Sujet Précédent Sujet Suivant

Comment desinstaller Antivirus XP 2008 ?

Résolu/Fermé
Camille30 Messages postés 7 Date d'inscription lundi 4 août 2008 Statut Membre Dernière intervention 8 septembre 2008 - 4 août 2008 à 21:18
Camille30 Messages postés 7 Date d'inscription lundi 4 août 2008 Statut Membre Dernière intervention 8 septembre 2008 - 7 août 2008 à 21:56
Bonjour, j'ai un leger problème. Depuis quelques jours, je pense que mon ordinateur est infecté. Tout d'abord, il y avait un message d'avast comme quoi j'était infecté qui ne voulais pas s'enlever, je pouvais cliquer sur n'importe quel bouton (mettre en quarantaine, supprimer...) il revenait toujours 2 sec apres. J'ai donc enlevé Avast, je voulais telecharger Antivir mais je ne sais pas ou ? je n'ai donc plus d'antivirus. ensuite, mon fond d'écran s'enlevait à chaque fois que je rallumais mon ordinateur et le fond d'écran qui se mettait à la place était un message d'erreur en jaune en anglais comme quoi mon ordinateur était infecté sur fond bleu. J'ai réussi à regler ce problème en telechargeant superantispyware et en le faisant tourner en mode sans echec. Mais deux problème persistent : je n'arrive pas à desinstaller antivirus XP 2008, et j'ai vu dans un forum que c'était un virus déguisé ? Car il y a un message d'érreur style "antivirus has found 2700 viruses on your computer..." . Le deuxieme problème persistant est que lorsque l'ordinateur reste en veille longtemps, il s'affiche un ecran bleu d'erreur, puis ensuite le logo windows comme lorsque l'ordinateur s'allume, seulement lorqu'on appuie sur l'importe quelle touche l'ordinateur se remet exactement tel qu'il était avant le message d'erreur, avec les application ouverte etc.
Enfin bref je pense que mon ordinateur est bien malade ! Mais heureusement il n'y a pas eu de perte de donnée et j'aimerai savoir si un virus apparement sans grand danger ne peut, au bout de quelque jours, infecter de plus en plus le pc ? Merci pour les réponses et les aide pour soigner mon pauvre pc!!
A voir également:

9 réponses

Réponse 1 / 9
IronVI Messages postés 72 Date d'inscription lundi 28 juillet 2008 Statut Membre Dernière intervention 7 août 2008 7
4 août 2008 à 21:20
salut !

Télécharger sur le bureau
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
=Double clic sur SmitfraudFix.zip
= Extraire tout
=Double clic sur SmitfraudFix
= Double Clic sur SmitfraudFix.cmd
=Choisir Option 1
= Sauver le rapport
---------
Redémarrer en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
Attention, pas d’accès à internet dans ce mode. Enregistrer ou imprimer les consignes.
Relancer le Pc et tapoter la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionner Mode sans échec ==> entrée ==>nom utilisateur habituel
---
Relancer Smitfraudfix
=Choisir Option 2
= Sauver le rapport
= Copier/coller les rapports dans la réponse
---------------------


++++++++++

Télécharger sur le bureau

http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

=Double-clic dessus
= Clic Do a system scan and save the log
= copier le rapport, le coller dans la réponse
0
Réponse 2 / 9
Camille30 Messages postés 7 Date d'inscription lundi 4 août 2008 Statut Membre Dernière intervention 8 septembre 2008
4 août 2008 à 21:25
Merci de ta réponse aussi rapide !
Je le fais et je te tiens au courant.
Merci encore!
0
Réponse 3 / 9
Camille30 Messages postés 7 Date d'inscription lundi 4 août 2008 Statut Membre Dernière intervention 8 septembre 2008
4 août 2008 à 22:12
Voilà qui est fait !!
Alors le premier rapport :
SmitFraudFix v2.333

Rapport fait à 21:29:54,64, 04/08/2008
Executé à partir de C:\Documents and Settings\camille\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\Program Files\rhct84j0e785\rhct84j0e785.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe
C:\WINDOWS\system32\pphcp84j0e785.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\camille


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\camille\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\camille\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: SiS191 1000/100/10 Ethernet Device - Miniport d'ordonnancement de paquets
DNS Server Search Order: 195.5.219.1

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 86.64.145.143
DNS Server Search Order: 84.103.237.143

HKLM\SYSTEM\CCS\Services\Tcpip\..\{9E7099F1-7AA9-42F9-A4AA-14BFD42B4FB9}: DhcpNameServer=195.5.219.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C3ACD4A0-0863-4A57-8D09-444A4D38BB25}: NameServer=86.64.145.143 84.103.237.143
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9E7099F1-7AA9-42F9-A4AA-14BFD42B4FB9}: DhcpNameServer=195.5.219.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9E7099F1-7AA9-42F9-A4AA-14BFD42B4FB9}: DhcpNameServer=195.5.219.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9E7099F1-7AA9-42F9-A4AA-14BFD42B4FB9}: DhcpNameServer=195.5.219.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C3ACD4A0-0863-4A57-8D09-444A4D38BB25}: NameServer=86.64.145.143 84.103.237.143


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Le deuxieme en mode sans echec :

SmitFraudFix v2.333

Rapport fait à 21:46:30,76, 04/08/2008
Executé à partir de C:\Documents and Settings\camille\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{9E7099F1-7AA9-42F9-A4AA-14BFD42B4FB9}: DhcpNameServer=195.5.219.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9E7099F1-7AA9-42F9-A4AA-14BFD42B4FB9}: DhcpNameServer=195.5.219.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9E7099F1-7AA9-42F9-A4AA-14BFD42B4FB9}: DhcpNameServer=195.5.219.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9E7099F1-7AA9-42F9-A4AA-14BFD42B4FB9}: DhcpNameServer=195.5.219.1


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

et enfin le troisieme avec hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:07:10, on 04/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Documents and Settings\camille\Local Settings\Temporary Internet Files\Content.IE5\H9N6NU1Z\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: (no name) - {23CC34FB-8CB2-0BB4-88B5-C5CD509AC1A4} - C:\DOCUME~1\RIC~1\APPLIC~1\LESSMO~1\DebugThe.exe (file missing)
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [fenaffiche] C:\Program Files\FenAffiche\FenUnika.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [InstaFinderK] C:\Program Files\INSTAFINK\InstaFinderK_inst.exe
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [Jugs Cake Default Once] C:\Documents and Settings\All Users\Application Data\amok test jugs cake\regsbags.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [MBBalloon] C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [wajpmywsi] c:\windows\system32\wajpmywsi.exe wajpmywsi
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\ItsLabel\ItsTV.exe"
O4 - HKLM\..\Run: [advap32] "C:\DOCUME~1\rico\LOCALS~1\Temp\loader.exe" /r
O4 - HKLM\..\Run: [SMrhct84j0e785] C:\Program Files\rhct84j0e785\rhct84j0e785.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\procia.exe /run
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: MediaChecker.lnk = C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office2K\Office\OSA9.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3ACD4A0-0863-4A57-8D09-444A4D38BB25}: NameServer = 86.64.145.144 84.103.237.144
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! Web Scanner avast!Browser (avast!Browser) - Unknown owner - C:\WINDOWS\
O23 - Service: avast! Mail Scanner avast!wscsvc (avast!wscsvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Service de transfert intelligent en arrière-plan BITSlanmanworkstation (BITSlanmanworkstation) - Unknown owner - C:\WINDOWS\
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Bluetooth Service btwdinslanmanserver (btwdinslanmanserver) - Unknown owner - C:\WINDOWS\
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Gestionnaire de l'Album ClipSrvSysmonLog (ClipSrvSysmonLog) - Unknown owner - C:\WINDOWS\
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Service for CDROM Access CreativeRDSessMgr (CreativeRDSessMgr) - Unknown owner - C:\WINDOWS\
O23 - Service: Lanceur de processus serveur DCOM DcomLaunchNtmsSvc (DcomLaunchNtmsSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Service d'administration du Gestionnaire de disque logique dmadminEventlog (dmadminEventlog) - Unknown owner - C:\WINDOWS\
O23 - Service: Gestionnaire de disque logique dmservernavapsvcCryptSvc (dmservernavapsvcCryptSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Journal des événements EventlogSwPrvSamSs (EventlogSwPrvSamSs) - Unknown owner - C:\WINDOWS\
O23 - Service: Système d'événements de COM+ EventSystemClipSrvSysmonLog (EventSystemClipSrvSysmonLog) - Unknown owner - C:\WINDOWS\
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Serveur lanmanserverdmadminEventlog (lanmanserverdmadminEventlog) - Unknown owner - C:\WINDOWS\
O23 - Service: Assistance TCP/IP NetBIOS LmHostswuauserv (LmHostswuauserv) - Unknown owner - C:\WINDOWS\
O23 - Service: Affichage des messages MessengerEventlog (MessengerEventlog) - Unknown owner - C:\WINDOWS\
O23 - Service: Affichage des messages MessengerEventlog MessengerEventlogSSDPSRV (MessengerEventlogSSDPSRV) - Unknown owner - C:\WINDOWS\
O23 - Service: Partage de Bureau à distance NetMeeting mnmsrvc Antivirus (mnmsrvc Antivirus) - Unknown owner - C:\WINDOWS\
O23 - Service: Partage de Bureau à distance NetMeeting mnmsrvcImapiService (mnmsrvcImapiService) - Unknown owner - C:\WINDOWS\
O23 - Service: Partage de Bureau à distance NetMeeting mnmsrvcImapiService mnmsrvcImapiServiceProtectedStorage (mnmsrvcImapiServiceProtectedStorage) - Unknown owner - C:\WINDOWS\
O23 - Service: Windows Installer MSIServerWudfSvcWebClient (MSIServerWudfSvcWebClient) - Unknown owner - C:\WINDOWS\
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect navapsvcCryptSvc (navapsvcCryptSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Services IPSEC PolicyAgentSAVScan (PolicyAgentSAVScan) - Unknown owner - C:\WINDOWS\
O23 - Service: PsShutdown (PsShutdownSvc) - Systems Internals - C:\WINDOWS\System32\PSSDNSVC.EXE
O23 - Service: PsShutdown PsShutdownSvcSpooler (PsShutdownSvcSpooler) - Unknown owner - C:\WINDOWS\
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: SAVScan SAVScanPsShutdownSvc (SAVScanPsShutdownSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: SAVScan SAVScanPsShutdownSvc SAVScanPsShutdownSvcSSDPSRV (SAVScanPsShutdownSvcSSDPSRV) - Unknown owner - C:\WINDOWS\
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: ScriptBlocking Service SBServiceRasAuto (SBServiceRasAuto) - Unknown owner - C:\WINDOWS\
O23 - Service: ScriptBlocking Service SBServiceSSDPSRVavast!Browser (SBServiceSSDPSRVavast!Browser) - Unknown owner - C:\WINDOWS\
O23 - Service: Notification d'événement système SENSSamSs (SENSSamSs) - Unknown owner - C:\WINDOWS\
O23 - Service: Pare-feu Windows / Partage de connexion Internet SharedAccessTrkWks (SharedAccessTrkWks) - Unknown owner - C:\WINDOWS\
O23 - Service: Service de restauration système srserviceTrkWksWebClientxmlprov (srserviceTrkWksWebClientxmlprov) - Unknown owner - C:\WINDOWS\
O23 - Service: Service de découvertes SSDP SSDPSRVavast!Browser (SSDPSRVavast!Browser) - Unknown owner - C:\WINDOWS\
O23 - Service: MS Software Shadow Copy Provider SwPrvSamSs (SwPrvSamSs) - Unknown owner - C:\WINDOWS\
O23 - Service: Client de suivi de lien distribué TrkWksTapiSrv (TrkWksTapiSrv) - Unknown owner - C:\WINDOWS\
O23 - Service: Client de suivi de lien distribué TrkWksWebClientxmlprov (TrkWksWebClientxmlprov) - Unknown owner - C:\WINDOWS\
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: WebClient WebClient Antivirus (WebClient Antivirus) - Unknown owner - C:\WINDOWS\
O23 - Service: WebClient WebClientxmlprov (WebClientxmlprov) - Unknown owner - C:\WINDOWS\
O23 - Service: Service de numéro de série du lecteur multimédia portable WmdmPmSNccPwdSvc (WmdmPmSNccPwdSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Carte de performance WMI WmiApSrvaspnet_state (WmiApSrvaspnet_state) - Unknown owner - C:\WINDOWS\
O23 - Service: Carte de performance WMI WmiApSrvaspnet_state WmiApSrvaspnet_stateRpcLocator (WmiApSrvaspnet_stateRpcLocator) - Unknown owner - C:\WINDOWS\
O23 - Service: Service Partage réseau du Lecteur Windows Media WMPNetworkSvc Antivirus (WMPNetworkSvc Antivirus) - Unknown owner - C:\WINDOWS\
O23 - Service: Windows Driver Foundation - User-mode Driver Framework WudfSvcWebClient (WudfSvcWebClient) - Unknown owner - C:\WINDOWS\
0
Réponse 4 / 9
IronVI Messages postés 72 Date d'inscription lundi 28 juillet 2008 Statut Membre Dernière intervention 7 août 2008 7
6 août 2008 à 16:18
Il y'a des infections toujours présente .

Télécharger sur le bureau https://www.besttechie.com/resources/malwarebytes/ Malwarebyte's Anti-Malware

=> double-clic sur mbam-setup pour lancer l'installation
=> Installer simplement sans rien modifier
=> Quand le programme lancé ==> onglet Mise à jour cliquer sur => Recherche de mise à jour
Onglet Recherche=> cocher Exécuter un examen complet
=> Clic Rechercher
=> Eventuellement décocher les disque à ne pas analyser
=> Clic Lancer l'examen
=> En fin de scan , si infection trouvée
==> Clic Afficher résultat
=> Fermer vos applications en cours
=> Vérifier si tout est coché et clic Supprimer la sélection
=> un rapport s'ouvre le copier et le coller dans la réponse

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Télécharger et enregistrer sur le bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe Combofix

=Double-clic sur Combofix
= Presser 1 si demandé
= Attendre la fermeture de l’outil ( 5 -10 mn ou plus si infection importante)
=Copier/coller le rapport dans la réponse
Un rapport dans C:\Combofix.txt à mettre dans la réponse
Réactiver l'antivirus
============
supprimer ensuite
combofix
QooBox qui est à C:\

0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 9
Camille30 Messages postés 7 Date d'inscription lundi 4 août 2008 Statut Membre Dernière intervention 8 septembre 2008
7 août 2008 à 12:01
Alors
Voici le premier rapport par Malwarebyte's :

Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1030
Windows 5.1.2600 Service Pack 2

11:18:41 07/08/2008
mbam-log-8-7-2008 (11-18-41).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 159883
Temps écoulé: 10 hour(s), 50 minute(s), 12 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 76
Fichier(s) infecté(s): 100

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhct84j0e785 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhct84j0e785 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\BootStera (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\Instant Access (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Center (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Center\Icons (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\DesktopIcons (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\es6-external-api.dlv4.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\es6-external-api.dlv4.com\js (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\es6-scripts.dlv4.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\es6-scripts.dlv4.com\Common (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\es6-scripts.dlv4.com\custom (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\es6-scripts.dlv4.com\custom\1 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\es6-scripts.dlv4.com\custom\4102 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\es6-scripts.dlv4.com\custom\4102\FR (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\www.rapid-pass.net (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\es6-external-api.dlv4.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\es6-external-api.dlv4.com\js (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\es6-scripts.dlv4.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\es6-scripts.dlv4.com\Common (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\es6-scripts.dlv4.com\custom (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\es6-scripts.dlv4.com\custom\1 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\es6-scripts.dlv4.com\custom\4102 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\es6-scripts.dlv4.com\custom\4102\FR (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\www.5ZGMU7O20KT5D8YQ.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\www.5ZGMU7O20KT5D8YQ.com\Common (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\www.f5biz.com (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\www.f5biz.com\dial (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\www.f5biz.com\dial\htm (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\www.f5biz.com\dial\htm\img (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\www.f5biz.com\dial\htm\photos (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\www.f5biz.com\dial\htm\photos\beurettes (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\www.rapid-pass.net (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060514230534 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060514230534\Common (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060514230534\js (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060514230534\medias (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060528230558 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060528230558\Common (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060528230558\js (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060528230558\medias (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\rhct84j0e785 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Application Data\rhct84j0e785 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Application Data\rhct84j0e785\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Application Data\rhct84j0e785\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Application Data\rhct84j0e785\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Application Data\rhct84j0e785\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Application Data\rhct84j0e785\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Application Data\rhct84j0e785\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Application Data\rhct84j0e785\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Application Data\rhct84j0e785\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Application Data\rhct84j0e785\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Application Data\rhct84j0e785\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Application Data\rhct84j0e785 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Application Data\rhct84j0e785\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Application Data\rhct84j0e785\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Application Data\rhct84j0e785\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Application Data\rhct84j0e785\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Application Data\rhct84j0e785\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Application Data\rhct84j0e785\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Application Data\rhct84j0e785\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Application Data\rhct84j0e785\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Application Data\rhct84j0e785\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Application Data\rhct84j0e785\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\camille\Application Data\rhct84j0e785 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\camille\Application Data\rhct84j0e785\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\camille\Application Data\rhct84j0e785\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\camille\Application Data\rhct84j0e785\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\camille\Application Data\rhct84j0e785\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\camille\Application Data\rhct84j0e785\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\camille\Application Data\rhct84j0e785\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\camille\Application Data\rhct84j0e785\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\camille\Application Data\rhct84j0e785\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\camille\Application Data\rhct84j0e785\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\camille\Application Data\rhct84j0e785\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\System Volume Information\_restore{8B26E68C-EAC6-4030-A534-10211A3E8170}\RP766\A0311637.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8B26E68C-EAC6-4030-A534-10211A3E8170}\RP766\A0311629.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8B26E68C-EAC6-4030-A534-10211A3E8170}\RP766\A0311630.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8B26E68C-EAC6-4030-A534-10211A3E8170}\RP766\A0311631.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8B26E68C-EAC6-4030-A534-10211A3E8170}\RP766\A0311632.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8B26E68C-EAC6-4030-A534-10211A3E8170}\RP766\A0311633.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8B26E68C-EAC6-4030-A534-10211A3E8170}\RP766\A0311634.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8B26E68C-EAC6-4030-A534-10211A3E8170}\RP766\A0311635.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8B26E68C-EAC6-4030-A534-10211A3E8170}\RP766\A0311636.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Acces-Sex.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Center\Acces-Sex.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Center\sexe69.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Center\sexe69.upd (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Center\tray1.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Center\Icons\sexe69.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\DesktopIcons\Acces-Sex.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\DesktopIcons\sexe69.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\es6-external-api.dlv4.com\js\0d5a07f8f714187329300d1e3582eac7 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\es6-scripts.dlv4.com\Common\9a139172888eb350b46e1f52016875cc.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\es6-scripts.dlv4.com\custom\1\dialer.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\es6-scripts.dlv4.com\custom\4102\FR\button1.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\es6-scripts.dlv4.com\custom\4102\FR\button2.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\es6-scripts.dlv4.com\custom\4102\FR\button3.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\es6-scripts.dlv4.com\custom\4102\FR\button4.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\589403806\www.rapid-pass.net\8a7d78d1e1e513ca5c4658a6d088b8bc (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\es6-external-api.dlv4.com\js\989143010427cbf3954b1d39c4334d7d (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\es6-scripts.dlv4.com\Common\cf41b3cb6f53310682d339367c808fcf.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\es6-scripts.dlv4.com\custom\1\dialer.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\es6-scripts.dlv4.com\custom\4102\FR\button1.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\es6-scripts.dlv4.com\custom\4102\FR\button2.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\es6-scripts.dlv4.com\custom\4102\FR\button3.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\es6-scripts.dlv4.com\custom\4102\FR\button4.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\www.f5biz.com\dial\htm\e4d645669e44dc918c510566d92866a2.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\www.f5biz.com\dial\htm\img\pix.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\www.f5biz.com\dial\htm\photos\beurettes\4.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Dialer\824871827\www.rapid-pass.net\6dccd65610936763bdb232a470290fac_ (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060514230534\dialerexe.ini (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060514230534\Common\module.php (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060514230534\js\js_api_dialer.php (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060514230534\medias\3804_dialer.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060514230534\medias\button1.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060514230534\medias\button2.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060514230534\medias\button3.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060514230534\medias\button4.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060528230558\dialerexe.ini (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060528230558\Common\module.php (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060528230558\js\js_api_dialer.php (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060528230558\medias\button1.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060528230558\medias\button2.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060528230558\medias\button3.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060528230558\medias\button4.jpg (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Instant Access\Multi\20060528230558\medias\dialer.ico (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\rhct84j0e785\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhct84j0e785\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhct84j0e785\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhct84j0e785\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhct84j0e785\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhct84j0e785\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhct84j0e785\rhct84j0e785.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhct84j0e785\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphcp84j0e785.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcp84j0e785.jpg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\tmlpcert2007 (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pqqrbmphi_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wajpmywsi_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yawtesgq_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yoczeskmeb_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yyspqrg_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zkaojmftao_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pqqrbmphi_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wajpmywsi_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yawtesgq_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yoczeskmeb_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yyspqrg_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zkaojmftao_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\camille\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\rico\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\frédérique\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.


Celui par ComboFix :
ComboFix 08-08-06.02 - camille 2008-08-07 11:27:31.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.583 [GMT 2:00]
Endroit: C:\Documents and Settings\camille\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\rico\Application Data\inst.exe
C:\Program Files\Altnet
C:\Program Files\Need2Find
C:\Program Files\Need2Find\bar\1.bin\N2FFXTBR.JAR
C:\Program Files\Need2Find\bar\1.bin\N2NTSTBR.JAR
C:\Program Files\Need2Find\bar\1.bin\PARTNER.DAT
C:\Program Files\Need2Find\bar\Cache\[u]0/u0091E3A
C:\Program Files\Need2Find\bar\Cache\files.ini
C:\Program Files\Need2Find\bar\History\search
C:\Program Files\Need2Find\bar\Settings\prevcfg.htm
C:\WINDOWS\smdat32a.sys
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\system32\6.tmp
C:\WINDOWS\system32\7.tmp
C:\WINDOWS\system32\8.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\P2P Networking
C:\WINDOWS\system32\P2P Networking\Cache\Database\file-1001-597.sig
C:\WINDOWS\system32\P2P Networking\Cache\Database\index256.dbb
C:\WINDOWS\system32\P2P Networking\P2P Networking.eng
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\zkaojmftao.dat
C:\WINDOWS\system32\zkaojmftao_navtmp.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FOPN


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-07 to 2008-08-07 ))))))))))))))))))))))))))))))))))))
.

2008-08-04 21:30 . 2008-08-04 21:46 6,048 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-04 19:15 . 2008-08-04 19:15 <REP> d-------- C:\Documents and Settings\camille\Application Data\TuneUp Software
2008-08-04 19:15 . 2008-08-04 19:15 355,584 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-08-04 19:15 . 2008-05-29 09:28 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-08-04 19:14 . 2008-08-04 19:15 <REP> d-------- C:\Program Files\TuneUp Utilities 2008
2008-08-04 19:14 . 2008-08-04 19:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-08-04 13:00 . 2008-08-04 13:00 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-04 13:00 . 2008-08-04 13:00 <REP> d-------- C:\Documents and Settings\camille\Application Data\SUPERAntiSpyware.com
2008-08-04 13:00 . 2008-08-04 13:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-04 12:50 . 2008-08-04 12:51 <REP> d-------- C:\Program Files\Navilog1
2008-08-04 12:46 . 2008-08-04 12:46 <REP> d-------- C:\Lop SD
2008-08-04 12:43 . 2008-08-04 12:43 <REP> d-------- C:\Program Files\CCleaner
2008-08-04 11:58 . 2008-08-04 11:58 <REP> d-------- C:\Documents and Settings\camille\Application Data\Malwarebytes
2008-08-04 11:58 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-04 11:58 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-04 11:57 . 2008-08-07 00:25 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-04 11:57 . 2008-08-04 11:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-04 11:40 . 2008-08-04 11:40 <REP> d-------- C:\Program Files\Trend Micro
2008-08-04 11:17 . 2008-08-04 11:29 <REP> d-------- C:\Program Files\RogueRemover FREE
2008-08-01 17:10 . 2008-08-01 17:10 0 --a------ C:\WINDOWS\system32\D.tmp
2008-07-31 18:40 . 2008-07-31 18:40 <REP> d-------- C:\Documents and Settings\camille\Application Data\Avira
2008-07-31 18:35 . 2008-08-04 20:32 <REP> d-------- C:\Program Files\Avira
2008-07-31 18:35 . 2008-08-04 20:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-30 13:30 . 2008-07-30 13:30 268 --ah----- C:\sqmdata19.sqm
2008-07-30 13:30 . 2008-07-30 13:30 244 --ah----- C:\sqmnoopt19.sqm
2008-07-30 13:18 . 2008-07-30 13:34 32 --a-s---- C:\WINDOWS\system32\272536097.dat
2008-07-29 21:09 . 2008-07-29 21:09 268 --ah----- C:\sqmdata18.sqm
2008-07-29 21:09 . 2008-07-29 21:09 244 --ah----- C:\sqmnoopt18.sqm
2008-07-28 17:54 . 2008-07-28 17:54 <REP> d-------- C:\Program Files\VSO
2008-07-28 17:54 . 2008-07-28 18:03 <REP> d-------- C:\Documents and Settings\rico\Application Data\Vso
2008-07-28 17:54 . 2008-07-28 17:54 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-07-28 17:54 . 2008-07-28 17:54 47,360 --a------ C:\Documents and Settings\rico\Application Data\pcouffin.sys
2008-07-25 17:34 . 2008-07-25 17:34 268 --ah----- C:\sqmdata17.sqm
2008-07-25 17:34 . 2008-07-25 17:34 244 --ah----- C:\sqmnoopt17.sqm
2008-07-25 14:40 . 2008-07-25 14:40 <REP> d-------- C:\Documents and Settings\rico\Application Data\ItsLabel
2008-07-24 22:01 . 2008-07-24 22:01 268 --ah----- C:\sqmdata16.sqm
2008-07-24 22:01 . 2008-07-24 22:01 244 --ah----- C:\sqmnoopt16.sqm
2008-07-24 18:05 . 2008-07-24 18:05 <REP> d-------- C:\Documents and Settings\camille\Application Data\ItsLabel
2008-07-24 18:05 . 2008-08-06 11:17 <REP> d-------- C:\Documents and Settings\camille\Application Data\EoRezo
2008-07-24 17:40 . 2008-07-24 17:40 <REP> d-------- C:\Program Files\Rocket Division Software
2008-07-23 20:23 . 2008-08-06 11:17 <REP> d-------- C:\Program Files\EoRezo
2008-07-23 20:23 . 2008-08-06 06:48 <REP> d-------- C:\Documents and Settings\rico\Application Data\EoRezo
2008-07-22 22:39 . 2008-07-22 22:39 172 --ah----- C:\sqmnoopt15.sqm
2008-07-22 22:39 . 2008-07-22 22:39 172 --ah----- C:\sqmdata15.sqm
2008-07-22 15:52 . 2008-07-22 15:52 268 --ah----- C:\sqmdata14.sqm
2008-07-22 15:52 . 2008-07-22 15:52 244 --ah----- C:\sqmnoopt14.sqm
2008-07-18 20:39 . 2008-07-18 20:39 587,264 --a------ C:\WINDOWS\WLXPGSS.SCR

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-07 09:41 --------- d-----w C:\Documents and Settings\camille\Application Data\OpenOffice.org2
2008-08-07 09:40 --------- d-----w C:\Program Files\eMule
2008-08-07 09:25 --------- d-----w C:\Documents and Settings\camille\Application Data\vmntoolbar
2008-08-06 22:23 --------- d-----w C:\Documents and Settings\rico\Application Data\VMNTOOLBAR
2008-08-06 15:46 --------- d-----w C:\Documents and Settings\rico\Application Data\OpenOffice.org2
2008-08-06 15:46 --------- d-----w C:\Documents and Settings\rico\Application Data\AdobeUM
2008-08-06 09:30 --------- d-----w C:\Documents and Settings\camille\Application Data\LimeWire
2008-08-06 09:16 --------- d-----w C:\Program Files\InterActual
2008-08-04 17:13 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-08-03 09:58 1,796 ----a-w C:\Documents and Settings\rico\Application Data\wklnhst.dat
2008-08-02 16:19 --------- d-----w C:\Program Files\FinePixViewer
2008-07-28 15:58 --------- d-----w C:\Documents and Settings\rico\Application Data\Ahead
2008-07-25 13:46 --------- d-----w C:\Documents and Settings\rico\Application Data\LimeWire
2008-07-12 16:53 12,830 ----a-w C:\Documents and Settings\camille\Application Data\wklnhst.dat
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-24 03:51 7 ----a-w C:\Documents and Settings\rico\license.bin
2007-10-16 22:04 4,823,189 ----a-w C:\Documents and Settings\rico\pPokerSetup.exe
2007-03-08 17:33 10,823 ---ha-w C:\Program Files\GIFAnimator.GID
2006-10-10 17:41 578 ----a-w C:\Documents and Settings\marie\Application Data\wklnhst.dat
2006-08-30 21:26 536,064 ----a-w C:\Program Files\GIFAnimator.exe
2006-08-30 21:26 248 ----a-w C:\Program Files\GIFAnimator.cnt
2006-08-30 21:26 17,642 ----a-w C:\Program Files\GIFAnimator.hlp
2006-08-30 21:26 10,752 ----a-w C:\Program Files\README.WRI
2006-01-26 15:13 28,672 ----a-w C:\Documents and Settings\rico\LicenceWM.exe
2007-01-02 16:13 8 --sh--r C:\WINDOWS\system32\4D491A983E.sys
2007-01-02 16:14 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2006-01-13 19:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2005-05-25 21:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-13 04:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2008-06-20 12:45 360320 1cc09561e21a48a7f649a40f18235860 C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 12:45 360320 1cc09561e21a48a7f649a40f18235860 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-01-01 19:57 40960]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 10:06 700416]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2005-07-26 15:12 4771840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-11 16:29 5562368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winaf48.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winaf50.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wincg51.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windh15.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windh26.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windi26.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windi72.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windj41.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windj63.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winej04.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfk40.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfk61.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfk62.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfl73.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wingm37.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winhm03.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winin15.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winin38.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winin72.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjn83.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winkp26.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winlp04.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winlq50.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winlq72.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winmr04.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winmr15.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winmr61.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winmr72.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winns50.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winnv06.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winos61.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winot83.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winpu04.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winpu37.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winqv15.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winqv83.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winqw48.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winrw37.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winrw40.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winrx63.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winsa30.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winsx52.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winsx72.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winty48.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winty61.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winua48.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winvb26.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winvb48.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winvb61.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwd15.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winxc83.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winxd04.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winye72.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2008-01-03 20:24]
R0 RITCPT;RITCPT;C:\WINDOWS\system32\drivers\RITCPT.sys [2004-09-21 17:39]
R0 VVBackd5;VVBackd5;C:\WINDOWS\system32\drivers\VVBackd5.sys [2004-09-21 17:39]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 14:00]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-09-19 13:24]
R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2003-09-19 13:24]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S2 FBAPI;FBAPI;C:\WINDOWS\system32\drivers\FBAPI.sys []
S3 PsShutdownSvc;PsShutdown;C:\WINDOWS\System32\PSSDNSVC.EXE [2005-07-11 18:23]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-08-04 19:15]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
S3 Winaf48;Winaf48;C:\WINDOWS\System32\drivers\Winaf48.sys []
S3 Winaf50;Winaf50;C:\WINDOWS\System32\drivers\Winaf50.sys []
S3 Windh15;Windh15;C:\WINDOWS\System32\drivers\Windh15.sys []
S3 Windh26;Windh26;C:\WINDOWS\System32\drivers\Windh26.sys []
S3 Windi26;Windi26;C:\WINDOWS\System32\drivers\Windi26.sys []
S3 Windj41;Windj41;C:\WINDOWS\System32\drivers\Windj41.sys []
S3 Winfk40;Winfk40;C:\WINDOWS\System32\drivers\Winfk40.sys []
S3 Wingm37;Wingm37;C:\WINDOWS\System32\drivers\Wingm37.sys []
S3 Winin72;Winin72;C:\WINDOWS\System32\drivers\Winin72.sys []
S3 Winlp04;Winlp04;C:\WINDOWS\System32\drivers\Winlp04.sys []
S3 Winmr61;Winmr61;C:\WINDOWS\System32\drivers\Winmr61.sys []
S3 Winnv06;Winnv06;C:\WINDOWS\System32\drivers\Winnv06.sys []
S3 Winos61;Winos61;C:\WINDOWS\System32\drivers\Winos61.sys []
S3 Winpu04;Winpu04;C:\WINDOWS\System32\drivers\Winpu04.sys []
S3 Winpu37;Winpu37;C:\WINDOWS\System32\drivers\Winpu37.sys []
S3 Winqv83;Winqv83;C:\WINDOWS\System32\drivers\Winqv83.sys []
S3 Winqw48;Winqw48;C:\WINDOWS\System32\drivers\Winqw48.sys []
S3 Winrw37;Winrw37;C:\WINDOWS\System32\drivers\Winrw37.sys []
S3 Winsx72;Winsx72;C:\WINDOWS\System32\drivers\Winsx72.sys []
S3 Winty61;Winty61;C:\WINDOWS\System32\drivers\Winty61.sys []
S3 Winua48;Winua48;C:\WINDOWS\System32\drivers\Winua48.sys []
S3 Winxc83;Winxc83;C:\WINDOWS\System32\drivers\Winxc83.sys []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2ea233f-f2d9-11d9-8563-806d6172696f}]
\shell\PlayWithPowerDVD\Command - "C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-08-07 C:\WINDOWS\Tasks\AEDFB92F9184295B.job
- c:\docume~1\frdriq~1\applic~1\flawcomp\Dash media kind.exe []

2008-08-05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 18:13]

2008-08-07 C:\WINDOWS\Tasks\B43C41809147ED5C.job
- c:\docume~1\ric~1\applic~1\flawcomp\Dash media kind.exe []

2008-08-07 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]

2008-08-06 C:\WINDOWS\Tasks\User_Feed_Synchronization-{7952CC5F-C165-4ECC-9F53-79CB0E6C8B77}.job
- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 12:58]
.
- - - - ORPHANS REMOVED - - - -

BHO-{23CC34FB-8CB2-0BB4-88B5-C5CD509AC1A4} - C:\DOCUME~1\RIC~1\APPLIC~1\LESSMO~1\DebugThe.exe
HKLM-Run-EoEngine - (no file)
HKU-Default-Run-ALUAlert - C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://google.fr/
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://fr.yahoo.com/
O8 -: &Traduire à partir de l'anglais - C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Envoyer au périphérique &Bluetooth... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 -: Pages liées - C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 -: Pages similaires - C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 -: Recherche &Google - C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 -: Version de la page actuelle disponible dans le cache Google - C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O16 -: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} - hxxp://www.tele2mail.com/static/apps/utils/AccountHelper.cab
C:\WINDOWS\Downloaded Program Files\Account.inf
C:\WINDOWS\Downloaded Program Files\Account.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-07 11:38:44
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\avast!Browser]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\avast!wscsvc]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\BITSlanmanworkstation]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\btwdinslanmanserver]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ClipSrvSysmonLog]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\CreativeRDSessMgr]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\DcomLaunchNtmsSvc]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\dmadminEventlog]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\dmservernavapsvcCryptSvc]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EventlogSwPrvSamSs]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EventSystemClipSrvSysmonLog]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\lanmanserverdmadminEventlog]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\LmHostswuauserv]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MessengerEventlog]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MessengerEventlogSSDPSRV]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mnmsrvc Antivirus]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mnmsrvcImapiService]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mnmsrvcImapiServiceProtectedStorage]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSIServerWudfSvcWebClient]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\navapsvcCryptSvc]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PolicyAgentSAVScan]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PsShutdownSvcSpooler]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SAVScanPsShutdownSvc]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SAVScanPsShutdownSvcSSDPSRV]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SBServiceRasAuto]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SBServiceSSDPSRVavast!Browser]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SENSSamSs]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccessTrkWks]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\srserviceTrkWksWebClientxmlprov]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SSDPSRVavast!Browser]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SwPrvSamSs]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TrkWksTapiSrv]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TrkWksWebClientxmlprov]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WebClient Antivirus]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WebClientxmlprov]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WmdmPmSNccPwdSvc]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WmiApSrvaspnet_state]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WmiApSrvaspnet_stateRpcLocator]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WMPNetworkSvc Antivirus]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WudfSvcWebClient]
"ImagePath"="ð%€|x\[u]0/u1\[u]0/u9 srv"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-07 11:50:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-07 09:50:34

Pre-Run: 109,079,846,912 octets libres
Post-Run: 110,543,421,440 octets libres

458 --- E O F --- 2008-08-07 01:02:58


Voilà par contre le rapport dans C:\Combofix.txt c'est exactement le même que celui là je n'en ai pas d'autre. Merci de passer autant de temps à m'aider !
0
Réponse 6 / 9
IronVI Messages postés 72 Date d'inscription lundi 28 juillet 2008 Statut Membre Dernière intervention 7 août 2008 7
7 août 2008 à 16:27
Oulaaaa le nombre d'infections

refait un hijackthis
0
Réponse 7 / 9
Camille30 Messages postés 7 Date d'inscription lundi 4 août 2008 Statut Membre Dernière intervention 8 septembre 2008
7 août 2008 à 16:33
Heu lol tant que ça ?
Voilà le rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:32:52, on 07/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: MediaChecker.lnk = C:\Program Files\HOTALBUMMyBOX\MediaChecker.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office2K\Office\OSA9.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3ACD4A0-0863-4A57-8D09-444A4D38BB25}: NameServer = 86.64.145.143 84.103.237.143
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! Web Scanner avast!Browser (avast!Browser) - Unknown owner - C:\WINDOWS\
O23 - Service: avast! Mail Scanner avast!wscsvc (avast!wscsvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Service de transfert intelligent en arrière-plan BITSlanmanworkstation (BITSlanmanworkstation) - Unknown owner - C:\WINDOWS\
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Bluetooth Service btwdinslanmanserver (btwdinslanmanserver) - Unknown owner - C:\WINDOWS\
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Gestionnaire de l'Album ClipSrvSysmonLog (ClipSrvSysmonLog) - Unknown owner - C:\WINDOWS\
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Service for CDROM Access CreativeRDSessMgr (CreativeRDSessMgr) - Unknown owner - C:\WINDOWS\
O23 - Service: Lanceur de processus serveur DCOM DcomLaunchNtmsSvc (DcomLaunchNtmsSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Service d'administration du Gestionnaire de disque logique dmadminEventlog (dmadminEventlog) - Unknown owner - C:\WINDOWS\
O23 - Service: Gestionnaire de disque logique dmservernavapsvcCryptSvc (dmservernavapsvcCryptSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Journal des événements EventlogSwPrvSamSs (EventlogSwPrvSamSs) - Unknown owner - C:\WINDOWS\
O23 - Service: Système d'événements de COM+ EventSystemClipSrvSysmonLog (EventSystemClipSrvSysmonLog) - Unknown owner - C:\WINDOWS\
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Serveur lanmanserverdmadminEventlog (lanmanserverdmadminEventlog) - Unknown owner - C:\WINDOWS\
O23 - Service: Assistance TCP/IP NetBIOS LmHostswuauserv (LmHostswuauserv) - Unknown owner - C:\WINDOWS\
O23 - Service: Affichage des messages MessengerEventlog (MessengerEventlog) - Unknown owner - C:\WINDOWS\
O23 - Service: Affichage des messages MessengerEventlog MessengerEventlogSSDPSRV (MessengerEventlogSSDPSRV) - Unknown owner - C:\WINDOWS\
O23 - Service: Partage de Bureau à distance NetMeeting mnmsrvc Antivirus (mnmsrvc Antivirus) - Unknown owner - C:\WINDOWS\
O23 - Service: Partage de Bureau à distance NetMeeting mnmsrvcImapiService (mnmsrvcImapiService) - Unknown owner - C:\WINDOWS\
O23 - Service: Partage de Bureau à distance NetMeeting mnmsrvcImapiService mnmsrvcImapiServiceProtectedStorage (mnmsrvcImapiServiceProtectedStorage) - Unknown owner - C:\WINDOWS\
O23 - Service: Windows Installer MSIServerWudfSvcWebClient (MSIServerWudfSvcWebClient) - Unknown owner - C:\WINDOWS\
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect navapsvcCryptSvc (navapsvcCryptSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Services IPSEC PolicyAgentSAVScan (PolicyAgentSAVScan) - Unknown owner - C:\WINDOWS\
O23 - Service: PsShutdown (PsShutdownSvc) - Systems Internals - C:\WINDOWS\System32\PSSDNSVC.EXE
O23 - Service: PsShutdown PsShutdownSvcSpooler (PsShutdownSvcSpooler) - Unknown owner - C:\WINDOWS\
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: SAVScan SAVScanPsShutdownSvc (SAVScanPsShutdownSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: SAVScan SAVScanPsShutdownSvc SAVScanPsShutdownSvcSSDPSRV (SAVScanPsShutdownSvcSSDPSRV) - Unknown owner - C:\WINDOWS\
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: ScriptBlocking Service SBServiceRasAuto (SBServiceRasAuto) - Unknown owner - C:\WINDOWS\
O23 - Service: ScriptBlocking Service SBServiceSSDPSRVavast!Browser (SBServiceSSDPSRVavast!Browser) - Unknown owner - C:\WINDOWS\
O23 - Service: Notification d'événement système SENSSamSs (SENSSamSs) - Unknown owner - C:\WINDOWS\
O23 - Service: Pare-feu Windows / Partage de connexion Internet SharedAccessTrkWks (SharedAccessTrkWks) - Unknown owner - C:\WINDOWS\
O23 - Service: Service de restauration système srserviceTrkWksWebClientxmlprov (srserviceTrkWksWebClientxmlprov) - Unknown owner - C:\WINDOWS\
O23 - Service: Service de découvertes SSDP SSDPSRVavast!Browser (SSDPSRVavast!Browser) - Unknown owner - C:\WINDOWS\
O23 - Service: MS Software Shadow Copy Provider SwPrvSamSs (SwPrvSamSs) - Unknown owner - C:\WINDOWS\
O23 - Service: Client de suivi de lien distribué TrkWksTapiSrv (TrkWksTapiSrv) - Unknown owner - C:\WINDOWS\
O23 - Service: Client de suivi de lien distribué TrkWksWebClientxmlprov (TrkWksWebClientxmlprov) - Unknown owner - C:\WINDOWS\
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: WebClient WebClient Antivirus (WebClient Antivirus) - Unknown owner - C:\WINDOWS\
O23 - Service: WebClient WebClientxmlprov (WebClientxmlprov) - Unknown owner - C:\WINDOWS\
O23 - Service: Service de numéro de série du lecteur multimédia portable WmdmPmSNccPwdSvc (WmdmPmSNccPwdSvc) - Unknown owner - C:\WINDOWS\
O23 - Service: Carte de performance WMI WmiApSrvaspnet_state (WmiApSrvaspnet_state) - Unknown owner - C:\WINDOWS\
O23 - Service: Carte de performance WMI WmiApSrvaspnet_state WmiApSrvaspnet_stateRpcLocator (WmiApSrvaspnet_stateRpcLocator) - Unknown owner - C:\WINDOWS\
O23 - Service: Service Partage réseau du Lecteur Windows Media WMPNetworkSvc Antivirus (WMPNetworkSvc Antivirus) - Unknown owner - C:\WINDOWS\
O23 - Service: Windows Driver Foundation - User-mode Driver Framework WudfSvcWebClient (WudfSvcWebClient) - Unknown owner - C:\WINDOWS\
0
Réponse 8 / 9
IronVI Messages postés 72 Date d'inscription lundi 28 juillet 2008 Statut Membre Dernière intervention 7 août 2008 7
7 août 2008 à 20:33
Y'a rien, toujours des problèmes ?
0
Réponse 9 / 9
Camille30 Messages postés 7 Date d'inscription lundi 4 août 2008 Statut Membre Dernière intervention 8 septembre 2008
7 août 2008 à 21:56
Ben non apparement mon ordinateur remarche je n'ai plus rien qui déconne, mais tu m'as dis que j'avais beaucoup d'infection ?
En tout cas merci beaucoup de ton aide :D
0

Discussions similaires

Désinstaller Opera
Web. -
Web. -

3 réponses
Google Chrome "  Échec de l'analyse antivirus "
jmpower -
Coco71 -

15 réponses