C:\\DOCUME~1\\ADMINI~1\\APPLIC~1\\AXISDV~1\\Help Ping Bone.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"stupid creative poll axis"="C:\\Documents and Settings\\All Users\\Application Data\\Memo save stupid creative\\Proxy mode.exe"

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts MODIFIE

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 [i]ww/iw.drivecleaner.com ## added by CiD
127.0.0.1 [i]ww/iw.errorprotector.com ## added by CiD
127.0.0.1 [i]ww/iw.errorsafe.com ## added by CiD
127.0.0.1 [i]ww/iw.systemdoctor.com ## added by CiD
127.0.0.1 [i]ww/iw.utils.winfixer.com ## added by CiD
127.0.0.1 [i]ww/iw.win-anti-virus-pro.com ## added by CiD
127.0.0.1 [i]ww/iw.win-virus-pro.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispam.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispy.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispyware.com ## added by CiD
127.0.0.1 [i]ww/iw.winantivirus.com ## added by CiD
127.0.0.1 [i]ww/iw.winantiviruspro.com ## added by CiD
127.0.0.1 [i]ww/iw.windrivecleaner.com ## added by CiD
127.0.0.1 [i]ww/iw.windrivesafe.com ## added by CiD
127.0.0.1 [i]ww/iw.winfixer.com ## added by CiD
127.0.0.1 [i]ww/iw.winfixer2006.com ## added by CiD
127.0.0.1 [i]ww/iw.winsoftware.com ## added by CiD

-> 8068 ( 70 ## added by CiD )

/!\ 1 Not 127.0.0.1 !!

----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-13 22:30:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\\PROGRA~1\\Wanadoo\\Shell.exe appLaunchClientZone.shl|DEFAULT

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"jifdtfia"="c:\\documents and settings\\administrateur\\local settings\\application data\\jifdtfia.exe jifdtfia"

C:\Program Files\InternetGameBox
C:\Program Files\InternetGameBox\InternetGameBox.exe
C:\WINDOWS\System32\nvs2.inf

C:\DOCUME~1\ADMINI~1\LOCALS~1\APPLIC~1\jifdtfia.dat
C:\DOCUME~1\ADMINI~1\LOCALS~1\APPLIC~1\jifdtfia_nav.dat
C:\DOCUME~1\ADMINI~1\LOCALS~1\APPLIC~1\jifdtfia_navps.dat
C:\WINDOWS\System32\fuvjeyivtn.dat
C:\WINDOWS\System32\fuvjeyivtn_nav.dat
C:\WINDOWS\System32\fuvjeyivtn_navps.dat
C:\WINDOWS\System32\nuecwoh.dat
C:\WINDOWS\System32\nuecwoh_nav.dat
C:\WINDOWS\System32\nuecwoh_navps.dat
C:\WINDOWS\System32\oelkfd.dat
C:\WINDOWS\System32\oelkfd_nav.dat
C:\WINDOWS\System32\oelkfd_navps.dat
C:\WINDOWS\System32\rnrmqmqmql.dat
C:\WINDOWS\System32\rnrmqmqmql_nav.dat
C:\WINDOWS\System32\rnrmqmqmql_navps.dat
C:\WINDOWS\System32\xlckwg.dat
C:\WINDOWS\System32\xlckwg_nav.dat
C:\WINDOWS\System32\xlckwg_navps.dat
C:\WINDOWS\System32\ybuyrsq.dat
C:\WINDOWS\System32\ybuyrsq_nav.dat
C:\WINDOWS\System32\ybuyrsq_navps.dat
[b]! EGDACCESS !/b

C:\WINDOWS\system32\IkjmTvut.ini2
C:\WINDOWS\system32\IkjmTvut.ini
[b]! VUNDO Possible !/b



[F:1529][D:59]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
[F:43][D:0]-> C:\DOCUME~1\ADMINI~1\Cookies
[F:1004][D:7]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\content.IE5

--------------------[ Fin du rapport a 22:31:38,03 ]----------------------
0
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
13 juil. 2008 à 22:47
Passe à l'option 2

ensuite
Télécharge sur le Bureau HijackThis

http://download.hijackthis.eu/HJTInstall.exe

= Double-clique sur dessus pour l'installer
= Clique sur Do a system scan and save the log
= Colle le rapport
si problème voir l'aide
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

@+
0
Voici avec Hijackthis...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:50:16, on 13/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Administrateur\Mes documents\Programmes téléchargés\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/fr9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ ^% ^% ^ ^%^%^ ^ %^^%%^^ ^ .exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B70643F-4FC3-450C-9D2A-8BACCBEADA0B} - (no file)
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {5341C9FE-EE13-4CDB-BAD4-94F7C784BD5C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\hgGywWOh.dll (file missing)
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {8A077217-AC6B-4ABE-88A5-D3CAB42A8CC4} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [stupid creative poll axis] C:\Documents and Settings\All Users\Application Data\Memo save stupid creative\Proxy mode.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPEWWBP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Curb error] C:\DOCUME~1\ADMINI~1\APPLIC~1\AXISDV~1\Help Ping Bone.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [jifdtfia] c:\documents and settings\administrateur\local settings\application data\jifdtfia.exe jifdtfia
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\AMV Converter 4.17\AMVConverter\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeInstall_fr.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {26522409-8BBF-4C5B-A4D3-CF4B1D6F255B} (UMediaPlayer Class) - http://lfgtr.ffsca.org/UMediaPlayer5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {B9907873-6560-4A36-B76B-9DADE84A7F55} (FnacmusicDnl.DnlManager) - http://www.fnacmusic.com/telechargementFnacmusic/FnacmusicDnl.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: hgGywWOh - hgGywWOh.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Unknown owner - C:\Program Files\Controle Parental\bin\optproxy.exe (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
13 juil. 2008 à 23:18
Il y à pas que du beau monde sur ton PC

Il faut le rapport de lop S&D en option 2

ensuite

Télécharge sur le Bureau : [url=http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe]navilog.exe[/url]
De IL-MAFIOSO

= installe le
= Double-Clic Sur Navilog1 qui est sur le bureau
= Appuyer sur une touche jusqu' arriver aux options
= Choisir option 1 ( = taper 1 )
ne pas utiliser les autres sans avis , il peut y avoir des processus légitimes

le rapport se trouve dans c: fixnavi.txt

tu postes ce rapport.

---------------------
Télecharge http://www.malekal.com/download/clean.zip sur le bureau
De Malekal_Morte

Dézippe sur le bureau.
= ouvrir le dossier clean
= clique sur le symbole roue dentée avec le nom clean
= choisir l'option 1 et laisser clean travailler jusqu'à l'apparition du texte "appuyer sur une touche pour continuer"
= ensuite colle le rapport que tu trouveras dans C:

----------------------

Poste tout les rapports stp
0
Je sais pas ce qui ce passe, mais ma becane marche mal...

voici le rapport en option 2


-----------------------[ Lop S&D 4.2.2-1 XP/Vista ]---------------------

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Administrateur ] [ "C:\Lop SD" ] [ Selection : 2 ]
[ 13/07/2008 | 23:41:24,43 ] [ PC : HPMAISON ]
[ MAJ : 09-07-2008 | 21:02 ]


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Memo save stupid creative\Proxy mode.exe
Supprime! - C:\DOCUME~1\ADMINI~1\APPLIC~1\axisdv~1\Help Ping Bone.exe
Supprime! - C:\DOCUME~1\ADMINI~1\APPLIC~1\axisdv~1\Holemoregriddash.exe
Supprime! - C:\DOCUME~1\ADMINI~1\APPLIC~1\axisdv~1\malgqgmh.exe
Supprime! - C:\DOCUME~1\ADMINI~1\APPLIC~1\axisdv~1\move close stupid.exe
Supprime! - C:\DOCUME~1\ADMINI~1\APPLIC~1\axisdv~1\ncxqogcn.exe
Supprime! - C:\DOCUME~1\ADMINI~1\APPLIC~1\axisdv~1\qtfymwjr.exe
Supprime! - C:\DOCUME~1\ADMINI~1\APPLIC~1\axisdv~1\vrekgqty.exe
Supprime! - C:\Program Files\Circle Developement\Uninstall.exe
Supprime! - C:\WINDOWS\Prefetch\PROXY MODE.EXE-16A7DEA1.pf
Supprime! - C:\WINDOWS\Prefetch\HELP PING BONE.EXE-06F35768.pf
Supprime! - C:\WINDOWS\Prefetch\MOVE CLOSE STUPID.EXE-3439A6FA.pf
Supprime! - C:\DOCUME~1\ADMINI~1\Cookies\administrateur@adopt.euroclick[1].txt
Supprime! - C:\WINDOWS\Tasks\A38B26229188A362.job
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Memo save stupid creative
Supprime! - C:\DOCUME~1\ADMINI~1\APPLIC~1\axisdv~1
Supprime! - C:\Program Files\axisdv~1
Supprime! - C:\Program Files\Circle Developement
RestaurÚ! - Fichier Hosts

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


-------------[ Listing des dossiers dans APPLIC~1 ]------------

[25/06/2008|18:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
[16/11/2007|18:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\AdobeUM
[21/05/2007|22:59] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
[30/05/2008|19:38] C:\DOCUME~1\ADMINI~1\APPLIC~1\cerasus.media
[30/04/2007|21:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\Creative
[27/10/2003|18:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
[25/02/2008|14:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\Gaijin Ent
[26/03/2008|16:43] C:\DOCUME~1\ADMINI~1\APPLIC~1\Gamelab
[04/07/2008|16:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\G-Force Prefs (WindowsMediaPlayer).txt
[02/04/2007|15:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
[26/09/2007|17:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\Help
[13/11/2007|08:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\HP
[01/07/2008|21:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\Icone
[14/05/2008|20:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[05/12/2007|20:15] C:\DOCUME~1\ADMINI~1\APPLIC~1\Image Zone Express
[16/03/2007|20:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\InterVideo
[23/06/2008|17:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\ITTNord
[14/05/2008|20:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\Jane s Hotel Family Hero
[26/04/2007|18:55] C:\DOCUME~1\ADMINI~1\APPLIC~1\Leadertech
[18/02/2008|18:41] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[22/03/2008|10:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[23/01/2008|17:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\Motive
[13/03/2008|16:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\MSN6
[19/03/2008|12:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\Oberon
[13/07/2008|21:39] C:\DOCUME~1\ADMINI~1\APPLIC~1\OpenOffice.org2
[26/06/2008|17:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\Otto
[30/06/2008|17:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\PlayFirst
[27/10/2003|22:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView
[26/04/2007|18:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic
[27/10/2003|19:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[07/10/2007|20:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
[02/06/2007|09:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\TaoUSign
[16/06/2007|10:18] C:\DOCUME~1\ADMINI~1\APPLIC~1\Unreal Streaming
[11/04/2008|15:45] C:\DOCUME~1\ADMINI~1\APPLIC~1\Valusoft
[26/02/2008|11:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\ViquaSoft
[22/04/2008|13:17] C:\DOCUME~1\ADMINI~1\APPLIC~1\wklnhst.dat
[14/05/2008|20:47] C:\DOCUME~1\ADMINI~1\APPLIC~1\Zylom

[23/02/2008|16:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[02/02/2008|16:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Alexandra Ledermann 8
[17/05/2007|13:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[20/06/2007|18:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[27/10/2003|18:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[08/03/2008|15:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DivoGames
[03/05/2008|17:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fashion Solitaire 1.2
[19/06/2008|18:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fugazo
[13/07/2008|20:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar
[29/03/2008|12:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Gogii
[13/07/2008|20:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[27/10/2003|20:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
[04/10/2007|22:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[13/07/2008|20:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
[17/05/2008|15:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
[13/02/2008|15:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Legacy Interactive
[08/02/2008|19:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[27/10/2003|22:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
[13/03/2008|16:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[18/02/2008|17:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NannyMania
[19/03/2008|13:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon
[23/02/2008|17:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon Games
[26/06/2008|17:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Otto
[30/06/2008|17:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
[05/03/2008|17:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
[27/10/2003|18:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[06/04/2008|19:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[06/04/2008|23:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[01/07/2008|19:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[25/02/2008|18:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\The Game Equation
[11/04/2008|15:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Valusoft
[13/03/2007|22:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[10/05/2007|17:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[26/01/2008|16:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
[01/07/2008|16:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[27/02/2008|19:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

[27/10/2003|18:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[27/10/2003|18:25] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[27/10/2003|20:42] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[27/10/2003|22:40] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView
[27/10/2003|21:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sonic
[27/10/2003|19:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[28/10/2003|23:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

[27/11/2007|01:39] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[27/10/2003|18:30] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[27/10/2003|18:30] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[29/08/2007|13:17] C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

[20/08/2003 00:47][-rah-----] C:\WINDOWS\tasks\desktop.ini
[13/07/2008 21:37][--ah-----] C:\WINDOWS\tasks\SA.DAT

---------------[ Listing des dossiers dans C:\Program Files ]--------------

[26/01/2008|11:43] C:\Program Files\A.S.C
[23/02/2008|16:27] C:\Program Files\Adobe
[06/04/2008|19:35] C:\Program Files\Alwil Software
[19/10/2007|18:27] C:\Program Files\AMV Converter 4.17
[11/03/2007|20:45] C:\Program Files\ArcSoft
[24/06/2008|09:44] C:\Program Files\Atout Clic CE1
[20/06/2007|18:52] C:\Program Files\Boonty
[20/06/2007|18:52] C:\Program Files\BoontyGames
[11/04/2008|18:43] C:\Program Files\Call of Duty
[12/05/2007|07:21] C:\Program Files\Cdiscount photos
[13/03/2008|18:46] C:\Program Files\Common Files
[27/10/2003|18:18] C:\Program Files\ComPlus Applications
[11/03/2007|20:43] C:\Program Files\Creative
[07/10/2007|23:11] C:\Program Files\DJ Mix Pro
[27/08/2007|14:24] C:\Program Files\EA Games
[27/10/2003|22:36] C:\Program Files\Easy Internet signup
[26/06/2008|16:52] C:\Program Files\EnglishOtto
[06/04/2008|21:59] C:\Program Files\Fichiers communs
[27/10/2003|21:55] C:\Program Files\FrenchOtto
[01/07/2008|21:32] C:\Program Files\Gamenext
[19/06/2008|17:10] C:\Program Files\GamesBar
[26/01/2008|22:34] C:\Program Files\GameSpy Arcade
[27/10/2003|21:56] C:\Program Files\GemMasterFrench
[13/07/2008|21:37] C:\Program Files\Google
[05/06/2008|23:22] C:\Program Files\Hewlett-Packard
[04/10/2007|22:20] C:\Program Files\HP
[27/10/2003|22:28] C:\Program Files\HP Pavilion PC Help
[11/03/2007|20:34] C:\Program Files\I386
[07/07/2008|21:33] C:\Program Files\Icone
[02/06/2008|13:28] C:\Program Files\InstallShield Installation Information
[01/07/2008|21:07] C:\Program Files\Internet Explorer
[24/03/2008|17:50] C:\Program Files\InternetGameBox
[27/10/2003|21:50] C:\Program Files\InterVideo
[13/07/2008|19:54] C:\Program Files\Java
[07/07/2008|21:33] C:\Program Files\LETMIN
[01/04/2008|20:28] C:\Program Files\LimeWire
[16/05/2007|20:54] C:\Program Files\Logitech
[22/05/2007|18:10] C:\Program Files\Macrogaming
[31/05/2008|15:07] C:\Program Files\Maxis
[16/03/2007|19:41] C:\Program Files\Messenger
[05/06/2008|21:05] C:\Program Files\Messenger Plus! Live
[05/11/2007|07:54] C:\Program Files\Micro Application
[07/06/2007|18:52] C:\Program Files\Microsoft AutoRoute
[11/05/2007|09:50] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[07/06/2007|18:59] C:\Program Files\Microsoft Encarta
[27/10/2003|18:26] C:\Program Files\microsoft frontpage
[20/12/2007|21:09] C:\Program Files\Microsoft Games
[07/06/2007|18:51] C:\Program Files\Microsoft Money
[07/06/2007|18:45] C:\Program Files\Microsoft Office
[07/06/2007|18:58] C:\Program Files\Microsoft Picture It! 9
[07/06/2007|18:46] C:\Program Files\Microsoft Works
[07/06/2007|18:36] C:\Program Files\Microsoft Works Suite 2004
[14/03/2007|02:03] C:\Program Files\Movie Maker
[13/10/2007|21:51] C:\Program Files\MSBuild
[29/02/2008|21:36] C:\Program Files\MSN Games
[27/10/2003|18:15] C:\Program Files\MSN Gaming Zone
[16/03/2007|19:40] C:\Program Files\MSXML 4.0
[13/10/2007|21:55] C:\Program Files\MSXML 6.0
[11/03/2007|20:41] C:\Program Files\Multimedia Card Reader
[14/03/2007|02:00] C:\Program Files\NetMeeting
[20/03/2007|00:23] C:\Program Files\OpenOffice.org 2.1
[13/06/2007|21:45] C:\Program Files\Outlook Express
[17/05/2007|13:58] C:\Program Files\QuickTime
[27/10/2003|21:52] C:\Program Files\RecordNow!
[13/10/2007|21:45] C:\Program Files\Reference Assemblies
[05/09/2007|17:08] C:\Program Files\Rockstar Games
[31/01/2008|11:45] C:\Program Files\SAGEM
[27/10/2003|22:36] C:\Program Files\Services en ligne
[06/05/2007|15:36] C:\Program Files\SLD Codec Pack
[27/10/2003|21:52] C:\Program Files\Sonic
[06/04/2008|17:15] C:\Program Files\Spybot - Search & Destroy
[06/04/2008|22:03] C:\Program Files\Symantec
[13/07/2008|20:06] C:\Program Files\UBISOFT
[05/11/2007|08:03] C:\Program Files\Uninstall Information
[05/06/2008|21:00] C:\Program Files\VirtualDJ
[30/01/2008|12:25] C:\Program Files\Wanadoo
[13/03/2007|22:13] C:\Program Files\Wanadoo Messager
[13/07/2008|20:05] C:\Program Files\Windows Live
[26/01/2008|22:38] C:\Program Files\Windows Live Toolbar
[13/10/2007|21:29] C:\Program Files\Windows Media Player
[14/03/2007|02:00] C:\Program Files\Windows NT
[27/10/2003|18:17] C:\Program Files\WindowsUpdate
[27/10/2003|18:26] C:\Program Files\xerox
[05/06/2008|20:58] C:\Program Files\Zylom Games

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

[23/02/2008|16:27] C:\Program Files\Fichiers communs\Adobe
[20/06/2007|18:53] C:\Program Files\Fichiers communs\BOONTY Shared
[07/06/2007|18:45] C:\Program Files\Fichiers communs\Designer
[27/10/2003|20:38] C:\Program Files\Fichiers communs\Hewlett-Packard
[05/01/2008|00:44] C:\Program Files\Fichiers communs\HP
[19/03/2007|09:03] C:\Program Files\Fichiers communs\InstallShield
[27/10/2003|19:49] C:\Program Files\Fichiers communs\Java
[16/05/2007|20:57] C:\Program Files\Fichiers communs\logishrd
[16/05/2007|20:58] C:\Program Files\Fichiers communs\Logitech
[08/02/2008|19:24] C:\Program Files\Fichiers communs\Microsoft Shared
[27/10/2003|22:11] C:\Program Files\Fichiers communs\Microsoft Visual J# .NET Setup
[27/10/2003|18:20] C:\Program Files\Fichiers communs\MSSoap
[03/05/2008|14:55] C:\Program Files\Fichiers communs\Oberon Media
[27/10/2003|18:10] C:\Program Files\Fichiers communs\ODBC
[12/03/2007|04:28] C:\Program Files\Fichiers communs\Services
[27/10/2003|21:52] C:\Program Files\Fichiers communs\Sonic
[27/10/2003|18:10] C:\Program Files\Fichiers communs\SpeechEngines
[27/10/2003|21:52] C:\Program Files\Fichiers communs\SureThing Shared
[13/07/2008|21:37] C:\Program Files\Fichiers communs\Symantec Shared
[13/06/2007|21:45] C:\Program Files\Fichiers communs\System
[13/12/2007|20:54] C:\Program Files\Fichiers communs\WindowsLiveInstaller

---------------------------[ Process ]--------------------------

... 60

... OK !

----------------------[ Recherche avec S_Lop ]---------------------

Aucun fichier / dossier Lop trouvé !

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

C:\DOCUME~1\ADMINI~1\Cookies\administrateur@32vegas[1].txt
C:\DOCUME~1\ADMINI~1\Cookies\administrateur@banner.32vegas[2].txt

----------------------[ Verification du Registre ]----------------------

..... OK !

--------------------[ Verification du fichier Hosts ]---------------------

Fichier Hosts PROPRE


----------------[ Recherche de fichiers avec Catchme ]-----------------

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-13 23:43:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\\PROGRA~1\\Wanadoo\\Shell.exe appLaunchClientZone.shl|DEFAULT

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"jifdtfia"="c:\\documents and settings\\administrateur\\local settings\\application data\\jifdtfia.exe jifdtfia"

C:\Program Files\InternetGameBox
C:\Program Files\InternetGameBox\InternetGameBox.exe
C:\WINDOWS\System32\nvs2.inf

C:\DOCUME~1\ADMINI~1\LOCALS~1\APPLIC~1\jifdtfia.dat
C:\DOCUME~1\ADMINI~1\LOCALS~1\APPLIC~1\jifdtfia_nav.dat
C:\DOCUME~1\ADMINI~1\LOCALS~1\APPLIC~1\jifdtfia_navps.dat
C:\WINDOWS\System32\fuvjeyivtn.dat
C:\WINDOWS\System32\fuvjeyivtn_nav.dat
C:\WINDOWS\System32\fuvjeyivtn_navps.dat
C:\WINDOWS\System32\nuecwoh.dat
C:\WINDOWS\System32\nuecwoh_nav.dat
C:\WINDOWS\System32\nuecwoh_navps.dat
C:\WINDOWS\System32\oelkfd.dat
C:\WINDOWS\System32\oelkfd_nav.dat
C:\WINDOWS\System32\oelkfd_navps.dat
C:\WINDOWS\System32\rnrmqmqmql.dat
C:\WINDOWS\System32\rnrmqmqmql_nav.dat
C:\WINDOWS\System32\rnrmqmqmql_navps.dat
C:\WINDOWS\System32\xlckwg.dat
C:\WINDOWS\System32\xlckwg_nav.dat
C:\WINDOWS\System32\xlckwg_navps.dat
C:\WINDOWS\System32\ybuyrsq.dat
C:\WINDOWS\System32\ybuyrsq_nav.dat
C:\WINDOWS\System32\ybuyrsq_navps.dat
[b]! EGDACCESS !/b

C:\WINDOWS\system32\IkjmTvut.ini2
C:\WINDOWS\system32\IkjmTvut.ini
[b]! VUNDO Possible !/b



[F:1536][D:59]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
[F:59][D:0]-> C:\DOCUME~1\ADMINI~1\Cookies
[F:1697][D:7]-> C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\content.IE5

--------------------[ Fin du rapport a 23:44:30,10 ]----------------------

rapport navilog

Search Navipromo version 3.6.0 commencé le 13/07/2008 à 23:50:28,21

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Administrateur"

Mise à jour le 27.06.2008 à 23h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***

C:\Program Files\InternetGameBox trouvé !

*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Administrateur\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Administrateur\menudm~1\progra~1" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé


*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" *

Fichiers suspects :

dsorrqd.exe trouvé !



*** Recherche fichiers ***


C:\WINDOWS\system32\nvs2.inf trouvé !

*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé !

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :

fuvjeyivtn.dat trouvé !
fuvjeyivtn_nav.dat trouvé !
fuvjeyivtn_navps.dat trouvé !
nuecwoh.dat trouvé !
nuecwoh_nav.dat trouvé !
nuecwoh_navps.dat trouvé !
oelkfd.dat trouvé !
oelkfd_nav.dat trouvé !
oelkfd_navps.dat trouvé !
rnrmqmqmql.dat trouvé !
rnrmqmqmql_nav.dat trouvé !
rnrmqmqmql_navps.dat trouvé !
xlckwg.dat trouvé !
xlckwg_nav.dat trouvé !
xlckwg_navps.dat trouvé !
ybuyrsq.dat trouvé !
ybuyrsq_nav.dat trouvé !
ybuyrsq_navps.dat trouvé !

* Dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" :

jifdtfia.dat trouvé !
jifdtfia_nav.dat trouvé !
jifdtfia_navps.dat trouvé !

3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

C:\WINDOWS\system32\IkjmTvut.ini2 trouvé ! infection Vundo possible non traitée par cet outil !


*** Analyse terminée le 13/07/2008 à 23:56:56,29 ***

L'exec de clean ne fonctionne pas...
0
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
14 juil. 2008 à 00:06
Il faut aussi le rapport de clean

pour navilog tu le relance et choisit l'option 2

et poste le rapport

0
voici le rapport navilog option 2

Clean Navipromo version 3.6.0 commencé le 14/07/2008 à 0:08:44,96

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Administrateur"

Mise à jour le 27.06.2008 à 23h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Mode suppression automatique
avec prise en charge résultats Catchme et GNS


[b] Nettoyage executé en mode normal sans redémarrage
!! Les résultats ne seront pas optimisés !! [/b]


*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *


* Suppression dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" *



*** Suppression dossiers dans "C:\WINDOWS" ***


*** Suppression dossiers dans "C:\Program Files" ***

C:\Program Files\InternetGamebox ...suppression...
C:\Program Files\InternetGamebox supprimé !


*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\Administrateur\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\Administrateur\menudm~1\progra~1" ***



*** Suppression fichiers ***

C:\WINDOWS\system32\nvs2.inf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Administrateur\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS\system32" *

fuvjeyivtn.dat trouvé !
Copie fuvjeyivtn.dat réalisée avec succès !
fuvjeyivtn.dat supprimé !

nuecwoh.dat trouvé !
Copie nuecwoh.dat réalisée avec succès !
nuecwoh.dat supprimé !

oelkfd.dat trouvé !
Copie oelkfd.dat réalisée avec succès !
oelkfd.dat supprimé !

rnrmqmqmql.dat trouvé !
Copie rnrmqmqmql.dat réalisée avec succès !
rnrmqmqmql.dat supprimé !

xlckwg.dat trouvé !
Copie xlckwg.dat réalisée avec succès !
xlckwg.dat supprimé !

ybuyrsq.dat trouvé !
Copie ybuyrsq.dat réalisée avec succès !
ybuyrsq.dat supprimé !

fuvjeyivtn_nav.dat trouvé !
Copie fuvjeyivtn_nav.dat réalisée avec succès !
fuvjeyivtn_nav.dat supprimé !

nuecwoh_nav.dat trouvé !
Copie nuecwoh_nav.dat réalisée avec succès !
nuecwoh_nav.dat supprimé !

oelkfd_nav.dat trouvé !
Copie oelkfd_nav.dat réalisée avec succès !
oelkfd_nav.dat supprimé !

rnrmqmqmql_nav.dat trouvé !
Copie rnrmqmqmql_nav.dat réalisée avec succès !
rnrmqmqmql_nav.dat supprimé !

xlckwg_nav.dat trouvé !
Copie xlckwg_nav.dat réalisée avec succès !
xlckwg_nav.dat supprimé !

ybuyrsq_nav.dat trouvé !
Copie ybuyrsq_nav.dat réalisée avec succès !
ybuyrsq_nav.dat supprimé !

fuvjeyivtn_navps.dat trouvé !
Copie fuvjeyivtn_navps.dat réalisée avec succès !
fuvjeyivtn_navps.dat supprimé !

nuecwoh_navps.dat trouvé !
Copie nuecwoh_navps.dat réalisée avec succès !
nuecwoh_navps.dat supprimé !

oelkfd_navps.dat trouvé !
Copie oelkfd_navps.dat réalisée avec succès !
oelkfd_navps.dat supprimé !

rnrmqmqmql_navps.dat trouvé !
Copie rnrmqmqmql_navps.dat réalisée avec succès !
rnrmqmqmql_navps.dat supprimé !

xlckwg_navps.dat trouvé !
Copie xlckwg_navps.dat réalisée avec succès !
xlckwg_navps.dat supprimé !

ybuyrsq_navps.dat trouvé !
Copie ybuyrsq_navps.dat réalisée avec succès !
ybuyrsq_navps.dat supprimé !


* Dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" *

jifdtfia.dat trouvé !
Copie jifdtfia.dat réalisée avec succès !
jifdtfia.dat supprimé !

jifdtfia_nav.dat trouvé !
Copie jifdtfia_nav.dat réalisée avec succès !
jifdtfia_nav.dat supprimé !

jifdtfia_navps.dat trouvé !
Copie jifdtfia_navps.dat réalisée avec succès !
jifdtfia_navps.dat supprimé !


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Fichiers suspects non supprimés par Navilog1 ***
!! Fichiers légitimes possibles, à contrôler avant suppression !!

Fichiers suspects dans "C:\Documents and Settings\Administrateur\locals~1\applic~1" :

dsorrqd.exe trouvé !

*** Nettoyage terminé le 14/07/2008 à 0:20:42,35 ***

je recommence avec clean...
0
pour clean, erreur ""des fichiers sont manquants,avez vous bien décompressés toute l'archive ? - le script ne peut continuer a s'executer...

alors la ???
0
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
14 juil. 2008 à 00:34
tu le supprime et recommence

0
je l'ai supprimé, arrété l'antivirus, re téléchargé et cela ne fonctionne toujours pas ...
0
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
14 juil. 2008 à 01:09
Bon laisse pour clean

Télécharge sur ton bureau DSS (ex Comboscan) de Deckard:

(choisis enregistrer, puis Bureau comme emplacement)

http://deckard.geekstogo.com/dss.exe

Ferme toutes les applications en cours.

Double-clic sur comboscan.exe pour lancer l'outil.

Une fenêtre s'ouvre, invitant à fermer toutes les applications, clique sur OK.

A la fin de l'analyse, une fenêtre s'ouvre, clique sur OK.

Le rapport Comboscan.txt va s'afficher, copie le dans ta prochaine réponse.
Si un rapport complémentaire a été créé, poste le aussi dans ta réponse.
0
Bonjour,
Apres une pose nocturne, retour au probleme...

rdeux rapports avec DSS...

Deckard's System Scanner v20071014.68
Run by Administrateur on 2008-07-14 09:15:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
137: 2008-07-14 07:15:28 UTC - RP601 - Deckard's System Scanner Restore Point
136: 2008-07-13 18:06:43 UTC - RP600 - Supprimé THE SETTLERS - L'Héritage des Rois
135: 2008-07-13 18:06:00 UTC - RP599 - Supprimé Norton Security Scan
134: 2008-07-13 18:05:10 UTC - RP598 - Supprimé Windows Live Writer
133: 2008-07-13 18:03:56 UTC - RP597 - Supprimé Windows Live Messenger


-- First Restore Point --
1: 2008-05-08 06:41:36 UTC - RP465 - Point de vérification système


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Administrateur.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:17:45, on 14/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrateur\Bureau\dss.exe
C:\DOCUME~1\ADMINI~1\MESDOC~1\PROGRA~1\Administrateur.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/fr9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ ^% ^% ^ ^%^%^ ^ %^^%%^^ ^ .exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B70643F-4FC3-450C-9D2A-8BACCBEADA0B} - (no file)
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {5341C9FE-EE13-4CDB-BAD4-94F7C784BD5C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\hgGywWOh.dll (file missing)
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {8A077217-AC6B-4ABE-88A5-D3CAB42A8CC4} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [stupid creative poll axis] C:\Documents and Settings\All Users\Application Data\Memo save stupid creative\Proxy mode.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPEWWBP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Curb error] C:\DOCUME~1\ADMINI~1\APPLIC~1\AXISDV~1\Help Ping Bone.exe
O4 - HKCU\..\Run: [jifdtfia] c:\documents and settings\administrateur\local settings\application data\jifdtfia.exe jifdtfia
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\AMV Converter 4.17\AMVConverter\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeInstall_fr.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {26522409-8BBF-4C5B-A4D3-CF4B1D6F255B} (UMediaPlayer Class) - http://lfgtr.ffsca.org/UMediaPlayer5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {B9907873-6560-4A36-B76B-9DADE84A7F55} (FnacmusicDnl.DnlManager) - http://www.fnacmusic.com/telechargementFnacmusic/FnacmusicDnl.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: hgGywWOh - hgGywWOh.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Unknown owner - C:\Program Files\Controle Parental\bin\optproxy.exe (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
0
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
14 juil. 2008 à 10:21
Bonjour pas mal de monde

Télécharge ToolBar-S&D ( Merci à Eric_71, Angeldark, Sham_Rock et XmichouX )
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

* Double-clique sur ToolBar-SD afin de lancer l'installation, un raccourci sera ajouté sur le Bureau.
* Double-clique dessus pour démarrer l'outil; choisis la langue.
* Sous Vista, faire un clic droit et "Exécuter en tant qu'administrateur" (Elévation des privilèges), puis -> Continuer.
* Tape 1 puis sur la touche [Entrée] afin de lancer la recherche.
* Patiente jusqu'à la fin de la recherche.
* À la fin du scan, le rapport s'ouvrira dans le Bloc-notes.
* Poste ce rapport, par copier/coller, dans ta prochaine réponse.
* Le rapport se trouve également sous : C:\TB.txt

** Aide en images
https://sites.google.com/site/toolbarsd/aideenimages


ensuite

Télécharge Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

=> /!\déconnecte toi d'internet et ferme toutes tes applications./!\

=>/!\ désactive tes protections (antivirus, parefeu,antispyware) provisoirement et seulement le temps de l'utilisation de ComboFix,/!\

=> Double-clic sur combofix,

=> /!\Ne touche à rien tant que le scan n'est pas terminé.Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi./!\

=> Attends que combofix ait terminé, un rapport sera créé.

=> réactive ton parefeu, ton antivirus, la garde de ton antispyware

=> copie/colle le rapport C:\ComboFix.txt

=> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.


PS ABS le reste de la journée de retour ce soir
0
voici deja pour toolbar...

-----------\\ ToolBar S&D 1.0.4 XP/Vista

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Administrateur ] [ "C:\Toolbar SD" ] [ Selection : 1 ]
[ 14/07/2008 | 10:50:24,07 ] [ PC : HPMAISON ]
[ MAJ : 11-07-2008 | 18:40 ]

-----------\\ Recherche de Fichiers / Dossiers ...

C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-02-20-46-49
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-02-20-46-49.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-07-17-24-27
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-07-17-24-27.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-25-14-55-02
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-25-14-55-02.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-25-14-55-25
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-25-14-55-25.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-25-14-55-59
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-25-14-55-59.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-25-14-58-47
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-25-14-58-47.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-25-14-59-18
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-25-14-59-18.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-25-15-00-27
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-25-15-00-27.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-25-15-02-40
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-25-15-02-40.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-21-19-07-36
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-21-19-07-36.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-26-10-09-15
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-26-10-09-15.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-05-18-15-20-50
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-05-18-15-20-50.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-06-06-18-47-43
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-06-06-18-47-43.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-06-09-18-03-57
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-06-09-18-03-57.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-07-12-19-38-34
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-07-12-19-38-34.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\about.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\action.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\AliceGreenfingers16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\arcade.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\Azada16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\buy.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\Cake_mania_216x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\cards.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\deals.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\download.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\dream_day_first_home16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\eye_for_design16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\family_restaurant16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\feedback.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\heart_of_egypt16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\hells_kitchen16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\help.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\highlight.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\jigsaw.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mahjong.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\multiplayer.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mygames.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\newGames.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\oberonconfig.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\obSearchHistory.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\partner.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\penguins_journey16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\peril_at_end_house16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\pet_shop_hop16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\popup_off.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\popup_on.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\puzzle.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\ranch_rush16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\search.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\search_goog.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sendafriend.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sports.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\trial.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\uninstall.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\update.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\virtualvillagers16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\vogue_tales16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\webgame.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\west16x16.gif
C:\Program Files\GamesBar
C:\Program Files\GamesBar\Localization-English.ini
C:\Program Files\GamesBar\Localization-French.ini
C:\Program Files\GamesBar\oberontb.dll
C:\Program Files\GamesBar\OBGet.exe
C:\Program Files\GamesBar\uninst.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMPOR~1\content.IE5\NTQWNXX1\7C63DA59D3C5263788489AF211AA47[1].jpg

-----------\\ [HKCU\..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]


-----------\\ Fin du rapport a 10:50:46,82
Prochain message rapport combot...

Ok passez une bonne journée...
@+
0
et le rapport de combofix

ComboFix 08-07-13.9 - Administrateur 2008-07-14 10:57:33.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.171 [GMT 2:00]
Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrateur\Application Data\macromedia\Flash Player\#SharedObjects\S6VUX2BV\iforex.com
C:\Documents and Settings\Administrateur\Application Data\macromedia\Flash Player\#SharedObjects\S6VUX2BV\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Administrateur\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Administrateur\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\Administrateur\real.txt
C:\Program Files\GamesBar\oberontb.dll
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\glxufnek.dll
C:\WINDOWS\system32\IkjmTvut.ini
C:\WINDOWS\system32\IkjmTvut.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mjkveoqx.dll
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\real.txt
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-14 to 2008-07-14 ))))))))))))))))))))))))))))))))))))
.

2008-07-14 10:48 . 2008-07-14 10:50 <REP> d-------- C:\Toolbar SD
2008-07-14 09:15 . 2008-07-14 09:15 <REP> d-------- C:\Deckard
2008-07-13 23:49 . 2008-07-14 00:20 <REP> d-------- C:\Program Files\Navilog1
2008-07-13 22:18 . 2008-07-13 23:44 <REP> d-------- C:\Lop SD
2008-07-07 21:33 . 2008-07-07 21:33 <REP> d-------- C:\Program Files\LETMIN
2008-07-07 21:33 . 2008-07-07 21:33 <REP> d-------- C:\Program Files\Icone
2008-07-02 09:49 . 2008-07-13 20:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-02 09:49 . 2008-07-02 09:49 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-01 21:07 . 2008-07-01 21:07 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Icone
2008-06-29 20:28 . 2008-06-29 20:40 <REP> d-------- C:\Documents and Settings\Administrateur\meo
2008-06-29 20:27 . 2008-06-29 20:27 <REP> d-------- C:\Documents and Settings\Administrateur\.jnlp-applet
2008-06-26 16:55 . 2008-06-26 17:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Otto
2008-06-26 16:55 . 2008-06-26 17:26 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Otto
2008-06-26 16:52 . 2008-06-26 16:52 <REP> d-------- C:\Program Files\EnglishOtto
2008-06-23 17:37 . 2008-06-23 17:37 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ITTNord
2008-06-20 19:41 . 2008-06-20 19:41 247,808 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 12:44 . 2008-06-20 12:44 138,368 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-17 10:05 . 2008-06-17 10:05 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-06-14 17:50 . 2008-06-14 17:50 <REP> d-------- C:\PetsFunHouse

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-14 09:09 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-07-14 08:57 --------- d-----w C:\Program Files\GamesBar
2008-07-14 07:14 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org2
2008-07-13 19:37 --------- d-----w C:\Program Files\Google
2008-07-13 19:37 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-07-13 18:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\GamesBar
2008-07-13 18:06 --------- d-----w C:\Program Files\UBISOFT
2008-07-13 18:05 --------- d-----w C:\Program Files\Windows Live
2008-07-13 17:54 --------- d-----w C:\Program Files\Java
2008-07-01 19:32 --------- d-----w C:\Program Files\Gamenext
2008-07-01 17:52 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-01 14:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-30 15:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-06-30 15:35 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\PlayFirst
2008-06-24 07:44 --------- d-----w C:\Program Files\Atout Clic CE1
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 16:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fugazo
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-05 21:22 --------- d-----w C:\Program Files\Hewlett-Packard
2008-06-05 19:05 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-05 19:00 --------- d-----w C:\Program Files\VirtualDJ
2008-06-05 18:58 --------- d-----w C:\Program Files\Zylom Games
2008-06-02 11:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-31 13:07 --------- d-----w C:\Program Files\Maxis
2008-05-30 17:38 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\cerasus.media
2008-05-17 13:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\JollyBear
2008-05-14 18:47 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Zylom
2008-05-14 18:47 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Jane s Hotel Family Hero
2008-04-22 11:17 160 ----a-w C:\Documents and Settings\Administrateur\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-10-30 21:12 67128]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 16:53 73840]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 12:00 204800]
"Acme.PCHButton"="C:\PROGRA~1\HPPAVI~1\Pavilion\XPEWWBP4\plugin\bin\PCHButton.exe" [2003-10-27 22:27 155648]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"NVIEW"="nview.dll" [2003-08-19 03:56 852038 C:\WINDOWS\system32\nview.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-20 01:09 50176]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-09-22 17:29 118784]
"CamMonitor"="c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 08:23 90112]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 03:56 483328]
"UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 09:01 110592]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 22:42 212992]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-08-19 03:56 4841472]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-08-14 21:11 139264]
"CTDVDDet"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 02:00 45056]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 15:32 225280]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2005-12-07 10:26 489472]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2005-12-07 10:33 73728]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 17:22 262144]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-17 13:58 155648]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 18:49 50688]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-03-12 10:22 517768]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"nwiz"="nwiz.exe" [2003-08-19 03:56 323584 C:\WINDOWS\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [2003-05-28 20:59 28672 C:\WINDOWS\system32\cthelper.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"CMSRegOW.exe"="C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" [2003-06-16 02:00 57344]
"SetDefaultMidi"="MIDIDEF.EXE" [2002-12-03 17:16 49152 C:\WINDOWS\mididef.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\ ^% ^% ^ ^%^%^ ^ %^^%%^^ ^ .exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 hcw88ts;Hauppauge WinTV 88x TS Capture;C:\WINDOWS\system32\drivers\hcw88ts.sys [2004-10-13 18:30]
R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;C:\WINDOWS\system32\drivers\hcw88bda.sys [2004-09-28 01:10]
R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;C:\WINDOWS\system32\Drivers\hcw88rc5.sys [2004-06-24 16:02]
R3 hcw88vid;Hauppauge WinTV 88x Video;C:\WINDOWS\system32\drivers\hcw88vid.sys [2004-09-28 01:09]
R3 hcwPVRP2;Hauppauge WinTV-PVR PCI II (Encoder-16);C:\WINDOWS\system32\DRIVERS\hcwPVRP2.sys [2003-12-10 19:01]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 15:37]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
S2 OPTENET_FILTER;Orange Contrôle Parental;C:\Program Files\Controle Parental\bin\optproxy.exe []
S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2007-06-20 18:53]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 07:58]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 10:42]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 10:42]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 10:42]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

.
- - - - ORPHANS REMOVED - - - -

BHO-{0B70643F-4FC3-450C-9D2A-8BACCBEADA0B} - (no file)
BHO-{5341C9FE-EE13-4CDB-BAD4-94F7C784BD5C} - (no file)
BHO-{549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
BHO-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
BHO-{6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file)
BHO-{8A077217-AC6B-4ABE-88A5-D3CAB42A8CC4} - (no file)
Toolbar-{6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file)
HKCU-Run-WOOKIT - C:\PROGRA~1\Wanadoo\Shell.exe
HKCU-Run-BackupNotify - c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
HKCU-Run-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-MsnMsgr - C:\Program Files\Windows Live\Messenger\msnmsgr.exe
HKCU-Run-Curb error - C:\DOCUME~1\ADMINI~1\APPLIC~1\AXISDV~1\Help Ping Bone.exe
HKCU-Run-jifdtfia - c:\documents and settings\administrateur\local settings\application data\jifdtfia.exe
HKCU-Run-RecordNow! - (no file)
HKLM-Run-HPHUPD05 - c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
HKLM-Run-stupid creative poll axis - C:\Documents and Settings\All Users\Application Data\Memo save stupid creative\Proxy mode.exe
HKU-Default-Run-msnmsgr - C:\Program Files\Windows Live\Messenger\msnmsgr.exe
Notify-hgGywWOh - hgGywWOh.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-14 11:10:51
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\eHome\ehsched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-14 11:21:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-14 09:20:43

Pre-Run: 93,674,065,920 octets libres
Post-Run: 93,588,398,080 octets libres

222 --- E O F --- 2008-07-13 17:26:57
0
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
14 juil. 2008 à 18:21
re ;)

selectionne ceci

registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"=-


File::
C:\WINDOWS\system32\drivers\lvuvc.hs
C:\Program Files\GamesBar
C:\Documents and Settings\All Users\Application Data\GamesBar



* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Veille à ce que Retour à la ligne ne soit pas coché dans Format.
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme ceci
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.
si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.  

@+
0
Bonjour,
le rapport combofix
ComboFix 08-07-13.9 - Administrateur 2008-07-15 6:50:13.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.189 [GMT 2:00]
Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrateur\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\Documents and Settings\All Users\Application Data\GamesBar
C:\Program Files\GamesBar
C:\WINDOWS\system32\drivers\lvuvc.hs
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\lvuvc.hs

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-15 to 2008-07-15 ))))))))))))))))))))))))))))))))))))
.

2008-07-14 10:48 . 2008-07-14 10:50 <REP> d-------- C:\Toolbar SD
2008-07-14 09:15 . 2008-07-14 09:15 <REP> d-------- C:\Deckard
2008-07-13 23:49 . 2008-07-14 00:20 <REP> d-------- C:\Program Files\Navilog1
2008-07-13 22:18 . 2008-07-13 23:44 <REP> d-------- C:\Lop SD
2008-07-07 21:33 . 2008-07-07 21:33 <REP> d-------- C:\Program Files\LETMIN
2008-07-07 21:33 . 2008-07-07 21:33 <REP> d-------- C:\Program Files\Icone
2008-07-02 09:49 . 2008-07-13 20:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-02 09:49 . 2008-07-02 09:49 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-01 21:07 . 2008-07-01 21:07 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Icone
2008-06-29 20:28 . 2008-06-29 20:40 <REP> d-------- C:\Documents and Settings\Administrateur\meo
2008-06-29 20:27 . 2008-06-29 20:27 <REP> d-------- C:\Documents and Settings\Administrateur\.jnlp-applet
2008-06-26 16:55 . 2008-06-26 17:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Otto
2008-06-26 16:55 . 2008-06-26 17:26 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Otto
2008-06-26 16:52 . 2008-06-26 16:52 <REP> d-------- C:\Program Files\EnglishOtto
2008-06-23 17:37 . 2008-06-23 17:37 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ITTNord
2008-06-20 19:41 . 2008-06-20 19:41 247,808 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 12:44 . 2008-06-20 12:44 138,368 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-17 10:05 . 2008-06-17 10:05 <REP> d-------- C:\WINDOWS\system32\LogFiles

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-14 08:57 --------- d-----w C:\Program Files\GamesBar
2008-07-14 07:14 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org2
2008-07-13 19:37 --------- d-----w C:\Program Files\Google
2008-07-13 19:37 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-07-13 18:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\GamesBar
2008-07-13 18:06 --------- d-----w C:\Program Files\UBISOFT
2008-07-13 18:05 --------- d-----w C:\Program Files\Windows Live
2008-07-13 17:54 --------- d-----w C:\Program Files\Java
2008-07-01 19:32 --------- d-----w C:\Program Files\Gamenext
2008-07-01 17:52 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-01 14:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-30 15:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-06-30 15:35 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\PlayFirst
2008-06-24 07:44 --------- d-----w C:\Program Files\Atout Clic CE1
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 16:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fugazo
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-05 21:22 --------- d-----w C:\Program Files\Hewlett-Packard
2008-06-05 19:05 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-05 19:00 --------- d-----w C:\Program Files\VirtualDJ
2008-06-05 18:58 --------- d-----w C:\Program Files\Zylom Games
2008-06-02 11:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-31 13:07 --------- d-----w C:\Program Files\Maxis
2008-05-30 17:38 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\cerasus.media
2008-05-17 13:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\JollyBear
2008-04-22 11:17 160 ----a-w C:\Documents and Settings\Administrateur\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( snapshot@2008-07-14_11.20.21.79 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-15 05:02:06 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_60c.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-10-30 21:12 67128]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 16:53 73840]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 12:00 204800]
"Acme.PCHButton"="C:\PROGRA~1\HPPAVI~1\Pavilion\XPEWWBP4\plugin\bin\PCHButton.exe" [2003-10-27 22:27 155648]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"NVIEW"="nview.dll" [2003-08-19 03:56 852038 C:\WINDOWS\system32\nview.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-20 01:09 50176]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-09-22 17:29 118784]
"CamMonitor"="c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 08:23 90112]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 03:56 483328]
"UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 09:01 110592]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 22:42 212992]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-08-19 03:56 4841472]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-08-14 21:11 139264]
"CTDVDDet"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 02:00 45056]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 15:32 225280]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2005-12-07 10:26 489472]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2005-12-07 10:33 73728]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 17:22 262144]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-17 13:58 155648]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 18:49 50688]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-03-12 10:22 517768]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"DWQueuedReporting"="c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]
"nwiz"="nwiz.exe" [2003-08-19 03:56 323584 C:\WINDOWS\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [2003-05-28 20:59 28672 C:\WINDOWS\system32\cthelper.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"CMSRegOW.exe"="C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" [2003-06-16 02:00 57344]
"SetDefaultMidi"="MIDIDEF.EXE" [2002-12-03 17:16 49152 C:\WINDOWS\mididef.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGywWOh]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 hcw88ts;Hauppauge WinTV 88x TS Capture;C:\WINDOWS\system32\drivers\hcw88ts.sys [2004-10-13 18:30]
R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;C:\WINDOWS\system32\drivers\hcw88bda.sys [2004-09-28 01:10]
R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;C:\WINDOWS\system32\Drivers\hcw88rc5.sys [2004-06-24 16:02]
R3 hcw88vid;Hauppauge WinTV 88x Video;C:\WINDOWS\system32\drivers\hcw88vid.sys [2004-09-28 01:09]
R3 hcwPVRP2;Hauppauge WinTV-PVR PCI II (Encoder-16);C:\WINDOWS\system32\DRIVERS\hcwPVRP2.sys [2003-12-10 19:01]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 15:37]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
S2 OPTENET_FILTER;Orange Contrôle Parental;C:\Program Files\Controle Parental\bin\optproxy.exe []
S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2007-06-20 18:53]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 07:58]
S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 10:42]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 10:42]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 10:42]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

.
- - - - ORPHANS REMOVED - - - -

BHO-{0B70643F-4FC3-450C-9D2A-8BACCBEADA0B} - (no file)
BHO-{5341C9FE-EE13-4CDB-BAD4-94F7C784BD5C} - (no file)
BHO-{549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
BHO-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
BHO-{6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file)
BHO-{8A077217-AC6B-4ABE-88A5-D3CAB42A8CC4} - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-15 07:02:42
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\eHome\ehsched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-15 7:14:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-15 05:13:05
ComboFix2.txt 2008-07-14 09:21:52

Pre-Run: 93,540,790,272 octets libres
Post-Run: 93,534,826,496 octets libres

198 --- E O F --- 2008-07-13 17:26:57

Au boulot toute la journée de retour ce soir vers 19h00...
@+
0
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
15 juil. 2008 à 12:05
Bonjour

comment ce comporte ton PC as tu encore des soucis

refais un scan avec DSS stp
@+
0
Bonsoir,

pour repondre a ta question, plus d'ouverture de page de pub, peut etre un peu plus rapide.

Je te joins le rapport DSS.


Deckard's System Scanner v20071014.68
Run by Administrateur on 2008-07-15 21:38:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

[color=red]Percentage of Memory in Use: 77% (more than 75%).[/color]


-- HijackThis (run as Administrateur.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:38:42, on 15/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Administrateur\Bureau\dss.exe
C:\DOCUME~1\ADMINI~1\MESDOC~1\PROGRA~1\ADMINI~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DWQueuedReporting] "c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPEWWBP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\AMV Converter 4.17\AMVConverter\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {26522409-8BBF-4C5B-A4D3-CF4B1D6F255B} (UMediaPlayer Class) - http://lfgtr.ffsca.org/UMediaPlayer5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {B9907873-6560-4A36-B76B-9DADE84A7F55} (FnacmusicDnl.DnlManager) - http://www.fnacmusic.com/telechargementFnacmusic/FnacmusicDnl.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: hgGywWOh - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Unknown owner - C:\Program Files\Controle Parental\bin\optproxy.exe (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
0
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
15 juil. 2008 à 21:46
ok il en reste encore

Télécharge ToolBar-S&D ( Merci à Eric_71, Angeldark, Sham_Rock et XmichouX )
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

* Double-clique sur ToolBar-SD afin de lancer l'installation, un raccourci sera ajouté sur le Bureau.
* Double-clique dessus pour démarrer l'outil; choisis la langue.
* Sous Vista, faire un clic droit et "Exécuter en tant qu'administrateur" (Elévation des privilèges), puis -> Continuer.
* Tape 1 puis sur la touche [Entrée] afin de lancer la recherche.
* Patiente jusqu'à la fin de la recherche.
* À la fin du scan, le rapport s'ouvrira dans le Bloc-notes.
* Poste ce rapport, par copier/coller, dans ta prochaine réponse.
* Le rapport se trouve également sous : C:\TB.txt

** Aide en images
https://sites.google.com/site/toolbarsd/aideenimages

ensuite

Télécharge sur le Bureau http://siri.urz.free.fr/Fix/SmitfraudFix.exe
=> Double clic sur SmitfraudFix.zip
=> Extraire tout
=> Double clic sur SmitfraudFix
=> Double Clic sur SmitfraudFix.cmd
=> Choisir Option 1
=> poste le rapport
@+
0
et celui ci...

SmitFraudFix v2.329

Rapport fait à 21:57:25,95, 15/07/2008
Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: ADI USB Remote NDIS Network Device #2 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 0.0.0.0

Description: ADI USB Remote NDIS Network Device #2 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2615149D-E1C0-4A9C-B578-F77DC1199F25}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D1648A61-1366-48A0-B607-A10C7A929FD3}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F0404EB8-B7A6-4A9A-83F5-D407F467FE77}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2615149D-E1C0-4A9C-B578-F77DC1199F25}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D1648A61-1366-48A0-B607-A10C7A929FD3}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F0404EB8-B7A6-4A9A-83F5-D407F467FE77}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\..\{2615149D-E1C0-4A9C-B578-F77DC1199F25}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D1648A61-1366-48A0-B607-A10C7A929FD3}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F0404EB8-B7A6-4A9A-83F5-D407F467FE77}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
voici...

-----------\\ ToolBar S&D 1.0.4 XP/Vista

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Administrateur ] [ "C:\Toolbar SD" ] [ Selection : 1 ]
[ 15/07/2008 | 21:52:42,26 ] [ PC : HPMAISON ]
[ MAJ : 11-07-2008 | 18:40 ]

-----------\\ Recherche de Fichiers / Dossiers ...

C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-02-20-46-49
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-02-20-46-49.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-07-17-24-27
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-07-17-24-27.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-25-14-55-02
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-25-14-55-02.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-25-14-55-25
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-25-14-55-25.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-25-14-55-59
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-25-14-55-59.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-25-14-58-47
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-25-14-58-47.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-25-14-59-18
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-25-14-59-18.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-25-15-00-27
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-25-15-00-27.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-25-15-02-40
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-03-25-15-02-40.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-21-19-07-36
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-21-19-07-36.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-26-10-09-15
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-04-26-10-09-15.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-05-18-15-20-50
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-05-18-15-20-50.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-06-06-18-47-43
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-06-06-18-47-43.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-06-09-18-03-57
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-06-09-18-03-57.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-07-12-19-38-34
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\08-07-12-19-38-34.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\about.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\action.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\AliceGreenfingers16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\arcade.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\Azada16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\buy.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\Cake_mania_216x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\cards.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\deals.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\download.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\dream_day_first_home16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\eye_for_design16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\family_restaurant16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\feedback.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\heart_of_egypt16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\hells_kitchen16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\help.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\highlight.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\jigsaw.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mahjong.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\multiplayer.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mygames.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\newGames.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\oberonconfig.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\obSearchHistory.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\partner.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\penguins_journey16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\peril_at_end_house16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\pet_shop_hop16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\popup_off.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\popup_on.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\puzzle.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\ranch_rush16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\search.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\search_goog.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sendafriend.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sports.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\trial.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\uninstall.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\update.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\virtualvillagers16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\vogue_tales16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\webgame.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\west16x16.gif
C:\Program Files\GamesBar
C:\Program Files\GamesBar\Localization-English.ini
C:\Program Files\GamesBar\Localization-French.ini
C:\Program Files\GamesBar\OBGet.exe
C:\Program Files\GamesBar\uninst.exe

-----------\\ [HKCU\..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]


-----------\\ Fin du rapport a 21:53:06,06
0
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
15 juil. 2008 à 22:06
ok très relance maintenant en option 2

@+
0
voici le rapport, pas de nettoyage du registre , je savais pas quoi faire...
@+

SmitFraudFix v2.329

Rapport fait à 22:32:31,32, 15/07/2008
Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: ADI USB Remote NDIS Network Device #2 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 0.0.0.0

Description: ADI USB Remote NDIS Network Device #2 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2615149D-E1C0-4A9C-B578-F77DC1199F25}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D1648A61-1366-48A0-B607-A10C7A929FD3}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F0404EB8-B7A6-4A9A-83F5-D407F467FE77}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2615149D-E1C0-4A9C-B578-F77DC1199F25}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D1648A61-1366-48A0-B607-A10C7A929FD3}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F0404EB8-B7A6-4A9A-83F5-D407F467FE77}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\..\{2615149D-E1C0-4A9C-B578-F77DC1199F25}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D1648A61-1366-48A0-B607-A10C7A929FD3}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F0404EB8-B7A6-4A9A-83F5-D407F467FE77}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage du registre non souhaité.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
avec quel prog ?
0
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
15 juil. 2008 à 22:49
Il faut que tu passe ToolBar S&Den option 2

ensuite refais un rapport HijackThis stp
0
et rapport DSS...

Deckard's System Scanner v20071014.68
Run by Administrateur on 2008-07-15 23:02:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Administrateur.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:02:39, on 15/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrateur\Bureau\dss.exe
C:\DOCUME~1\ADMINI~1\MESDOC~1\PROGRA~1\ADMINI~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DWQueuedReporting] "c:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPEWWBP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\AMV Converter 4.17\AMVConverter\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {26522409-8BBF-4C5B-A4D3-CF4B1D6F255B} (UMediaPlayer Class) - http://lfgtr.ffsca.org/UMediaPlayer5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {B9907873-6560-4A36-B76B-9DADE84A7F55} (FnacmusicDnl.DnlManager) - http://www.fnacmusic.com/telechargementFnacmusic/FnacmusicDnl.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: hgGywWOh - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Unknown owner - C:\Program Files\Controle Parental\bin\optproxy.exe (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
0