Virus alert

Jack -  
Jack2023 Messages postés 129 Statut Membre -
Salut j'ai virus alert dans ma barre de tache et j'ai des message me dissant que il a des
spywares ou des erreurs dans mon systeme mais cela vien des virus pas de mon antivirus

aidé moi s.v.p
Configuration: Windows XP
Firefox 3.0

15 réponses

  1. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Salut,

    - Télécharge HijackThis V 2.02 (HijackThis Installer) :
    http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

    - Fais un double-clic sur HJTInstall.exe afin de lancer l'installation

    - Clique sur Install ensuite sur I Accept

    - Clique sur Do a scan system and save log file

    - Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.
    0
  2. Jack
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:31: VIRUS ALERT!, on 2008-07-16
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\Program Files\Analog Devices\SoundMAX\smax4.exe
    C:\Program Files\USS\USS.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\wasffNT.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avast.com/i_idt_1748.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: qndsfmao - {A3BEDCF8-21BC-47FC-B55D-FA7ABDE658B5} - C:\WINDOWS\qndsfmao.dll (file missing)
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
    O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
    O4 - HKLM\..\Run: [USS] "C:\Program Files\USS\USS.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O21 - SSODL: kvxqmtre - {E24F5DCA-60C4-41C8-ABCA-789ACC7FD7E6} - C:\WINDOWS\kvxqmtre.dll (file missing)
    O21 - SSODL: evgratsm - {A69C3BC9-7614-4395-B733-C3305532EADE} - C:\WINDOWS\evgratsm.dll (file missing)
    O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Outfront 2.5 Drivers Auto Removal (pr2am38b) (pr2am38b) - 1C Multimedia - C:\WINDOWS\system32\pr2am38b.exe
    O23 - Service: Outfront 2.5 Drivers Auto Removal (pr2am38c) (pr2am38c) - 1C Multimedia - C:\WINDOWS\system32\pr2am38c.exe
    O23 - Service: T-34 (DVD) Drivers Auto Removal (pr2anvub) (pr2anvub) - IDDK - C:\WINDOWS\system32\pr2anvub.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    0
  3. Jack
     
    et je tien a précisé que mes mises à jour windows ne marche plus
    0
  4. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    - Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31) :
    http://siri.urz.free.fr/Fix/SmitfraudFix.exe ou http://www.geekstogo.com/forum/files/file/6-smitfraudfix/

    - Enregistre-le sur le bureau

    - Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée

    - Un rapport sera généré, poste-le dans ta prochaine réponse.

    [*] process.exe est détecté par certains antivirus comme étant un risktool. Il ne s'agit pas d'un virus mais d'un utilitaire destiné à mettre fin à des processus.[*]

    ** Ne fais l'étape 2 que si on te le demande, on doit d'abord examiner le premier rapport de SmitfraudFix
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Jack
     
    merci de m'aider et ce ou ces virus on suprimer une parti des mes icone de bureau et mon menu démarer est marquer virus alert et dans le menu il ny presque plus rien depuis j'ai attraper les virus il se peux j'aille plusieurs virus spybot en a détecter plusieurs

    voila le rapport

    SmitFraudFix v2.329

    Rapport fait à 20:34:42,95, 2008-07-16
    Executé à partir de C:\Documents and Settings\Hugues\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\Program Files\Analog Devices\SoundMAX\smax4.exe
    C:\Program Files\USS\USS.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\wasffNT.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    Fichier hosts corrompu !

    127.0.0.1 www.legal-at-spybot.info
    127.0.0.1 legal-at-spybot.info

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Hugues

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Hugues\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Hugues\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Rustock

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.0.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{FF69558C-241D-468A-8347-2717CA9D9C25}: DhcpNameServer=192.168.0.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{FF69558C-241D-468A-8347-2717CA9D9C25}: DhcpNameServer=192.168.0.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{FF69558C-241D-468A-8347-2717CA9D9C25}: DhcpNameServer=192.168.0.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{FF69558C-241D-468A-8347-2717CA9D9C25}: DhcpNameServer=192.168.0.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  7. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    - Redémarre ton ordinateur en mode sans échec :
    https://blog.sosordi.net/

    - Double-clique sur SmitfraudFix.exe, choisis l'option 2 et Entrée

    - Réponds O(oui) à ces deux questions si elles te sont posées

    Voulez-vous nettoyer le registre ?
    Corriger le fichier infecté ?

    - Un rapport sera généré, sauvegarde-le sur le bureau

    - Redémarre en mode normal

    - Upload le rapport SmitfraudFix et un nouveau rapport HijackThis
    0
  8. Jack
     
    quand j'ai eu fini de redémarer j'ai encore eu des spyware détected des icone a droite en bas de l'écran qui apparaisse environ 8 mais je crois ces des virus qui envoie sa aidé moi pour sa

    http://www.megaupload.com/fr/?d=48SQFH8N
    le rapport smitfraudfix

    et le rapport hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:57:21, on 2008-07-16
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Analog Devices\SoundMAX\smax4.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\USS\USS.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\wasffNT.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avast.com/i_idt_1748.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: qndsfmao - {A3BEDCF8-21BC-47FC-B55D-FA7ABDE658B5} - C:\WINDOWS\qndsfmao.dll (file missing)
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
    O4 - HKLM\..\Run: [USS] "C:\Program Files\USS\USS.exe"
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O21 - SSODL: kvxqmtre - {E24F5DCA-60C4-41C8-ABCA-789ACC7FD7E6} - C:\WINDOWS\kvxqmtre.dll (file missing)
    O21 - SSODL: evgratsm - {A69C3BC9-7614-4395-B733-C3305532EADE} - C:\WINDOWS\evgratsm.dll (file missing)
    O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Outfront 2.5 Drivers Auto Removal (pr2am38b) (pr2am38b) - 1C Multimedia - C:\WINDOWS\system32\pr2am38b.exe
    O23 - Service: Outfront 2.5 Drivers Auto Removal (pr2am38c) (pr2am38c) - 1C Multimedia - C:\WINDOWS\system32\pr2am38c.exe
    O23 - Service: T-34 (DVD) Drivers Auto Removal (pr2anvub) (pr2anvub) - IDDK - C:\WINDOWS\system32\pr2anvub.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    0
  9. Jack
     
    mes mises à jour windows ne marche toujours pas
    0
  10. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    - Télécharge et installe MalwareByte's Anti-Malware :
    http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm

    - Mets-le à jour

    - Redémarre en mode sans échec (Recommandé) :
    https://www.malekal.com/demarrer-windows-mode-sans-echec/

    - Choisis ta session habituelle

    - Fais un scan complet avec MalwareByte's Anti-Malware

    - Supprime tout ce que le logiciel trouve, enregistre le rapport

    - Redémarre en mode normal et poste le rapport ici

    Tutorial :
    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
    0
  11. Jack
     
    je l'ai voila mais pour l'instant je trouve mon ordinateur quand meme lent a comparer a d'habitude

    Malwarebytes' Anti-Malware 1.20
    Version de la base de données: 960
    Windows 5.1.2600 Service Pack 3

    23:04:32 2008-07-16
    mbam-log-7-16-2008 (23-04-32).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 134114
    Temps écoulé: 1 hour(s), 36 minute(s), 4 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 2
    Clé(s) du Registre infectée(s): 24
    Valeur(s) du Registre infectée(s): 4
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 3
    Fichier(s) infecté(s): 36

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\tuvUkLDw.dll (Trojan.Vundo) -> Unloaded module successfully.
    C:\WINDOWS\system32\opnlLcyW.dll (Trojan.Vundo) -> Unloaded module successfully.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99652f21-702c-4a38-88b5-19f067b51eed} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{99652f21-702c-4a38-88b5-19f067b51eed} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{d8d7a115-9a18-4574-b537-cf13ab6645db} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d8d7a115-9a18-4574-b537-cf13ab6645db} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnllcyw (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\wasfsd.creationnotifier (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\wasfsd.creationnotifier.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{abcd4567-76b5-4bc7-aac5-396d70925b22} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{abcd4567-4d73-43e9-85e5-53a2dbd95422} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{abcd4567-d8e8-4df1-a3ea-d0aa72f42622} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{abcd4567-7437-43ef-ab74-4ab1d3a37422} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e3a3ca02-28d9-4e36-adb0-8444df131b6e} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3a3ca02-28d9-4e36-adb0-8444df131b6e} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{47dc420a-cd6f-47c5-8dc7-ad6dc7c9c048} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\qndsfmao.bqad (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\qndsfmao.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uss_{826f15bf-1a4c-4290-bfd1-794af7a2cb8f}_is1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uss_{d1957ff4-ea22-4b4a-81a1-c62068479ded}_is1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uss_{ec572088-91c7-4293-93f9-93d40b0e0b36}_is1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wasfsd (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{d8d7a115-9a18-4574-b537-cf13ab6645db} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{c5e84927-cff0-4ca3-a068-02e7c01c1e7c} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\evgratsm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\kvxqmtre (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\tuvukldw -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\tuvukldw -> Delete on reboot.

    Dossier(s) infecté(s):
    C:\Program Files\USS\{826F15BF-1A4C-4290-BFD1-794AF7A2CB8F} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Program Files\USS\{EC572088-91C7-4293-93F9-93D40B0E0B36} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\tuvUkLDw.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\wDLkUvut.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wDLkUvut.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\elusqpwp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pwpqsule.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\opnlLcyW.dll (Trojan.Vundo) -> Delete on reboot.
    C:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\wasffNT.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Program Files\USS\{826F15BF-1A4C-4290-BFD1-794AF7A2CB8F}\kernel.dll (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
    C:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\AsAgents.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{7C7A96F1-A235-4D3D-A880-13D9E00E4E15}\RP32\A0011836.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\ewkb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hgGxXNEt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\isekgcpx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jkkHYoPh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\opnnmllL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\qczhkq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\seyehjid.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\txigmh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\wasfsd.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Program Files\USS\{826F15BF-1A4C-4290-BFD1-794AF7A2CB8F}\GESPlugin.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Program Files\USS\{826F15BF-1A4C-4290-BFD1-794AF7A2CB8F}\GESPlugin.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Program Files\USS\{826F15BF-1A4C-4290-BFD1-794AF7A2CB8F}\unins000.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Program Files\USS\{826F15BF-1A4C-4290-BFD1-794AF7A2CB8F}\unins000.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\AMPlugin.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\AMPlugin.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\AsAgents.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\msvcp71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\msvcr71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\unins000.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\unins000.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Program Files\USS\{EC572088-91C7-4293-93F9-93D40B0E0B36}\GSCRPlugin.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Program Files\USS\{EC572088-91C7-4293-93F9-93D40B0E0B36}\unins000.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Program Files\USS\{EC572088-91C7-4293-93F9-93D40B0E0B36}\unins000.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\agpqlrfm.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\kgxmotapdkx.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    0
    1. Jack
       
      avec spybot je vien de redétecter virtumonde
      0
  12. Jack
     
    je vien de redétecter virtumonde avec spybot
    0
  13. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    ---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    /!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

    ---> Double-clique sur Combofix.exe
    Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
    Accepte en cliquant sur "Oui"

    ---> Mets-le en langue française F
    Tape sur la touche 1 (Yes) pour démarrer le scan.

    /!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

    En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

    Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

    /!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

    Note : Le rapport se trouve également là : C:\ComboFix.txt
    0
    1. Jack2023 Messages postés 129 Statut Membre 2
       
      tout a l'air a marché bien il marche èa la vitesse normal

      ComboFix 08-07-15.4 - Hugues 2008-07-17 1:00:24.2 - NTFSx86
      Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1533 [GMT -4:00]
      Endroit: C:\Documents and Settings\Hugues\Bureau\ComboFix.exe
      * Création d'un nouveau point de restauration

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\system32\hakrrfow.ini
      C:\WINDOWS\system32\mcrh.tmp
      C:\WINDOWS\system32\opnlLcyW.dll
      C:\WINDOWS\system32\tuvUkLDw.dll
      C:\WINDOWS\system32\wDLkUvut.ini
      C:\WINDOWS\system32\wDLkUvut.ini2

      .
      ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-17 to 2008-07-17 ))))))))))))))))))))))))))))))))))))
      .

      2008-07-16 21:21 . 2008-07-16 21:21 <REP> d-------- C:\Documents and Settings\Hugues\Application Data\Malwarebytes
      2008-07-16 21:21 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
      2008-07-16 21:20 . 2008-07-16 21:21 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
      2008-07-16 21:20 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
      2008-07-16 20:35 . 2008-07-16 20:50 1,154 --a------ C:\WINDOWS\system32\tmp.reg
      2008-07-16 20:34 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
      2008-07-16 20:31 . 2008-07-16 20:31 <REP> d-------- C:\Program Files\Trend Micro
      2008-07-16 19:56 . 2008-07-16 19:57 184 --a------ C:\WINDOWS\wininit.ini
      2008-07-16 19:08 . 2008-07-16 19:08 0 --a------ C:\END
      2008-07-16 15:17 . 2008-07-16 16:10 <REP> d-------- C:\Documents and Settings\Hugues\Application Data\Hamachi
      2008-07-16 15:17 . 2008-07-16 15:17 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
      2008-07-11 01:05 . 2008-07-11 01:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
      2008-07-11 00:12 . 2008-07-11 16:04 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
      2008-07-10 20:26 . 2008-07-10 20:26 <REP> d-------- C:\Program Files\Eidos Interactive
      2008-07-10 15:57 . 2008-07-10 16:05 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
      2008-07-10 15:57 . 2008-07-10 16:05 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
      2008-07-10 02:07 . 2008-07-10 10:15 <REP> d-------- C:\Program Files\MessengerDiscovery
      2008-07-10 02:07 . 2004-03-09 00:00 609,824 --a------ C:\WINDOWS\system32\COMCTL32.ocx
      2008-07-10 02:07 . 2004-03-09 00:00 212,240 --a------ C:\WINDOWS\system32\richtx32.OCX
      2008-07-10 02:07 . 2004-03-08 22:00 152,848 --a------ C:\WINDOWS\system32\comdlg32.OCX
      2008-07-10 02:07 . 2004-03-09 00:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.ocx
      2008-07-07 21:08 . 1998-10-02 19:00 327,168 --a------ C:\WINDOWS\IsUninst.exe
      2008-07-07 01:39 . 1998-10-07 12:08 327,168 --a------ C:\WINDOWS\IsUn040c.exe
      2008-07-06 17:35 . 2008-07-11 00:45 <REP> d-------- C:\Program Files\Eidos
      2008-07-06 00:55 . 2008-07-10 15:57 <REP> d-------- C:\Program Files\Windows Media Connect 2
      2008-07-04 06:20 . 2008-07-04 06:20 268 --ah----- C:\sqmdata19.sqm
      2008-07-04 06:20 . 2008-07-04 06:20 244 --ah----- C:\sqmnoopt19.sqm
      2008-07-03 20:05 . 2008-07-03 20:05 268 --ah----- C:\sqmdata18.sqm
      2008-07-03 20:05 . 2008-07-03 20:05 244 --ah----- C:\sqmnoopt18.sqm
      2008-07-03 11:49 . 2008-07-03 12:07 <REP> d-------- C:\Documents and Settings\Hugues\Application Data\Winamp
      2008-07-02 19:09 . 2008-07-05 17:37 <REP> d-------- C:\Program Files\Winamp
      2008-07-02 15:17 . 2008-07-02 15:17 355,584 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
      2008-07-02 15:17 . 2008-05-29 09:28 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
      2008-07-02 10:28 . 2008-07-02 10:28 <REP> d-------- C:\WINDOWS\ERUNT
      2008-07-02 10:26 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
      2008-07-02 10:26 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
      2008-07-02 10:26 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
      2008-07-02 10:26 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
      2008-07-02 10:26 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
      2008-07-02 10:26 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
      2008-07-02 10:26 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
      2008-07-02 10:26 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
      2008-07-02 08:44 . 2008-07-02 08:44 <REP> d-------- C:\Program Files\CONEXANT
      2008-07-02 08:44 . 2001-08-17 21:57 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
      2008-07-02 08:44 . 2001-08-17 21:57 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys
      2008-07-02 08:39 . 2008-07-02 08:40 <REP> d-------- C:\WINDOWS\system32\URTTemp
      2008-06-30 16:34 . 2008-06-30 16:34 <REP> d-------- C:\Program Files\Kaspersky Lab
      2008-06-30 16:34 . 2008-07-17 00:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
      2008-06-30 16:34 . 2008-07-17 01:07 13,787,680 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
      2008-06-30 16:34 . 2008-07-17 01:07 465,440 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
      2008-06-30 16:34 . 2008-07-17 01:07 165,860 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
      2008-06-30 16:34 . 2008-06-30 16:41 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
      2008-06-30 16:34 . 2008-06-30 16:41 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
      2008-06-30 16:34 . 2008-07-17 01:07 28,580 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
      2008-06-30 16:30 . 2008-07-02 14:41 886 ---hs---- C:\WINDOWS\system32\hjrmlgll.ini
      2008-06-30 16:23 . 2008-06-30 16:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
      2008-06-25 02:08 . 2008-06-25 02:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-06-25 00:54 . 2008-06-25 01:26 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
      2008-06-24 23:36 . 2008-06-24 23:36 <REP> d-------- C:\Program Files\Lavasoft
      2008-06-24 23:36 . 2008-06-25 00:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
      2008-06-24 16:24 . 2008-06-24 16:24 0 --a------ C:\WINDOWS\nsreg.dat
      2008-06-24 01:29 . 2008-06-24 01:29 65 --a------ C:\WINDOWS\FISHUI.INI
      2008-06-23 23:18 . 2008-02-01 08:40 110,592 --a------ C:\WINDOWS\system32\TG_DUMP0708.DLL
      2008-06-23 23:13 . 2008-06-23 23:13 <REP> d-------- C:\Program Files\Lame MP3 Codec
      2008-06-23 23:13 . 2008-06-23 23:13 <REP> d-------- C:\Documents and Settings\Hugues\Application Data\DataCast
      2008-06-23 23:12 . 2008-06-23 23:12 <REP> d-------- C:\Program Files\Samsung
      2008-06-23 23:12 . 2008-06-23 23:12 <REP> d-------- C:\Program Files\MarkAny
      2008-06-23 23:12 . 2002-10-05 08:04 921,600 --a------ C:\WINDOWS\system32\vorbisenc.dll
      2008-06-20 13:47 . 2008-06-20 13:47 247,808 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
      2008-06-20 13:47 . 2008-06-20 13:47 147,968 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
      2008-06-20 07:51 . 2008-06-20 07:51 361,600 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys
      2008-06-20 07:40 . 2008-06-20 07:40 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
      2008-06-20 07:08 . 2008-06-20 07:08 225,856 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys
      2008-06-19 19:56 . 2008-07-08 01:06 <REP> d-------- C:\Program Files\CamStudio
      2008-06-17 22:13 . 2008-06-17 22:13 <REP> d--hs---- C:\WINDOWS\ftpcache

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-07-17 04:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-07-17 03:22 --------- d-----w C:\Program Files\Steam
      2008-07-16 17:20 --------- d-----w C:\Documents and Settings\Hugues\Application Data\BitTorrent
      2008-07-16 14:52 --------- d-----w C:\Documents and Settings\Maxime\Application Data\LimeWire
      2008-07-16 05:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-07-16 04:32 --------- d-----w C:\Program Files\eMule
      2008-07-16 03:45 --------- d-----w C:\Documents and Settings\Maxime\Application Data\uTorrent
      2008-07-16 03:45 --------- d-----w C:\Documents and Settings\Maxime\Application Data\BitTorrent
      2008-07-14 01:26 --------- d-----w C:\Documents and Settings\Hugues\Application Data\teamspeak2
      2008-07-11 02:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
      2008-07-10 19:00 137,840 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
      2008-07-10 19:00 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
      2008-07-10 18:50 --------- d-----w C:\Documents and Settings\battlefield\Application Data\teamspeak2
      2008-07-10 00:07 --------- d-----w C:\Documents and Settings\Hugues\Application Data\LimeWire
      2008-07-09 10:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
      2008-07-08 00:22 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
      2008-07-02 19:17 --------- d-----w C:\Program Files\TuneUp Utilities 2008
      2008-07-02 12:37 --------- d-----w C:\Program Files\Spybot - Search & Destroy
      2008-06-30 20:41 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
      2008-06-25 04:58 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
      2008-06-25 03:25 --------- d-----w C:\Documents and Settings\Hugues\Application Data\Lavasoft
      2008-06-24 03:13 65,024 ----a-w C:\WINDOWS\IFinst26.exe
      2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
      2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
      2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
      2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
      2008-06-14 20:38 --------- d-----w C:\Documents and Settings\battlefield\Application Data\DAEMON Tools
      2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
      2008-06-05 21:05 --------- d-----w C:\Program Files\Xilisoft
      2008-06-05 02:27 --------- d-----w C:\Program Files\DVD Shrink
      2008-05-19 16:55 --------- d-----w C:\Program Files\PAS-Products
      2008-05-17 14:43 --------- d-----w C:\Documents and Settings\Hugues\Application Data\CyberLink
      2008-05-17 14:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
      2008-05-17 14:42 --------- d-----w C:\Program Files\Fichiers communs\CyberLink
      2008-05-17 14:42 --------- d-----w C:\Program Files\CyberLink
      2008-05-17 14:41 29,480 ----a-w C:\WINDOWS\system32\msxml3a.dll
      2008-05-09 10:55 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
      2008-05-09 10:55 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
      2008-05-09 10:55 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
      2008-05-09 10:55 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
      2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
      2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
      2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
      2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
      2008-04-20 03:41 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 22:33 15360]
      "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 11:52 1368064]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
      "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
      "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]
      "nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
      "{88485281-8b4b-4f8d-9ede-82e29a064277}"= "C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 16:51 192512]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "msacm.ac3filter"= ac3filter.acm

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\DNA\\btdna.exe"=
      "C:\\Program Files\\BitTorrent\\bittorrent.exe"=
      "C:\\Program Files\\Ubisoft\\Faces of War\\facesofwar.exe"=
      "C:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
      "C:\\Program Files\\uTorrent\\uTorrent.exe"=
      "C:\\Program Files\\Steam\\steamapps\\jack20730\\counter-strike source\\hl2.exe"=
      "C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
      "C:\\Program Files\\IDDK\\T34vsTiger\\T34.exe"=
      "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
      "C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
      "C:\\Program Files\\Steam\\steamapps\\jack20730\\day of defeat source\\hl2.exe"=
      "C:\\Documents and Settings\\Hugues\\Bureau\\Silent Hunter 4\\sh4.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
      "C:\\WINDOWS\\system32\\muzapp.exe"=
      "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\French\\setup.exe"=
      "C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
      "C:\\Program Files\\LimeWire\\LimeWire.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "58510:TCP"= 58510:TCP:Pando P2P TCP Listening Port
      "58510:UDP"= 58510:UDP:Pando P2P UDP Listening Port

      R0 pe3am38b;Outfront 2.5 Environment Driver (pe3am38b);C:\WINDOWS\system32\drivers\pe3am38b.sys [2007-11-26 03:31]
      R0 pe3am38c;Outfront 2.5 Environment Driver (pe3am38c);C:\WINDOWS\system32\drivers\pe3am38c.sys [2007-11-23 14:47]
      R0 pe3anvub;T-34 (DVD) Environment Driver (pe3anvub);C:\WINDOWS\system32\drivers\pe3anvub.sys [2007-10-25 05:02]
      R0 ps7am38b;Outfront 2.5 Synchronization Driver (ps7am38b);C:\WINDOWS\system32\drivers\ps7am38b.sys [2007-11-26 03:30]
      R0 ps7am38c;Outfront 2.5 Synchronization Driver (ps7am38c);C:\WINDOWS\system32\drivers\ps7am38c.sys [2007-11-23 14:46]
      R0 ps7anvub;T-34 (DVD) Synchronization Driver (ps7anvub);C:\WINDOWS\system32\drivers\ps7anvub.sys [2007-10-25 05:00]
      R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files\CyberLink\PowerDVD8\[u]0[/u]00.fcl [2008-02-01 17:24]
      R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2008-04-13 22:34]
      R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
      S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys []
      S2 pr2am38b;Outfront 2.5 Drivers Auto Removal (pr2am38b);C:\WINDOWS\system32\pr2am38b.exe svc []
      S2 pr2am38c;Outfront 2.5 Drivers Auto Removal (pr2am38c);C:\WINDOWS\system32\pr2am38c.exe svc []
      S2 pr2anvub;T-34 (DVD) Drivers Auto Removal (pr2anvub);C:\WINDOWS\system32\pr2anvub.exe svc []
      S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-02 15:17]

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
      UxTuneUp
      .
      Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
      "2008-07-17 05:09:09 C:\WINDOWS\Tasks\1-Click Maintenance.job"
      - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
      .
      - - - - ORPHANS REMOVED - - - -

      Toolbar-{A3BEDCF8-21BC-47FC-B55D-FA7ABDE658B5} - (no file)


      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-07-17 01:09:32
      Windows 5.1.2600 Service Pack 3 NTFS

      Balayage processus cach‚s ...

      Balayage cach‚ autostart entries ...

      Balayage des fichiers cach‚s ...


      **************************************************************************

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
      "ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD8\[u]0[/u]00.fcl"
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\WINDOWS\system32\wdfmgr.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
      C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
      .
      **************************************************************************
      .
      Temps d'accomplissement: 2008-07-17 1:15:03 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-07-17 05:13:58

      Pre-Run: 110,344,843,264 octets libres
      Post-Run: 110,449,856,512 octets libres

      238 --- E O F --- 2008-07-11 15:24:12
      0
  14. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Poste un nouveau rapport HijackThis.
    0
  15. Jack2023 Messages postés 129 Statut Membre 2
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:34:07, on 2008-07-17
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avast.com/i_idt_1748.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Outfront 2.5 Drivers Auto Removal (pr2am38b) (pr2am38b) - 1C Multimedia - C:\WINDOWS\system32\pr2am38b.exe
    O23 - Service: Outfront 2.5 Drivers Auto Removal (pr2am38c) (pr2am38c) - 1C Multimedia - C:\WINDOWS\system32\pr2am38c.exe
    O23 - Service: T-34 (DVD) Drivers Auto Removal (pr2anvub) (pr2anvub) - IDDK - C:\WINDOWS\system32\pr2anvub.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    0