A voir également:
- Je suis pris avec virusremover2008
- Mon ordinateur a pris l'eau et ne s'allume plus ✓ - Forum Matériel & Système
- Mode non pris en charge tv samsung - Forum Samsung
- Signal "mode non pris en charge" après installation du decodeur ✓ - Forum TNT / Satellite / Réception
- Mon pc reçois de l'eau et ne s'allume plus - Forum Clavier
- Brancher enceinte sur tv avec prise jack - Forum Enceintes / HiFi
8 réponses
Salut,
Télécharge HijackThis (outils de dignostic) ici :
-> Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau
-> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
-> ftp://ftp.commentcamarche.com/download/HJTInstall.exe
-> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation
-> Clique sur Install ensuite sur I Accept
-> Clique sur Do a scan system and save log file
-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse
Télécharge HijackThis (outils de dignostic) ici :
-> Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau
-> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
-> ftp://ftp.commentcamarche.com/download/HJTInstall.exe
-> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation
-> Clique sur Install ensuite sur I Accept
-> Clique sur Do a scan system and save log file
-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
-----------\\ ToolBar S&D 1.2.2 XP/Vista
Microsoft® Windows Vista™ Édition Intégrale ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A03
USER : voyou ( Not Administrator ! )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total : 450 Go Free : 346 Go
D:\ (Local Disk) - NTFS - Total : 14 Go Free : 5 Go
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
"C:\ToolBar SD" ( MAJ : 04-10-2008|21:00 )
Option : [1] ( 2008-10-13|20:35 )
[ UAC => 1 ]
-----------\\ Recherche de Fichiers / Dossiers ...
C:\Program Files\AskTBar
C:\Program Files\AskTBar\bar
C:\Program Files\AskTBar\SrchAstt
C:\Users\voyou\AppData\Roaming\MICROS~1\Windows\Cookies\voyou@mysearch[1].txt
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Url"="https://www.msn.com/fr-fr/actualite/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[ UAC => 1 ]
1 - "C:\ToolBar SD\TB_1.txt" - 2008-10-13|20:36 - Option : [1]
-----------\\ Fin du rapport a 20:36:53,06
Microsoft® Windows Vista™ Édition Intégrale ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A03
USER : voyou ( Not Administrator ! )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total : 450 Go Free : 346 Go
D:\ (Local Disk) - NTFS - Total : 14 Go Free : 5 Go
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
"C:\ToolBar SD" ( MAJ : 04-10-2008|21:00 )
Option : [1] ( 2008-10-13|20:35 )
[ UAC => 1 ]
-----------\\ Recherche de Fichiers / Dossiers ...
C:\Program Files\AskTBar
C:\Program Files\AskTBar\bar
C:\Program Files\AskTBar\SrchAstt
C:\Users\voyou\AppData\Roaming\MICROS~1\Windows\Cookies\voyou@mysearch[1].txt
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Url"="https://www.msn.com/fr-fr/actualite/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[ UAC => 1 ]
1 - "C:\ToolBar SD\TB_1.txt" - 2008-10-13|20:36 - Option : [1]
-----------\\ Fin du rapport a 20:36:53,06
Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste so n contenu ici.
NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste so n contenu ici.
NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.
-----------\\ ToolBar S&D 1.2.2 XP/Vista
Microsoft® Windows Vista™ Édition Intégrale ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A03
USER : voyou ( Not Administrator ! )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total : 450 Go Free : 346 Go
D:\ (Local Disk) - NTFS - Total : 14 Go Free : 5 Go
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
"C:\ToolBar SD" ( MAJ : 04-10-2008|21:00 )
Option : [2] ( 2008-10-13|20:43 )
[ UAC => 1 ]
-----------\\ SUPPRESSION
Supprime! - C:\Program Files\AskTBar\bar
Echec ! - C:\Program Files\AskTBar\SrchAstt
Supprime! - C:\Users\voyou\AppData\Roaming\MICROS~1\Windows\Cookies\voyou@mysearch[1].txt
Echec ! - C:\Program Files\AskTBar
-----------\\ DEUXIEME PASSAGE
Echec ! - C:\Program Files\AskTBar\SrchAstt
Echec ! - C:\Program Files\AskTBar
-----------\\ Recherche de Fichiers / Dossiers ...
C:\Program Files\AskTBar
C:\Program Files\AskTBar\SrchAstt
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Url"="https://www.msn.com/fr-fr/actualite/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/"
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[ UAC => 1 ]
1 - "C:\ToolBar SD\TB_1.txt" - 2008-10-13|20:36 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 2008-10-13|20:45 - Option : [2]
-----------\\ Fin du rapport a 20:45:07,06
Microsoft® Windows Vista™ Édition Intégrale ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A03
USER : voyou ( Not Administrator ! )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total : 450 Go Free : 346 Go
D:\ (Local Disk) - NTFS - Total : 14 Go Free : 5 Go
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
"C:\ToolBar SD" ( MAJ : 04-10-2008|21:00 )
Option : [2] ( 2008-10-13|20:43 )
[ UAC => 1 ]
-----------\\ SUPPRESSION
Supprime! - C:\Program Files\AskTBar\bar
Echec ! - C:\Program Files\AskTBar\SrchAstt
Supprime! - C:\Users\voyou\AppData\Roaming\MICROS~1\Windows\Cookies\voyou@mysearch[1].txt
Echec ! - C:\Program Files\AskTBar
-----------\\ DEUXIEME PASSAGE
Echec ! - C:\Program Files\AskTBar\SrchAstt
Echec ! - C:\Program Files\AskTBar
-----------\\ Recherche de Fichiers / Dossiers ...
C:\Program Files\AskTBar
C:\Program Files\AskTBar\SrchAstt
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Url"="https://www.msn.com/fr-fr/actualite/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/"
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[ UAC => 1 ]
1 - "C:\ToolBar SD\TB_1.txt" - 2008-10-13|20:36 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 2008-10-13|20:45 - Option : [2]
-----------\\ Fin du rapport a 20:45:07,06
télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
Assure toi que la case Unregister Dll's and Ocx's soit bien cochée
copie la liste qui se trouve en gras ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
C:\Program Files\AskTBar\SrchAstt
C:\Program Files\AskTBar
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
ensuite :
Telecharge malwarebytes
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
PS : les rapport sont aussi rangé dans l onglet rapport/log
double-clique sur OTMoveIt.exe pour le lancer.
Assure toi que la case Unregister Dll's and Ocx's soit bien cochée
copie la liste qui se trouve en gras ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
C:\Program Files\AskTBar\SrchAstt
C:\Program Files\AskTBar
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
ensuite :
Telecharge malwarebytes
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
PS : les rapport sont aussi rangé dans l onglet rapport/log
Folder move failed. C:\Program Files\AskTBar\SrchAstt\1.bin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AskTBar\SrchAstt scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AskTBar\SrchAstt\1.bin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AskTBar\SrchAstt scheduled to be moved on reboot.
C:\Program Files\AskTBar\bar\History moved successfully.
C:\Program Files\AskTBar\bar\Cache moved successfully.
C:\Program Files\AskTBar\bar moved successfully.
Folder move failed. C:\Program Files\AskTBar scheduled to be moved on reboot.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10132008_205930
Folder move failed. C:\Program Files\AskTBar\SrchAstt scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AskTBar\SrchAstt\1.bin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AskTBar\SrchAstt scheduled to be moved on reboot.
C:\Program Files\AskTBar\bar\History moved successfully.
C:\Program Files\AskTBar\bar\Cache moved successfully.
C:\Program Files\AskTBar\bar moved successfully.
Folder move failed. C:\Program Files\AskTBar scheduled to be moved on reboot.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10132008_205930
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1267
Windows 6.0.6001 Service Pack 1
2008-10-13 22:41:17
mbam-log-2008-10-13 (22-41-17).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 221333
Temps écoulé: 1 hour(s), 27 minute(s), 4 second(s)
Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 7
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 7
Processus mémoire infecté(s):
C:\ProgramData\mlgvqvib\glwlojil.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\Users\voyou\AppData\Local\Temp\video234.cfg.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SystemInit (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Web Technologies (Trojan.Zlob) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b2iuwvy8qw (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\xdsfass (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSFox (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Somefox (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\ProgramData\SEC (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
C:\Users\voyou\AppData\Roaming\VirusRemover2008 (Rogue.VirusRemover) -> Quarantined and deleted successfully.
C:\Users\voyou\AppData\Roaming\VirusRemover2008\Logs (Rogue.VirusRemover) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\ProgramData\mlgvqvib\glwlojil.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\Users\voyou\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5NZ7O4ZT\9llCJ4amiU[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\voyou\AppData\Roaming\VirusRemover2008\Logs\scns.log (Rogue.VirusRemover) -> Quarantined and deleted successfully.
C:\Users\voyou\AppData\Local\Temp\video234.cfg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\voyou\AppData\Local\Temp\video234.cfg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\voyou\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Users\voyou\Favorites\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.
Version de la base de données: 1267
Windows 6.0.6001 Service Pack 1
2008-10-13 22:41:17
mbam-log-2008-10-13 (22-41-17).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 221333
Temps écoulé: 1 hour(s), 27 minute(s), 4 second(s)
Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 7
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 7
Processus mémoire infecté(s):
C:\ProgramData\mlgvqvib\glwlojil.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\Users\voyou\AppData\Local\Temp\video234.cfg.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SystemInit (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Web Technologies (Trojan.Zlob) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b2iuwvy8qw (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\xdsfass (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSFox (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Somefox (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\ProgramData\SEC (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
C:\Users\voyou\AppData\Roaming\VirusRemover2008 (Rogue.VirusRemover) -> Quarantined and deleted successfully.
C:\Users\voyou\AppData\Roaming\VirusRemover2008\Logs (Rogue.VirusRemover) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\ProgramData\mlgvqvib\glwlojil.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\Users\voyou\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5NZ7O4ZT\9llCJ4amiU[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\voyou\AppData\Roaming\VirusRemover2008\Logs\scns.log (Rogue.VirusRemover) -> Quarantined and deleted successfully.
C:\Users\voyou\AppData\Local\Temp\video234.cfg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\voyou\AppData\Local\Temp\video234.cfg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\voyou\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Users\voyou\Favorites\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
réouvre malewarebyte
va sur quarantaine
supprime tout
fais un clic droit sur hijackthis
choisi executer en tant qu administrateur
et refais un scan et post le rapport stp
va sur quarantaine
supprime tout
fais un clic droit sur hijackthis
choisi executer en tant qu administrateur
et refais un scan et post le rapport stp
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:47:54, on 2008-10-14
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\OEM05Mon.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\HiYo\Bin\HiYo.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.sympatico.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [OEM05Mon.exe] C:\Windows\OEM05Mon.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [HiYo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1974245746-928127060-914965439-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\jo!!\AppData\Local\Temp\HSPERF~1.SH! C:\Users\jo!!\AppData\Local\Temp\Low\HSPERF~1.SH! C:\Users\jo!!\AppData\Local\Temp\~DF810C.tmp C:\Users\jo!!\AppData\Local\Temp\~DF778B.tmp C:\Users\jo!!\AppData\Local\Temp\~DF4510.tmp C:\Users\jo!!\AppData\Local\Temp\~DF402C.tmp (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\jo!!\AppData\Local\Temp\HSPERF~1.SH! C:\Users\jo!!\AppData\Local\Temp\Low\HSPERF~1.SH! C:\Users\jo!!\AppData\Local\Temp\~DF810C.tmp C:\Users\jo!!\AppData\Local\Temp\~DF778B.tmp C:\Users\jo!!\AppData\Local\Temp\~DF4510.tmp C:\Users\jo!!\AppData\Local\Temp\~DF402C.tmp (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: McAfee Application Installer Cleanup (0325171223981202) (0325171223981202mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\032517~1.EXE
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Premier\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
Scan saved at 06:47:54, on 2008-10-14
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\OEM05Mon.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\HiYo\Bin\HiYo.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.sympatico.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [OEM05Mon.exe] C:\Windows\OEM05Mon.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [HiYo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1974245746-928127060-914965439-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\jo!!\AppData\Local\Temp\HSPERF~1.SH! C:\Users\jo!!\AppData\Local\Temp\Low\HSPERF~1.SH! C:\Users\jo!!\AppData\Local\Temp\~DF810C.tmp C:\Users\jo!!\AppData\Local\Temp\~DF778B.tmp C:\Users\jo!!\AppData\Local\Temp\~DF4510.tmp C:\Users\jo!!\AppData\Local\Temp\~DF402C.tmp (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\jo!!\AppData\Local\Temp\HSPERF~1.SH! C:\Users\jo!!\AppData\Local\Temp\Low\HSPERF~1.SH! C:\Users\jo!!\AppData\Local\Temp\~DF810C.tmp C:\Users\jo!!\AppData\Local\Temp\~DF778B.tmp C:\Users\jo!!\AppData\Local\Temp\~DF4510.tmp C:\Users\jo!!\AppData\Local\Temp\~DF402C.tmp (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: McAfee Application Installer Cleanup (0325171223981202) (0325171223981202mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\032517~1.EXE
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Premier\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique sur combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
-> Double clique sur combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
ComboFix 08-10-12.01 - voyou 2008-10-14 7:01:41.1 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.1.1036.18.1872 [GMT -4:00]
Lancé depuis: C:\Users\voyou\Downloads\ComboFix.exe
* Un nouveau point de restauration a été créé
* Resident AV is active
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\voyou\Documents\My Documents.url
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-14 au 2008-10-14 ))))))))))))))))))))))))))))))))))))
.
2008-10-14 07:06 . 2008-10-14 07:06 <REP> d-------- C:\Users\voyou\AppData\Roaming\agi
2008-10-13 21:06 . 2008-10-13 21:06 <REP> d-------- C:\Users\All Users\srvchk
2008-10-13 21:06 . 2008-10-13 21:06 <REP> d-------- C:\ProgramData\srvchk
2008-10-13 20:59 . 2008-10-13 20:59 <REP> d-------- C:\_OTMoveIt
2008-10-13 20:34 . 2008-10-13 20:45 <REP> d-------- C:\ToolBar SD
2008-10-13 20:28 . 2008-10-13 20:28 <REP> d-------- C:\Program Files\Trend Micro
2008-10-13 19:34 . 2008-10-13 19:34 <REP> d-------- C:\Users\voyou\AppData\Roaming\Malwarebytes
2008-10-13 19:34 . 2008-10-13 19:34 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-10-13 19:34 . 2008-10-13 19:34 <REP> d-------- C:\ProgramData\Malwarebytes
2008-10-13 19:34 . 2008-10-13 21:09 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-13 19:34 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-10-13 19:34 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-10-13 19:23 . 2008-10-13 19:23 <REP> d-------- C:\Program Files\Enigma Software Group
2008-10-13 18:23 . 2008-10-13 18:23 <REP> d-------- C:\Users\All Users\ChkSet
2008-10-13 18:23 . 2008-10-13 18:23 <REP> d-------- C:\ProgramData\ChkSet
2008-10-13 16:45 . 2008-10-13 16:45 <REP> d-------- C:\Users\All Users\SetChk
2008-10-13 16:45 . 2008-10-13 16:45 <REP> d-------- C:\ProgramData\SetChk
2008-10-12 20:59 . 2008-10-12 20:59 <REP> d-------- C:\Users\All Users\monmnt
2008-10-12 20:59 . 2008-10-12 20:59 <REP> d-------- C:\ProgramData\monmnt
2008-10-12 20:02 . 2008-10-12 20:02 <REP> d-------- C:\Users\All Users\winset
2008-10-12 20:02 . 2008-10-13 22:41 <REP> d-------- C:\Users\All Users\mlgvqvib
2008-10-12 20:02 . 2008-10-12 20:02 <REP> d-------- C:\Users\All Users\CfgStrHlp
2008-10-12 20:02 . 2008-10-12 20:02 <REP> d-------- C:\ProgramData\winset
2008-10-12 20:02 . 2008-10-13 22:41 <REP> d-------- C:\ProgramData\mlgvqvib
2008-10-12 20:02 . 2008-10-12 20:02 <REP> d-------- C:\ProgramData\CfgStrHlp
2008-10-12 08:37 . 2008-10-12 08:37 <REP> d-------- C:\Windows\System32\AGEIA
2008-10-12 08:37 . 2008-10-12 08:37 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-12 08:37 . 2008-10-12 08:37 <REP> d-------- C:\Program Files\AGEIA Technologies
2008-10-12 08:33 . 2008-10-12 08:33 <REP> d-------- C:\NVIDIA
2008-10-04 18:55 . 2008-10-04 18:55 <REP> d-------- C:\Users\voyou\AppData\Roaming\GTek
2008-10-03 16:32 . 2008-10-03 16:32 <REP> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-03 16:32 . 2008-10-03 16:32 <REP> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-03 16:32 . 2008-10-03 16:32 <REP> d-------- C:\Program Files\iTunes
2008-10-03 16:32 . 2008-10-03 16:32 <REP> d-------- C:\Program Files\iPod
2008-10-02 13:28 . 2008-10-02 13:28 <REP> d-------- C:\Windows\System32\Dell
2008-10-02 13:23 . 2008-10-02 13:23 <REP> d--h----- C:\Users\jo!!\AppData\Roaming\GTek
2008-10-02 13:23 . 2006-11-02 06:23 <REP> dr------- C:\Users\IUSR_NMPR\Videos
2008-10-02 13:23 . 2006-11-02 06:23 <REP> d-------- C:\Users\IUSR_NMPR\Saved Games
2008-10-02 13:23 . 2006-11-02 06:23 <REP> dr------- C:\Users\IUSR_NMPR\Pictures
2008-10-02 13:23 . 2006-11-02 06:23 <REP> dr------- C:\Users\IUSR_NMPR\Music
2008-10-02 13:23 . 2006-11-02 06:23 <REP> dr------- C:\Users\IUSR_NMPR\Links
2008-10-02 13:23 . 2006-11-02 06:23 <REP> dr------- C:\Users\IUSR_NMPR\Downloads
2008-10-02 13:23 . 2008-10-02 13:23 <REP> dr------- C:\Users\IUSR_NMPR\Documents
2008-10-02 13:23 . 2006-11-02 07:18 <REP> d--h----- C:\Users\IUSR_NMPR\AppData
2008-10-02 13:23 . 2008-10-02 13:23 <REP> d--h----- C:\Users\IUSR_NMPR
2008-10-02 13:22 . 2008-10-02 13:22 <REP> d-------- C:\Users\Public\IntelDH
2008-10-02 13:22 . 2008-10-02 13:22 <REP> d-------- C:\Users\All Users\Intel
2008-10-02 13:22 . 2008-10-02 13:36 <REP> d-------- C:\Users\All Users\Gtek
2008-10-02 13:22 . 2008-10-02 13:22 <REP> d-------- C:\ProgramData\Intel
2008-10-02 13:22 . 2008-10-02 13:36 <REP> d-------- C:\ProgramData\Gtek
2008-10-02 13:22 . 2008-10-02 13:22 <REP> d-------- C:\Program Files\Common Files\Intel
2008-10-02 13:18 . 2008-10-02 13:18 <REP> d-------- C:\Windows\Downloaded Installations
2008-10-02 13:18 . 2008-10-02 13:18 5,632 --a------ C:\Windows\System32\drivers\IntelDH.sys
2008-09-30 23:34 . 2008-08-17 06:33 678,408 --a------ C:\Windows\System32\gpprefcl.dll
2008-09-25 20:34 . 2008-09-25 20:34 <REP> d-------- C:\Users\voyou\AppData\Roaming\PeerNetworking
2008-09-25 14:45 . 2008-09-25 14:46 <REP> d-------- C:\Users\voyou\AppData\Roaming\OpenOffice.org2
2008-09-21 13:04 . 2008-09-21 13:04 <REP> d-------- C:\Program Files\DNA
2008-09-18 22:40 . 2008-09-18 22:40 <REP> d-------- C:\Users\jo!!\AppData\Roaming\agi
2008-09-18 22:40 . 2008-09-18 22:40 <REP> d-------- C:\Users\All Users\Kiwee Toolbar
2008-09-18 22:40 . 2008-09-18 22:40 <REP> d-------- C:\Users\All Users\agi
2008-09-18 22:40 . 2008-09-18 22:40 <REP> d-------- C:\ProgramData\Kiwee Toolbar
2008-09-18 22:40 . 2008-09-18 22:40 <REP> d-------- C:\ProgramData\agi
2008-09-18 22:40 . 2008-09-18 22:40 <REP> d-------- C:\Program Files\AGI
2008-09-18 22:40 . 2008-09-18 22:40 2,117,632 --a------ C:\Windows\System32\python25.dll
2008-09-18 22:40 . 2008-09-16 12:26 1,332,197 --a------ C:\Windows\System32\pythondll.zip
2008-09-18 22:40 . 2008-09-18 22:40 339,968 --a------ C:\Windows\System32\pythoncom25.dll
2008-09-18 22:40 . 2008-09-18 22:40 114,688 --a------ C:\Windows\System32\pywintypes25.dll
2008-09-17 18:16 . 2008-09-17 18:16 <REP> d-------- C:\Program Files\Ihsv
2008-09-16 20:30 . 2008-09-16 20:30 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-09-16 19:59 . 2008-09-16 19:59 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-09-15 20:11 . 2008-09-15 20:11 <REP> d-------- C:\Users\All Users\Trymedia
2008-09-15 20:11 . 2008-09-15 20:11 <REP> d-------- C:\ProgramData\Trymedia
2008-09-15 19:23 . 2008-09-15 19:27 <REP> d-------- C:\Program Files\IZArc
2008-09-15 19:14 . 2008-09-15 19:14 <REP> d-------- C:\Program Files\QuickZip4
2008-09-14 08:56 . 2008-09-14 08:56 <REP> d----c--- C:\Windows\System32\DRVSTORE
2008-09-14 08:56 . 2008-04-17 13:12 107,368 --a------ C:\Windows\System32\GEARAspi.dll
2008-09-14 08:56 . 2008-04-17 13:12 15,464 --a------ C:\Windows\System32\drivers\GEARAspiWDM.sys
2008-09-14 08:55 . 2008-09-14 08:55 <REP> d-------- C:\Program Files\QuickTime
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-14 11:01 786,432 --sha-w C:\Users\Invité\NTUSER.DAT
2008-10-14 11:01 786,432 --sha-w C:\Users\Invité\NTUSER.DAT
2008-10-14 10:46 --------- d-----w C:\Program Files\McAfee
2008-10-14 00:43 --------- d-----w C:\Program Files\AskTBar
2008-10-13 22:30 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-10-13 22:18 --------- d-----w C:\Users\jo!!\AppData\Roaming\OpenOffice.org2
2008-10-12 12:40 --------- d-----w C:\ProgramData\NVIDIA
2008-10-07 22:56 --------- d-----w C:\Users\jo!!\AppData\Roaming\LimeWire
2008-10-06 23:46 --------- d-----w C:\Program Files\Google
2008-10-06 22:54 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-10-03 20:32 --------- d-----w C:\ProgramData\Apple Computer
2008-10-02 17:28 --------- d-----w C:\Program Files\Dell
2008-10-02 17:22 --------- d-----w C:\Program Files\Intel
2008-10-02 17:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-21 14:29 --------- d-----w C:\ProgramData\Roxio
2008-09-17 00:37 --------- d-----w C:\Users\jo!!\AppData\Roaming\ZoomBrowser EX
2008-09-17 00:32 --------- d-----w C:\ProgramData\ZoomBrowser
2008-09-15 22:36 155,995 ----a-w C:\Windows\java\Packages\VDBRPJTR.ZIP
2008-09-15 18:01 --------- d-----w C:\Users\jo!!\AppData\Roaming\Zylom
2008-09-14 12:55 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-14 12:55 --------- d-----w C:\Program Files\Bonjour
2008-09-11 13:08 174 --sha-w C:\Program Files\desktop.ini
2008-09-11 13:02 --------- d-----w C:\Program Files\Windows Sidebar
2008-09-11 13:02 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-09-11 13:02 --------- d-----w C:\Program Files\Windows Mail
2008-09-11 13:02 --------- d-----w C:\Program Files\Windows Journal
2008-09-11 13:02 --------- d-----w C:\Program Files\Windows Defender
2008-09-11 13:02 --------- d-----w C:\Program Files\Windows Collaboration
2008-09-11 13:02 --------- d-----w C:\Program Files\Windows Calendar
2008-09-11 12:38 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-09-11 12:38 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-09-11 12:20 --------- d-----w C:\ProgramData\WLInstaller
2008-09-09 15:05 --------- d-----w C:\Program Files\MP3 Player Utilities 3.81
2008-09-09 14:05 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-09-07 23:18 --------- d-----w C:\ProgramData\Messenger Plus!
2008-09-04 13:31 288,024 ----a-w C:\Windows\System32\PhysXCplUI.exe
2008-09-01 13:25 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-08-29 14:18 87,336 ----a-w C:\Windows\System32\dns-sd.exe
2008-08-29 13:53 61,440 ----a-w C:\Windows\System32\dnssd.dll
2008-08-29 12:57 70,936 ----a-w C:\Windows\System32\PhysXLoader.dll
2008-08-27 15:45 --------- d-----w C:\Users\voyou\AppData\Roaming\LimeWire
2008-08-24 22:18 --------- d-----w C:\Users\voyou\AppData\Roaming\TypingMaster7
2008-08-23 04:35 453,152 ----a-w C:\Windows\System32\nvuninst.exe
2008-08-23 04:35 313,888 ----a-w C:\Windows\System32\nvexpbar.dll
2008-08-22 18:01 --------- d-----w C:\Users\jo!!\AppData\Roaming\TypingMaster7
2008-08-19 05:27 --------- d-----w C:\ProgramData\Cyberlink
2008-08-19 00:58 --------- d-----w C:\Users\voyou\AppData\Roaming\Apple Computer
2008-08-19 00:52 --------- d-----w C:\Users\voyou\AppData\Roaming\CyberLink
2008-08-17 21:35 --------- d-----w C:\Users\jo!!\AppData\Roaming\CyberLink
2008-08-17 19:37 --------- d-----w C:\Program Files\CyberLink
2008-08-17 19:36 130,208 ------r C:\Windows\bwUnin-8.1.1.87-8876480SL.exe
2008-08-17 19:32 --------- d-----w C:\Program Files\Digital Photo Navigator 1.5
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-19 02:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-19 00:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-04-18 23:09 0 ----a-w C:\Users\jo!!\AppData\Roaming\wklnhst.dat
2008-04-18 19:01 74 --sh--r C:\Windows\CT4CET.bin
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "C:\Program Files\AGI\common\agcutils.dll" [2008-10-14 43520]
[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agcutils.AGSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{647B16D8-AD7B-4983-82D7-82A270FC9E6D}]
[HKEY_CLASSES_ROOT\agcutils.AGSearchHook]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-02-13 202544]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-15 68856]
"CollaborationHost"="C:\Windows\system32\p2phost.exe" [2008-01-19 192000]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2008-01-18 17920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-15 1838592]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-13 16384]
"OEM05Mon.exe"="C:\Windows\OEM05Mon.exe" [2007-08-22 36864]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-01-12 488984]
"LVCOMSX"="C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-01-12 244512]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-02-13 202544]
"HiYo"="C:\Program Files\HiYo\bin\HiYo.exe" [2008-05-21 143360]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"EverioService"="C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" [2007-11-01 151552]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-12 405504]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 439512]
"CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 215256]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-09-17 92704]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\Windows\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"DelayShred"="c:\PROGRA~1\mcafee\mshr\ShrCL.EXE" [2007-12-04 111904]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DelayShred"="c:\program files\mcafee\mshr\ShrCL.EXE" [2007-12-04 111904]
C:\Users\jo!!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-08-17 91440]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-06-27 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B6A8B77D-8D31-48CB-8C1E-8D1BCAC7F73C}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{E9AC27B7-75CA-49E1-80B9-D4BD4D7C9095}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{E0C311FD-CBD3-4E69-9EA6-A47812DDEC1C}"= Disabled:UDP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{AEEFF8E2-43C7-42E2-B252-CE1CA06E9EFA}"= Disabled:TCP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{CAA679AB-F42D-40B9-9654-50188D6F8ADC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CD2B606F-5210-41CE-995B-5DD2B923EDF9}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{93942E17-C9AE-4416-8569-9B771C72E4F5}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{29AE368D-745E-4540-9956-8A3571061A08}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{FD4E46A1-878D-45A5-B701-ED9F7431313A}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{838D8710-3089-419E-AD19-1B4D54C98E68}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{936DFFED-8BC1-4437-B0A7-721777B00A31}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{E0B97549-E172-4FA8-A5BA-C7D1F59FA02D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{837A3C28-7D78-4DFE-89DE-F565B28FE532}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{D4C8C49F-458F-4543-94C8-C13CBD6DF401}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{ED3D3DC6-D4EF-4075-A50E-673BCBD872E1}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{73B5EAA8-BA0A-4317-A93A-3336325350D7}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{95958050-0626-41A7-9158-7A116E675AEC}"= C:\Program Files\CyberLink\PowerDirector Express\PDX.EXE:CyberLink PowerDirector Express
"{2F060B54-B7F3-4539-AE62-4EDE3032B54D}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{E2B3F9DA-A5F0-4720-B0DA-41A10367A3CA}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{DFB1731E-6581-4462-B206-715F51D1245D}"= UDP:C:\Program Files\DNA\btdna.exe:DNA (TCP-In)
"{13A029FC-28EC-4E4C-ACC0-0CDB9AB930D2}"= TCP:C:\Program Files\DNA\btdna.exe:DNA (UDP-In)
"{0219C8FF-2938-4093-B7FC-1352057478FB}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{AD05FA75-C2A8-4FE2-B4AF-E212A5CB42D9}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{A2D10D7B-CAEF-4614-99D3-542EF23ADCF9}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{2ECDB708-E243-4923-A887-A56B10C0147A}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{9F39FD17-091E-457D-AFF2-97F4E1002619}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{5DA6C7B0-A3A2-472B-9B74-CB69DD933D8C}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{5D840763-A51C-4512-A267-0DBE0E92357A}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{97365CBF-1539-4134-9635-A9C6C69633F7}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{3DEE8060-A816-4386-9D35-FC19E10B3E9E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{536837CA-2516-465D-B7FC-591639D6043D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{8322900F-F0FE-49F8-AE58-F1745251E30A}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{0AD0E2DD-2461-4C1F-95F0-EEA0175E6661}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 AGWinService;AG Windows Service;C:\Program Files\AGI\common\win32\PythonService.exe [2008-09-18 10240]
R2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2007-02-12 208896]
R2 NMSCore;Intel(R) NMSCore;C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [2007-06-27 317656]
R2 nmsunidr;UniDriver for NMS;C:\Windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 5376]
R2 QualityManager;Intel(R) Quality Manager;C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [2007-06-27 272600]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys [2007-11-20 1034496]
R3 IntelDH;IntelDH Driver;C:\Windows\system32\Drivers\IntelDH.sys [2008-10-02 5632]
R3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM05Vfx.sys [2007-08-22 7424]
R3 OEM05Vid;Creative Camera OEM005 Driver;C:\Windows\system32\DRIVERS\OEM05Vid.sys [2007-08-22 235616]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;C:\Windows\system32\DRIVERS\livecamv.sys [2007-01-15 31616]
S2 0325171223981202mcinstcleanup;McAfee Application Installer Cleanup (0325171223981202);C:\Windows\TEMP\[u]0/u32517~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini [ ]
S3 DHTRACE;Intel(R) DHTrace Controller;C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-06-27 39640]
S3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;C:\Windows\system32\Drivers\OEM05Afx.sys [2007-08-22 141376]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
2008-08-15 C:\Windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2008-09-29 C:\Windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2008-04-18 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-IncrediMail - C:\Program Files\IncrediMail\bin\IncMail.exe
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = www.sympatico.com/
R0 -: HKLM-Main,Window Title =
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - %~$path:i
O16 -: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
C:\Windows\Downloaded Program Files\CONFLICT.1\OSDC5.OSD
C:\Windows\Downloaded Program Files\InstallerControl.dll
C:\Windows\Downloaded Program Files\CONFLICT.1\InstallerControl.dll
O16 -: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
C:\Windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-14 07:06:41
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-10-14 7:08:05
ComboFix-quarantined-files.txt 2008-10-14 11:07:54
Avant-CF: 371 138 822 144 octets libres
Après-CF: 371,286,343,680 octets libres
325 --- E O F --- 2008-10-01 03:37:07
Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.1.1036.18.1872 [GMT -4:00]
Lancé depuis: C:\Users\voyou\Downloads\ComboFix.exe
* Un nouveau point de restauration a été créé
* Resident AV is active
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\voyou\Documents\My Documents.url
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-14 au 2008-10-14 ))))))))))))))))))))))))))))))))))))
.
2008-10-14 07:06 . 2008-10-14 07:06 <REP> d-------- C:\Users\voyou\AppData\Roaming\agi
2008-10-13 21:06 . 2008-10-13 21:06 <REP> d-------- C:\Users\All Users\srvchk
2008-10-13 21:06 . 2008-10-13 21:06 <REP> d-------- C:\ProgramData\srvchk
2008-10-13 20:59 . 2008-10-13 20:59 <REP> d-------- C:\_OTMoveIt
2008-10-13 20:34 . 2008-10-13 20:45 <REP> d-------- C:\ToolBar SD
2008-10-13 20:28 . 2008-10-13 20:28 <REP> d-------- C:\Program Files\Trend Micro
2008-10-13 19:34 . 2008-10-13 19:34 <REP> d-------- C:\Users\voyou\AppData\Roaming\Malwarebytes
2008-10-13 19:34 . 2008-10-13 19:34 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-10-13 19:34 . 2008-10-13 19:34 <REP> d-------- C:\ProgramData\Malwarebytes
2008-10-13 19:34 . 2008-10-13 21:09 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-13 19:34 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-10-13 19:34 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-10-13 19:23 . 2008-10-13 19:23 <REP> d-------- C:\Program Files\Enigma Software Group
2008-10-13 18:23 . 2008-10-13 18:23 <REP> d-------- C:\Users\All Users\ChkSet
2008-10-13 18:23 . 2008-10-13 18:23 <REP> d-------- C:\ProgramData\ChkSet
2008-10-13 16:45 . 2008-10-13 16:45 <REP> d-------- C:\Users\All Users\SetChk
2008-10-13 16:45 . 2008-10-13 16:45 <REP> d-------- C:\ProgramData\SetChk
2008-10-12 20:59 . 2008-10-12 20:59 <REP> d-------- C:\Users\All Users\monmnt
2008-10-12 20:59 . 2008-10-12 20:59 <REP> d-------- C:\ProgramData\monmnt
2008-10-12 20:02 . 2008-10-12 20:02 <REP> d-------- C:\Users\All Users\winset
2008-10-12 20:02 . 2008-10-13 22:41 <REP> d-------- C:\Users\All Users\mlgvqvib
2008-10-12 20:02 . 2008-10-12 20:02 <REP> d-------- C:\Users\All Users\CfgStrHlp
2008-10-12 20:02 . 2008-10-12 20:02 <REP> d-------- C:\ProgramData\winset
2008-10-12 20:02 . 2008-10-13 22:41 <REP> d-------- C:\ProgramData\mlgvqvib
2008-10-12 20:02 . 2008-10-12 20:02 <REP> d-------- C:\ProgramData\CfgStrHlp
2008-10-12 08:37 . 2008-10-12 08:37 <REP> d-------- C:\Windows\System32\AGEIA
2008-10-12 08:37 . 2008-10-12 08:37 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-12 08:37 . 2008-10-12 08:37 <REP> d-------- C:\Program Files\AGEIA Technologies
2008-10-12 08:33 . 2008-10-12 08:33 <REP> d-------- C:\NVIDIA
2008-10-04 18:55 . 2008-10-04 18:55 <REP> d-------- C:\Users\voyou\AppData\Roaming\GTek
2008-10-03 16:32 . 2008-10-03 16:32 <REP> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-03 16:32 . 2008-10-03 16:32 <REP> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-03 16:32 . 2008-10-03 16:32 <REP> d-------- C:\Program Files\iTunes
2008-10-03 16:32 . 2008-10-03 16:32 <REP> d-------- C:\Program Files\iPod
2008-10-02 13:28 . 2008-10-02 13:28 <REP> d-------- C:\Windows\System32\Dell
2008-10-02 13:23 . 2008-10-02 13:23 <REP> d--h----- C:\Users\jo!!\AppData\Roaming\GTek
2008-10-02 13:23 . 2006-11-02 06:23 <REP> dr------- C:\Users\IUSR_NMPR\Videos
2008-10-02 13:23 . 2006-11-02 06:23 <REP> d-------- C:\Users\IUSR_NMPR\Saved Games
2008-10-02 13:23 . 2006-11-02 06:23 <REP> dr------- C:\Users\IUSR_NMPR\Pictures
2008-10-02 13:23 . 2006-11-02 06:23 <REP> dr------- C:\Users\IUSR_NMPR\Music
2008-10-02 13:23 . 2006-11-02 06:23 <REP> dr------- C:\Users\IUSR_NMPR\Links
2008-10-02 13:23 . 2006-11-02 06:23 <REP> dr------- C:\Users\IUSR_NMPR\Downloads
2008-10-02 13:23 . 2008-10-02 13:23 <REP> dr------- C:\Users\IUSR_NMPR\Documents
2008-10-02 13:23 . 2006-11-02 07:18 <REP> d--h----- C:\Users\IUSR_NMPR\AppData
2008-10-02 13:23 . 2008-10-02 13:23 <REP> d--h----- C:\Users\IUSR_NMPR
2008-10-02 13:22 . 2008-10-02 13:22 <REP> d-------- C:\Users\Public\IntelDH
2008-10-02 13:22 . 2008-10-02 13:22 <REP> d-------- C:\Users\All Users\Intel
2008-10-02 13:22 . 2008-10-02 13:36 <REP> d-------- C:\Users\All Users\Gtek
2008-10-02 13:22 . 2008-10-02 13:22 <REP> d-------- C:\ProgramData\Intel
2008-10-02 13:22 . 2008-10-02 13:36 <REP> d-------- C:\ProgramData\Gtek
2008-10-02 13:22 . 2008-10-02 13:22 <REP> d-------- C:\Program Files\Common Files\Intel
2008-10-02 13:18 . 2008-10-02 13:18 <REP> d-------- C:\Windows\Downloaded Installations
2008-10-02 13:18 . 2008-10-02 13:18 5,632 --a------ C:\Windows\System32\drivers\IntelDH.sys
2008-09-30 23:34 . 2008-08-17 06:33 678,408 --a------ C:\Windows\System32\gpprefcl.dll
2008-09-25 20:34 . 2008-09-25 20:34 <REP> d-------- C:\Users\voyou\AppData\Roaming\PeerNetworking
2008-09-25 14:45 . 2008-09-25 14:46 <REP> d-------- C:\Users\voyou\AppData\Roaming\OpenOffice.org2
2008-09-21 13:04 . 2008-09-21 13:04 <REP> d-------- C:\Program Files\DNA
2008-09-18 22:40 . 2008-09-18 22:40 <REP> d-------- C:\Users\jo!!\AppData\Roaming\agi
2008-09-18 22:40 . 2008-09-18 22:40 <REP> d-------- C:\Users\All Users\Kiwee Toolbar
2008-09-18 22:40 . 2008-09-18 22:40 <REP> d-------- C:\Users\All Users\agi
2008-09-18 22:40 . 2008-09-18 22:40 <REP> d-------- C:\ProgramData\Kiwee Toolbar
2008-09-18 22:40 . 2008-09-18 22:40 <REP> d-------- C:\ProgramData\agi
2008-09-18 22:40 . 2008-09-18 22:40 <REP> d-------- C:\Program Files\AGI
2008-09-18 22:40 . 2008-09-18 22:40 2,117,632 --a------ C:\Windows\System32\python25.dll
2008-09-18 22:40 . 2008-09-16 12:26 1,332,197 --a------ C:\Windows\System32\pythondll.zip
2008-09-18 22:40 . 2008-09-18 22:40 339,968 --a------ C:\Windows\System32\pythoncom25.dll
2008-09-18 22:40 . 2008-09-18 22:40 114,688 --a------ C:\Windows\System32\pywintypes25.dll
2008-09-17 18:16 . 2008-09-17 18:16 <REP> d-------- C:\Program Files\Ihsv
2008-09-16 20:30 . 2008-09-16 20:30 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-09-16 19:59 . 2008-09-16 19:59 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-09-15 20:11 . 2008-09-15 20:11 <REP> d-------- C:\Users\All Users\Trymedia
2008-09-15 20:11 . 2008-09-15 20:11 <REP> d-------- C:\ProgramData\Trymedia
2008-09-15 19:23 . 2008-09-15 19:27 <REP> d-------- C:\Program Files\IZArc
2008-09-15 19:14 . 2008-09-15 19:14 <REP> d-------- C:\Program Files\QuickZip4
2008-09-14 08:56 . 2008-09-14 08:56 <REP> d----c--- C:\Windows\System32\DRVSTORE
2008-09-14 08:56 . 2008-04-17 13:12 107,368 --a------ C:\Windows\System32\GEARAspi.dll
2008-09-14 08:56 . 2008-04-17 13:12 15,464 --a------ C:\Windows\System32\drivers\GEARAspiWDM.sys
2008-09-14 08:55 . 2008-09-14 08:55 <REP> d-------- C:\Program Files\QuickTime
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-14 11:01 786,432 --sha-w C:\Users\Invité\NTUSER.DAT
2008-10-14 11:01 786,432 --sha-w C:\Users\Invité\NTUSER.DAT
2008-10-14 10:46 --------- d-----w C:\Program Files\McAfee
2008-10-14 00:43 --------- d-----w C:\Program Files\AskTBar
2008-10-13 22:30 --------- d-----w C:\Program Files\MessengerPlus! 3
2008-10-13 22:18 --------- d-----w C:\Users\jo!!\AppData\Roaming\OpenOffice.org2
2008-10-12 12:40 --------- d-----w C:\ProgramData\NVIDIA
2008-10-07 22:56 --------- d-----w C:\Users\jo!!\AppData\Roaming\LimeWire
2008-10-06 23:46 --------- d-----w C:\Program Files\Google
2008-10-06 22:54 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-10-03 20:32 --------- d-----w C:\ProgramData\Apple Computer
2008-10-02 17:28 --------- d-----w C:\Program Files\Dell
2008-10-02 17:22 --------- d-----w C:\Program Files\Intel
2008-10-02 17:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-21 14:29 --------- d-----w C:\ProgramData\Roxio
2008-09-17 00:37 --------- d-----w C:\Users\jo!!\AppData\Roaming\ZoomBrowser EX
2008-09-17 00:32 --------- d-----w C:\ProgramData\ZoomBrowser
2008-09-15 22:36 155,995 ----a-w C:\Windows\java\Packages\VDBRPJTR.ZIP
2008-09-15 18:01 --------- d-----w C:\Users\jo!!\AppData\Roaming\Zylom
2008-09-14 12:55 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-14 12:55 --------- d-----w C:\Program Files\Bonjour
2008-09-11 13:08 174 --sha-w C:\Program Files\desktop.ini
2008-09-11 13:02 --------- d-----w C:\Program Files\Windows Sidebar
2008-09-11 13:02 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-09-11 13:02 --------- d-----w C:\Program Files\Windows Mail
2008-09-11 13:02 --------- d-----w C:\Program Files\Windows Journal
2008-09-11 13:02 --------- d-----w C:\Program Files\Windows Defender
2008-09-11 13:02 --------- d-----w C:\Program Files\Windows Collaboration
2008-09-11 13:02 --------- d-----w C:\Program Files\Windows Calendar
2008-09-11 12:38 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-09-11 12:38 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-09-11 12:20 --------- d-----w C:\ProgramData\WLInstaller
2008-09-09 15:05 --------- d-----w C:\Program Files\MP3 Player Utilities 3.81
2008-09-09 14:05 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-09-07 23:18 --------- d-----w C:\ProgramData\Messenger Plus!
2008-09-04 13:31 288,024 ----a-w C:\Windows\System32\PhysXCplUI.exe
2008-09-01 13:25 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-08-29 14:18 87,336 ----a-w C:\Windows\System32\dns-sd.exe
2008-08-29 13:53 61,440 ----a-w C:\Windows\System32\dnssd.dll
2008-08-29 12:57 70,936 ----a-w C:\Windows\System32\PhysXLoader.dll
2008-08-27 15:45 --------- d-----w C:\Users\voyou\AppData\Roaming\LimeWire
2008-08-24 22:18 --------- d-----w C:\Users\voyou\AppData\Roaming\TypingMaster7
2008-08-23 04:35 453,152 ----a-w C:\Windows\System32\nvuninst.exe
2008-08-23 04:35 313,888 ----a-w C:\Windows\System32\nvexpbar.dll
2008-08-22 18:01 --------- d-----w C:\Users\jo!!\AppData\Roaming\TypingMaster7
2008-08-19 05:27 --------- d-----w C:\ProgramData\Cyberlink
2008-08-19 00:58 --------- d-----w C:\Users\voyou\AppData\Roaming\Apple Computer
2008-08-19 00:52 --------- d-----w C:\Users\voyou\AppData\Roaming\CyberLink
2008-08-17 21:35 --------- d-----w C:\Users\jo!!\AppData\Roaming\CyberLink
2008-08-17 19:37 --------- d-----w C:\Program Files\CyberLink
2008-08-17 19:36 130,208 ------r C:\Windows\bwUnin-8.1.1.87-8876480SL.exe
2008-08-17 19:32 --------- d-----w C:\Program Files\Digital Photo Navigator 1.5
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-19 02:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-19 00:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-04-18 23:09 0 ----a-w C:\Users\jo!!\AppData\Roaming\wklnhst.dat
2008-04-18 19:01 74 --sh--r C:\Windows\CT4CET.bin
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "C:\Program Files\AGI\common\agcutils.dll" [2008-10-14 43520]
[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agcutils.AGSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{647B16D8-AD7B-4983-82D7-82A270FC9E6D}]
[HKEY_CLASSES_ROOT\agcutils.AGSearchHook]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-02-13 202544]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-15 68856]
"CollaborationHost"="C:\Windows\system32\p2phost.exe" [2008-01-19 192000]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2008-01-18 17920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-15 1838592]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-13 16384]
"OEM05Mon.exe"="C:\Windows\OEM05Mon.exe" [2007-08-22 36864]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-01-12 488984]
"LVCOMSX"="C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-01-12 244512]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-02-13 202544]
"HiYo"="C:\Program Files\HiYo\bin\HiYo.exe" [2008-05-21 143360]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"EverioService"="C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" [2007-11-01 151552]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-12 405504]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 439512]
"CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 215256]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-09-17 92704]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\Windows\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"DelayShred"="c:\PROGRA~1\mcafee\mshr\ShrCL.EXE" [2007-12-04 111904]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DelayShred"="c:\program files\mcafee\mshr\ShrCL.EXE" [2007-12-04 111904]
C:\Users\jo!!\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-08-17 91440]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-06-27 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B6A8B77D-8D31-48CB-8C1E-8D1BCAC7F73C}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{E9AC27B7-75CA-49E1-80B9-D4BD4D7C9095}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{E0C311FD-CBD3-4E69-9EA6-A47812DDEC1C}"= Disabled:UDP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{AEEFF8E2-43C7-42E2-B252-CE1CA06E9EFA}"= Disabled:TCP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{CAA679AB-F42D-40B9-9654-50188D6F8ADC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{CD2B606F-5210-41CE-995B-5DD2B923EDF9}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{93942E17-C9AE-4416-8569-9B771C72E4F5}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{29AE368D-745E-4540-9956-8A3571061A08}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{FD4E46A1-878D-45A5-B701-ED9F7431313A}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{838D8710-3089-419E-AD19-1B4D54C98E68}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{936DFFED-8BC1-4437-B0A7-721777B00A31}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{E0B97549-E172-4FA8-A5BA-C7D1F59FA02D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{837A3C28-7D78-4DFE-89DE-F565B28FE532}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{D4C8C49F-458F-4543-94C8-C13CBD6DF401}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{ED3D3DC6-D4EF-4075-A50E-673BCBD872E1}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{73B5EAA8-BA0A-4317-A93A-3336325350D7}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{95958050-0626-41A7-9158-7A116E675AEC}"= C:\Program Files\CyberLink\PowerDirector Express\PDX.EXE:CyberLink PowerDirector Express
"{2F060B54-B7F3-4539-AE62-4EDE3032B54D}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{E2B3F9DA-A5F0-4720-B0DA-41A10367A3CA}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{DFB1731E-6581-4462-B206-715F51D1245D}"= UDP:C:\Program Files\DNA\btdna.exe:DNA (TCP-In)
"{13A029FC-28EC-4E4C-ACC0-0CDB9AB930D2}"= TCP:C:\Program Files\DNA\btdna.exe:DNA (UDP-In)
"{0219C8FF-2938-4093-B7FC-1352057478FB}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{AD05FA75-C2A8-4FE2-B4AF-E212A5CB42D9}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{A2D10D7B-CAEF-4614-99D3-542EF23ADCF9}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{2ECDB708-E243-4923-A887-A56B10C0147A}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{9F39FD17-091E-457D-AFF2-97F4E1002619}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{5DA6C7B0-A3A2-472B-9B74-CB69DD933D8C}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{5D840763-A51C-4512-A267-0DBE0E92357A}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{97365CBF-1539-4134-9635-A9C6C69633F7}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{3DEE8060-A816-4386-9D35-FC19E10B3E9E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{536837CA-2516-465D-B7FC-591639D6043D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{8322900F-F0FE-49F8-AE58-F1745251E30A}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{0AD0E2DD-2461-4C1F-95F0-EEA0175E6661}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 AGWinService;AG Windows Service;C:\Program Files\AGI\common\win32\PythonService.exe [2008-09-18 10240]
R2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2007-02-12 208896]
R2 NMSCore;Intel(R) NMSCore;C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [2007-06-27 317656]
R2 nmsunidr;UniDriver for NMS;C:\Windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 5376]
R2 QualityManager;Intel(R) Quality Manager;C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [2007-06-27 272600]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys [2007-11-20 1034496]
R3 IntelDH;IntelDH Driver;C:\Windows\system32\Drivers\IntelDH.sys [2008-10-02 5632]
R3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM05Vfx.sys [2007-08-22 7424]
R3 OEM05Vid;Creative Camera OEM005 Driver;C:\Windows\system32\DRIVERS\OEM05Vid.sys [2007-08-22 235616]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;C:\Windows\system32\DRIVERS\livecamv.sys [2007-01-15 31616]
S2 0325171223981202mcinstcleanup;McAfee Application Installer Cleanup (0325171223981202);C:\Windows\TEMP\[u]0/u32517~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini [ ]
S3 DHTRACE;Intel(R) DHTrace Controller;C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-06-27 39640]
S3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;C:\Windows\system32\Drivers\OEM05Afx.sys [2007-08-22 141376]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
2008-08-15 C:\Windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2008-09-29 C:\Windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2008-04-18 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-IncrediMail - C:\Program Files\IncrediMail\bin\IncMail.exe
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = www.sympatico.com/
R0 -: HKLM-Main,Window Title =
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - %~$path:i
O16 -: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
C:\Windows\Downloaded Program Files\CONFLICT.1\OSDC5.OSD
C:\Windows\Downloaded Program Files\InstallerControl.dll
C:\Windows\Downloaded Program Files\CONFLICT.1\InstallerControl.dll
O16 -: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
C:\Windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-14 07:06:41
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-10-14 7:08:05
ComboFix-quarantined-files.txt 2008-10-14 11:07:54
Avant-CF: 371 138 822 144 octets libres
Après-CF: 371,286,343,680 octets libres
325 --- E O F --- 2008-10-01 03:37:07
Télécharge ToolsCleaner sur ton bureau.
-->
http://pc-system.fr/
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Fais un clic droit sur toolcleaner
# Choisi executer en tant qu administrateur
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
-->
http://pc-system.fr/
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Fais un clic droit sur toolcleaner
# Choisi executer en tant qu administrateur
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
ESSAi en mode sans echec :
Comment redémarrer en mode sans echec?
Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
Ps : si F8 ne marche pas utilise la touche F5.
-> Tuto :https://www.malekal.com/demarrer-windows-mode-sans-echec/
Comment redémarrer en mode sans echec?
Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
Ps : si F8 ne marche pas utilise la touche F5.
-> Tuto :https://www.malekal.com/demarrer-windows-mode-sans-echec/
Scan saved at 20:29:02, on 2008-10-13
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\AGI\common\win32\PythonService.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\OEM05Mon.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\HiYo\Bin\HiYo.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\System32\p2phost.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\rundll32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\OEM05Mon.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\HiYo\Bin\HiYo.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\System32\p2phost.exe
C:\Users\voyou\AppData\Local\Temp\video234.cfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\ProgramData\mlgvqvib\glwlojil.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Users\voyou\AppData\Local\Temp\d.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.sympatico.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [OEM05Mon.exe] C:\Windows\OEM05Mon.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [HiYo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [Somefox] C:\Users\voyou\AppData\Local\Temp\video234.cfg.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSFox] C:\Users\voyou\AppData\Local\Temp\video234.cfg.exe
O4 - HKCU\..\Run: [B2iUwvy8Qw] C:\ProgramData\mlgvqvib\glwlojil.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1974245746-928127060-914965439-1000\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (User 'jo!!')
O4 - HKUS\S-1-5-21-1974245746-928127060-914965439-1000\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'jo!!')
O4 - HKUS\S-1-5-21-1974245746-928127060-914965439-1000\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (User 'jo!!')
O4 - HKUS\S-1-5-21-1974245746-928127060-914965439-1000\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup (User 'jo!!')
O4 - HKUS\S-1-5-21-1974245746-928127060-914965439-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\SideBar.exe /autoRun (User 'jo!!')
O4 - HKUS\S-1-5-21-1974245746-928127060-914965439-1000\..\Run: [WeatherEye] C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe (User 'jo!!')
O4 - HKUS\S-1-5-21-1974245746-928127060-914965439-1000\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart (User 'jo!!')
O4 - HKUS\S-1-5-21-1974245746-928127060-914965439-1000\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'jo!!')
O4 - HKUS\S-1-5-21-1974245746-928127060-914965439-1000\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'jo!!')
O4 - HKUS\S-1-5-21-1974245746-928127060-914965439-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\jo!!\AppData\Local\Temp\HSPERF~1.SH! C:\Users\jo!!\AppData\Local\Temp\Low\HSPERF~1.SH! C:\Users\jo!!\AppData\Local\Temp\~DF810C.tmp C:\Users\jo!!\AppData\Local\Temp\~DF778B.tmp C:\Users\jo!!\AppData\Local\Temp\~DF4510.tmp C:\Users\jo!!\AppData\Local\Temp\~DF402C.tmp (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\jo!!\AppData\Local\Temp\HSPERF~1.SH! C:\Users\jo!!\AppData\Local\Temp\Low\HSPERF~1.SH! C:\Users\jo!!\AppData\Local\Temp\~DF810C.tmp C:\Users\jo!!\AppData\Local\Temp\~DF778B.tmp C:\Users\jo!!\AppData\Local\Temp\~DF4510.tmp C:\Users\jo!!\AppData\Local\Temp\~DF402C.tmp (User 'Default user')
O4 - S-1-5-21-1974245746-928127060-914965439-1000 Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'jo!!')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Premier\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:34:30, on 14/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TS2009\scan.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\DOCUME~1\baccar\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Killak - {1F88A6F5-908C-4C28-9A81-829953C5F5C5} - C:\WINDOWS\System32\MSYSAM~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [BroadcomWireless] C:\Program Files\Broadcom\Wireless\Utility\WlanUtil.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [DriverMagicSchedule] "C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" /boot
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe