Sujet Précédent Sujet Suivant

Virus Alert!

Résolu
Micro -  
 Micro -
Bonjour,
Suite à plusieurs consultations de votre forum au sujet du fameux virus ''Virus Alert!'',
je n'ai pu régler mon problème.
Le virus m'a bloqué l'accès au gestionnaire des tâches et au Poste de Travail.
J'ai essayé de formaté mais je ne m'en souvient plus très bien et la nouvelle politique de Dell m'obllige à payer 69$ pour me faire aider. Merci de votre aide qui me sera sans doute très précieuse,

-Cordialement Micro
A voir également:

91 réponses

Précédent
Réponse 41 / 91
Micro
 
ComboFix 08-10-18.03 - Micro 2008-10-18 20:46:07.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.590 [GMT -4:00]
Lancé depuis: C:\Documents and Settings\Micro\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\Micro\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]

FILE ::
C:\WINDOWS\system32\chgpafqn.exe
C:\WINDOWS\system32\iplstz.dll
C:\WINDOWS\system32\ubuhmrmz.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\ahsjcdul
C:\Documents and Settings\All Users\Application Data\ahsjcdul\wtupcfyz.exe
C:\Program Files\DAEMON Tools Toolbar
C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml
C:\SDFix
C:\SDFix\Add_DBFix_RunOnce_key.inf
C:\SDFix\AdminCheck2.txt
C:\SDFix\apps\assosfix.reg
C:\SDFix\apps\Cghtme.exe
C:\SDFix\apps\clb1.txt
C:\SDFix\apps\cliptext.exe
C:\SDFix\apps\CSweg.exe
C:\SDFix\apps\DBFix.inf
C:\SDFix\apps\download.exe
C:\SDFix\apps\dummy.sys
C:\SDFix\apps\Enable_Command_Prompt.inf
C:\SDFix\apps\Enable_Command_Prompt.reg
C:\SDFix\apps\ERDNT.E_E
C:\SDFix\apps\ERDNTDOS.LOC
C:\SDFix\apps\ERDNTWIN.LOC
C:\SDFix\apps\ERUNT.EXE
C:\SDFix\apps\ERUNT.LOC
C:\SDFix\apps\fix.reg
C:\SDFix\apps\FixBeep.reg
C:\SDFix\apps\FixBH.reg
C:\SDFix\apps\FixComponents.reg
C:\SDFix\apps\FIXCU.reg
C:\SDFix\apps\FIXLM.reg
C:\SDFix\apps\FixPath.exe
C:\SDFix\apps\FixRedir.reg
C:\SDFix\apps\FixSchedule.reg
C:\SDFix\apps\FixWebCheck.reg
C:\SDFix\apps\fixXP.reg
C:\SDFix\apps\FixXPsp2.reg
C:\SDFix\apps\grep.exe
C:\SDFix\apps\HaxdFix.reg
C:\SDFix\apps\HPFix.reg
C:\SDFix\apps\HPFix2.reg
C:\SDFix\apps\HPFix3.reg
C:\SDFix\apps\HPFix4.reg
C:\SDFix\apps\HPFix5.reg
C:\SDFix\apps\HPFix6.reg
C:\SDFix\apps\HPFix7.reg
C:\SDFix\apps\HPFix8.reg
C:\SDFix\apps\HPFix9.reg
C:\SDFix\apps\Installed.txt
C:\SDFix\apps\isadmin.exe
C:\SDFix\apps\leg2.txt
C:\SDFix\apps\legacy.txt
C:\SDFix\apps\legacybk.txt
C:\SDFix\apps\locate.com
C:\SDFix\apps\LS.exe
C:\SDFix\apps\MD5File.exe
C:\SDFix\apps\moveex.exe
C:\SDFix\apps\MyGcpvFix.reg
C:\SDFix\apps\MyGkFix2.reg
C:\SDFix\apps\Process.exe
C:\SDFix\apps\procs.exe
C:\SDFix\apps\psservice.exe
C:\SDFix\apps\Rem.txt
C:\SDFix\apps\Rem2.txt
C:\SDFix\apps\Replace\regedit.exe
C:\SDFix\apps\Replace\w2k\AUTOEXEC.NT
C:\SDFix\apps\Replace\w2k\beep.sys
C:\SDFix\apps\Replace\w2k\command.com
C:\SDFix\apps\Replace\w2k\command.PIF
C:\SDFix\apps\Replace\w2k\CONFIG.NT
C:\SDFix\apps\Replace\w2k\null.sys
C:\SDFix\apps\Replace\xp\AUTOEXEC.NT
C:\SDFix\apps\Replace\xp\beep.sys
C:\SDFix\apps\Replace\xp\command.com
C:\SDFix\apps\Replace\xp\command.PIF
C:\SDFix\apps\Replace\xp\CONFIG.NT
C:\SDFix\apps\Replace\xp\null.sys
C:\SDFix\apps\Reset_AppInit_DLLs.reg
C:\SDFix\apps\RestartIt!.exe
C:\SDFix\apps\Restore_SafeBoot_Windows2000.reg
C:\SDFix\apps\Restore_SafeBoot_WindowsXP.reg
C:\SDFix\apps\Restore_SafeBoot_WindowsXP_SP2.reg
C:\SDFix\apps\Restore_SafeBoot_WindowsXP_SP3.reg
C:\SDFix\apps\Restore_SecurityCenter.reg
C:\SDFix\apps\Restore_SharedAccess.reg
C:\SDFix\apps\sc.exe
C:\SDFix\apps\sed.exe
C:\SDFix\apps\SF.exe
C:\SDFix\apps\shutdown.exe
C:\SDFix\apps\srv2.txt
C:\SDFix\apps\srv2bk.txt
C:\SDFix\apps\svc.txt
C:\SDFix\apps\svcbk.txt
C:\SDFix\apps\Swreg.exe
C:\SDFix\apps\swsc.exe
C:\SDFix\apps\UnRAR.exe
C:\SDFix\apps\unzip.exe
C:\SDFix\apps\vfind.exe
C:\SDFix\apps\WINMSG.EXE
C:\SDFix\apps\winsec.reg
C:\SDFix\apps\zip.exe
C:\SDFix\attrib.exe
C:\SDFix\backupreg\AppInit_DLLs.reg
C:\SDFix\backupreg\bat_shell_open.reg
C:\SDFix\backupreg\BHO.reg
C:\SDFix\backupreg\com_shell_open.reg
C:\SDFix\backupreg\ControlPanel_Load.reg
C:\SDFix\backupreg\Drivers32.reg
C:\SDFix\backupreg\exe_shell_open.reg
C:\SDFix\backupreg\HKCU_SOFTWARE_Policy.reg
C:\SDFix\backupreg\HKCU_WINDOWS_Policy.reg
C:\SDFix\backupreg\HKCURun.reg
C:\SDFix\backupreg\HKCURunServices.reg
C:\SDFix\backupreg\HKLM_SOFTWARE_Policy.reg
C:\SDFix\backupreg\HKLM_WINDOWS_Policy.reg
C:\SDFix\backupreg\HKLMRun.reg
C:\SDFix\backupreg\HKLMRunServices.reg
C:\SDFix\backupreg\IEDesktop.reg
C:\SDFix\backupreg\IEMain.reg
C:\SDFix\backupreg\Installed_Components.reg
C:\SDFix\backupreg\pif_shell_open.reg
C:\SDFix\backupreg\reg_shell_open.reg
C:\SDFix\backupreg\SecurityProviders.reg
C:\SDFix\backupreg\SharedTaskScheduler.reg
C:\SDFix\backupreg\ShellServiceObjectDelayLoad.reg
C:\SDFix\backupreg\SubSystems.reg
C:\SDFix\backupreg\txt_shell_open.reg
C:\SDFix\backupreg\Winlogon.reg
C:\SDFix\backupreg\WinlogonNotify.reg
C:\SDFix\backups\2_mslagent.dll
C:\SDFix\backups\a.bat
C:\SDFix\backups\akttzn.exe
C:\SDFix\backups\anticipator.dll
C:\SDFix\backups\awtoolb.dll
C:\SDFix\backups\awtrPhGX.dll
C:\SDFix\backups\base64.tmp
C:\SDFix\backups\bdn.com
C:\SDFix\backups\bsva-egihsg52.exe
C:\SDFix\backups\CpvToolbar38.reg
C:\SDFix\backups\crc.dat
C:\SDFix\backups\dpcproxy.exe
C:\SDFix\backups\egsf.exe
C:\SDFix\backups\emesx.dll
C:\SDFix\backups\fixssodl.reg
C:\SDFix\backups\FVProtect.exe
C:\SDFix\backups\h@tkeysh@@k.dll
C:\SDFix\backups\hoproxy.dll
C:\SDFix\backups\hxiwlgpm.dat
C:\SDFix\backups\hxiwlgpm.exe
C:\SDFix\backups\inetdl.exe
C:\SDFix\backups\intdel.exe
C:\SDFix\backups\iTunesMusic.exe
C:\SDFix\backups\Malware Defender.url
C:\SDFix\backups\medup012.dll
C:\SDFix\backups\medup020.dll
C:\SDFix\backups\msgp.exe
C:\SDFix\backups\mslagent.exe
C:\SDFix\backups\msnbho.dll
C:\SDFix\backups\msrc.exe
C:\SDFix\backups\mssecu.exe
C:\SDFix\backups\msvchost.exe
C:\SDFix\backups\mtr2.exe
C:\SDFix\backups\mwin32.exe
C:\SDFix\backups\netode.exe
C:\SDFix\backups\newsd32.exe
C:\SDFix\backups\Player.exe
C:\SDFix\backups\Protect Your Privacy.url
C:\SDFix\backups\ps1.exe
C:\SDFix\backups\psof1.exe
C:\SDFix\backups\psoft1.exe
C:\SDFix\backups\regc64.dll
C:\SDFix\backups\regm64.dll
C:\SDFix\backups\RepairCpvBHO38.reg
C:\SDFix\backups\RepairVundo.reg
C:\SDFix\backups\Rundl1.exe
C:\SDFix\backups\sft_ver1.1454.0.exe
C:\SDFix\backups\sncntr.exe
C:\SDFix\backups\ssurf022.dll
C:\SDFix\backups\ssvchost.com
C:\SDFix\backups\ssvchost.exe
C:\SDFix\backups\sysreq.exe
C:\SDFix\backups\System Error Fixer.url
C:\SDFix\backups\taack.dat
C:\SDFix\backups\taack.exe
C:\SDFix\backups\temp#01.exe
C:\SDFix\backups\thun.dll
C:\SDFix\backups\thun32.dll
C:\SDFix\backups\uninstall.exe
C:\SDFix\backups\userconfig9x.dll
C:\SDFix\backups\VBIEWER.OCX
C:\SDFix\backups\vbsys2.dll
C:\SDFix\backups\vcatchpi.dll
C:\SDFix\backups\winlogonpc.exe
C:\SDFix\backups\winsystem.exe
C:\SDFix\backups\WINWGPX.EXE
C:\SDFix\backups\zip1.tmp
C:\SDFix\backups\zip2.tmp
C:\SDFix\backups\zip3.tmp
C:\SDFix\backups\zipped.tmp
C:\SDFix\beepFA0.TXT
C:\SDFix\beepFA1.TXT
C:\SDFix\beepFA2.TXT
C:\SDFix\beepFA3.TXT
C:\SDFix\beepFA4.TXT
C:\SDFix\beepxcodec0.TXT
C:\SDFix\beepxcodec1.TXT
C:\SDFix\beepxcodec2.TXT
C:\SDFix\beepxcodec3.TXT
C:\SDFix\beepxcodec4.TXT
C:\SDFix\BITSTEST.TXT
C:\SDFix\bpTEST1.TXT
C:\SDFix\bpTEST3.TXT
C:\SDFix\catchme.exe
C:\SDFix\DBFix.bat
C:\SDFix\delavi0.txt
C:\SDFix\delzip0.txt
C:\SDFix\dest.txt
C:\SDFix\dnif.exe
C:\SDFix\dummy.exe
C:\SDFix\dummy.sys
C:\SDFix\editreg.exe
C:\SDFix\FilekillList1.txt
C:\SDFix\FileList1.txt
C:\SDFix\Find.txt
C:\SDFix\Findav2009.txt
C:\SDFix\Findav2009a.txt
C:\SDFix\Findbhos1.txt
C:\SDFix\Findlat.txt
C:\SDFix\Findroguerun1.txt
C:\SDFix\Findrun002.txt
C:\SDFix\Findrun002a.txt
C:\SDFix\Findrun30.txt
C:\SDFix\Findrun31.txt
C:\SDFix\Findrun31a.txt
C:\SDFix\Findrun32.txt
C:\SDFix\Findrunbifrose1.txt
C:\SDFix\Findrunbot1.txt
C:\SDFix\Findzip.txt
C:\SDFix\HOSTS
C:\SDFix\Patched2a.txt
C:\SDFix\Patched2b.txt
C:\SDFix\Patched2c.txt
C:\SDFix\RemLat2.txt
C:\SDFix\Repaircpv38.reg
C:\SDFix\Repaircpvtoolbar38.reg
C:\SDFix\RepairVundo1.reg
C:\SDFix\Report.txt
C:\SDFix\rtsdnif.exe
C:\SDFix\RunThis.bat
C:\SDFix\SDFIX_ReadMe_Online.url
C:\SDFix\TESTspreadbot1.TXT
C:\SDFix\TESTspreadbot2.TXT
C:\SDFix\TESTspreadbot3.TXT
C:\SDFix\TESTspreadbot4.TXT
C:\SDFix\userinfix.reg
C:\SDFix\W2K_VirusAlert_Repair.inf
C:\SDFix\XP_VirusAlert_Repair.inf
C:\WINDOWS\system32\chgpafqn.exe
C:\WINDOWS\system32\ubuhmrmz.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-19 au 2008-10-19 ))))))))))))))))))))))))))))))))))))
.

2008-10-18 20:01 . 2008-10-18 20:15 <REP> d-------- C:\Program Files\UsbFix
2008-10-18 20:00 . 2008-10-18 20:00 <REP> d-------- C:\Program Files\Avira
2008-10-18 20:00 . 2008-10-18 20:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-10-18 19:05 . 2008-10-18 19:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-10-18 18:30 . 2008-10-18 18:30 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-18 18:30 . 2008-10-18 18:30 <REP> d-------- C:\Documents and Settings\Micro\Application Data\Malwarebytes
2008-10-18 18:30 . 2008-10-18 18:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-18 18:30 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-18 18:30 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-18 15:22 . 2008-10-18 15:22 579,584 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-10-18 15:16 . 2008-10-18 15:16 <REP> d-------- C:\WINDOWS\ERUNT
2008-10-18 15:06 . 2008-10-18 15:06 <REP> d-------- C:\Program Files\Trend Micro
2008-10-18 14:13 . 2008-07-06 14:16 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-10-18 14:13 . 2008-07-06 14:16 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-10-18 14:13 . 2008-07-06 21:26 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-10-18 14:13 . 2008-07-06 14:16 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-10-18 14:13 . 2008-07-06 14:16 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-10-18 14:13 . 2008-07-06 14:16 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-10-18 14:13 . 2008-07-06 14:16 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-10-18 14:13 . 2008-10-18 14:13 <REP> d-------- C:\Documents and Settings\Administrateur
2008-10-18 11:49 . 2008-10-18 11:49 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-10-18 11:44 . 2008-10-18 20:38 <REP> d-------- C:\Documents and Settings\Micro\Application Data\uTorrent
2008-10-14 16:23 . 2008-09-08 06:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-14 16:22 . 2008-08-14 09:23 2,191,232 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-14 16:22 . 2008-08-14 09:23 2,147,328 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-14 16:22 . 2008-08-14 09:23 2,068,096 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-14 16:22 . 2008-08-14 09:23 2,025,984 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-14 16:22 . 2008-09-15 11:26 1,846,528 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-10 19:41 . 2008-10-11 12:33 <REP> d-------- C:\Documents and Settings\Micro\Application Data\skypePM
2008-10-10 19:41 . 2008-10-10 19:41 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-10-10 19:38 . 2008-10-11 12:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-10-09 21:15 . 2008-10-09 21:15 <REP> d-------- C:\Program Files\Sun
2008-10-09 21:15 . 2008-10-09 22:01 <REP> d-------- C:\Documents and Settings\Micro\Application Data\LimeWire
2008-10-09 21:14 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-09 21:11 . 2008-10-09 21:11 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-10-09 16:34 . 2008-10-09 16:34 <REP> d-------- C:\Program Files\Raxco
2008-10-08 20:47 . 2008-10-08 20:47 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-10-08 16:53 . 2008-10-08 17:04 <REP> d-------- C:\Program Files\RegCleaner
2008-10-05 10:54 . 2008-10-05 11:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-10-05 10:46 . 2008-10-05 10:50 <REP> d-------- C:\Program Files\MessengerPlus! 3
2008-10-04 21:13 . 2008-10-04 21:13 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2008-10-04 20:31 . 2008-04-13 22:33 1,689,088 ---h---t- C:\WINDOWS\system32\33120d68.dll
2008-10-04 20:31 . 2008-04-13 22:33 1,689,088 ---h---t- C:\WINDOWS\system32\1890b8f8.dll
2008-10-04 20:31 . 2008-04-13 22:33 82,432 ---h---t- C:\WINDOWS\system32\1630dcdc.dll
2008-10-04 20:31 . 2008-04-13 22:33 82,432 ---h---t- C:\WINDOWS\system32\14bda2fa.dll
2008-10-04 20:30 . 2008-04-13 22:33 1,689,088 ---h---t- C:\WINDOWS\system32\7a4cf68.dll
2008-10-04 20:30 . 2008-04-13 22:33 1,689,088 ---h---t- C:\WINDOWS\system32\194f3f1c.dll
2008-10-04 20:30 . 2008-04-13 22:33 82,432 ---h---t- C:\WINDOWS\system32\276a938f.dll
2008-10-04 20:30 . 2008-04-13 22:33 82,432 ---h---t- C:\WINDOWS\system32\26fcbb93.dll
2008-10-04 18:46 . 2008-04-13 11:45 60,032 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-10-04 18:46 . 2008-04-13 11:45 60,032 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-10-02 16:32 . 2008-10-02 16:42 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-09-29 16:36 . 2008-09-29 16:55 <REP> d-------- C:\Program Files\EA GAMES
2008-09-29 16:36 . 2004-08-18 04:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-09-29 16:32 . 2008-09-29 16:58 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-09-29 16:28 . 2008-09-29 16:28 <REP> d-------- C:\Documents and Settings\Micro\Application Data\DAEMON Tools
2008-09-21 18:42 . 2008-09-21 18:52 394,730,099 --a------ C:\Nexon.rar
2008-09-19 21:12 . 2008-09-19 21:12 <REP> d-------- C:\NVIDIA
2008-09-19 20:49 . 2008-09-19 20:49 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-09-19 19:45 . 2008-10-04 08:46 <REP> d-------- C:\Nexon
2008-09-19 19:45 . 2008-09-19 21:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NexonUS

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-18 22:45 --------- d-----w C:\Program Files\DAEMON Tools Pro
2008-10-18 18:54 2,184 ----a-w C:\WINDOWS\system32\tmp.reg
2008-10-18 15:58 --------- d-----w C:\Documents and Settings\Micro\Application Data\Xfire
2008-10-18 15:35 --------- d-----w C:\Program Files\Fichiers communs\Scanner
2008-10-17 22:52 --------- d-----w C:\Program Files\Diablo II
2008-10-17 22:51 --------- d-----w C:\Documents and Settings\Micro\Application Data\codeblocks
2008-10-17 17:35 --------- d-----w C:\Program Files\Xfire
2008-10-16 00:27 --------- d-----w C:\Program Files\lx_cats
2008-10-11 17:03 --------- d-----w C:\Program Files\Windows Live
2008-10-11 17:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-10-10 12:58 82,944 ----a-w C:\WINDOWS\system32\o4Patch.exe
2008-10-10 12:58 82,944 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
2008-10-10 01:14 --------- d-----w C:\Program Files\Java
2008-10-09 20:33 53,192 ----a-w C:\WINDOWS\system32\drivers\rp_skt32.sys
2008-10-04 02:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-04 02:11 --------- d-----w C:\Program Files\WarRock
2008-10-01 19:51 87,552 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-09-29 20:28 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-09-29 20:28 --------- d-----w C:\Program Files\mm.BOT
2008-09-23 23:14 160,216 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-09-23 23:13 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-09-22 20:30 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-19 00:09 --------- d-----w C:\Program Files\Knight Online
2008-09-19 00:08 --------- d-----w C:\Program Files\Warcraft III
2008-09-19 00:06 --------- d-----w C:\Program Files\StealthBot
2008-09-18 23:57 --------- d-----w C:\Program Files\Cheat Engine
2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-11 21:32 --------- d-----w C:\Program Files\TELUS
2008-09-11 21:32 --------- d-----w C:\Program Files\Fichiers communs\Authentium
2008-09-11 21:32 --------- d-----w C:\Program Files\CA
2008-09-11 21:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Raxco
2008-09-11 21:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\TELUS
2008-09-11 21:30 --------- d-----w C:\Documents and Settings\Micro\Application Data\InstallShield
2008-09-11 21:09 --------- d-----w C:\Documents and Settings\Micro\Application Data\TELUS
2008-09-09 22:38 --------- d-----w C:\Program Files\Common Files
2008-09-09 22:26 --------- d-----w C:\Program Files\Softnyx
2008-09-09 03:38 88,576 ----a-w C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-04 22:28 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-08-26 08:11 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-25 14:45 --------- d-----w C:\Documents and Settings\Micro\Application Data\Sonic
2008-08-25 14:43 --------- d-----w C:\Documents and Settings\Micro\Application Data\Leadertech
2008-08-25 14:35 --------- d-----w C:\Program Files\Roxio
2008-08-25 14:35 --------- d-----w C:\Program Files\Fichiers communs\SureThing Shared
2008-08-25 14:35 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
2008-08-25 14:35 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-08-25 14:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-08-25 14:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-08-18 16:19 82,432 ----a-w C:\WINDOWS\system32\404Fix.exe
2008-08-14 13:23 2,147,328 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:23 2,025,984 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-07 22:07 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- C:\WINDOWS\system32\14bda2fa.dll ----
Company: Microsoft Corporation
File Description: Windows Socket 2.0 32-Bit DLL
File Version: 5.1.2600.5512 (xpsp.080413-0852)
Product Name: Microsoft© Windows© Operating System
Copyright: ¸ Microsoft Corporation. All rights reserved.
Original file name: ws2_32.dll
MD5: fb836f9e62d82904c983ad21296a5d9c

---- C:\WINDOWS\system32\1630dcdc.dll ----
Company: Microsoft Corporation
File Description: Windows Socket 2.0 32-Bit DLL
File Version: 5.1.2600.5512 (xpsp.080413-0852)
Product Name: Microsoft© Windows© Operating System
Copyright: ¸ Microsoft Corporation. All rights reserved.
Original file name: ws2_32.dll
MD5: fb836f9e62d82904c983ad21296a5d9c

---- C:\WINDOWS\system32\1890b8f8.dll ----
Company: Microsoft Corporation
File Description: Microsoft Direct3D
File Version: 5.03.2600.5512 (xpsp.080413-0845)
Product Name: Microsoft© Windows© Operating System
Copyright: ¸ Microsoft Corporation. All rights reserved.
Original file name: D3D9.dll
MD5: 7eaec24b85dd04edaa04a51cb07df870

---- C:\WINDOWS\system32\194f3f1c.dll ----
Company: Microsoft Corporation
File Description: Microsoft Direct3D
File Version: 5.03.2600.5512 (xpsp.080413-0845)
Product Name: Microsoft© Windows© Operating System
Copyright: ¸ Microsoft Corporation. All rights reserved.
Original file name: D3D9.dll
MD5: 7eaec24b85dd04edaa04a51cb07df870

---- C:\WINDOWS\system32\26fcbb93.dll ----
Company: Microsoft Corporation
File Description: Windows Socket 2.0 32-Bit DLL
File Version: 5.1.2600.5512 (xpsp.080413-0852)
Product Name: Microsoft© Windows© Operating System
Copyright: ¸ Microsoft Corporation. All rights reserved.
Original file name: ws2_32.dll
MD5: fb836f9e62d82904c983ad21296a5d9c

---- C:\WINDOWS\system32\276a938f.dll ----
Company: Microsoft Corporation
File Description: Windows Socket 2.0 32-Bit DLL
File Version: 5.1.2600.5512 (xpsp.080413-0852)
Product Name: Microsoft© Windows© Operating System
Copyright: ¸ Microsoft Corporation. All rights reserved.
Original file name: ws2_32.dll
MD5: fb836f9e62d82904c983ad21296a5d9c

---- C:\WINDOWS\system32\33120d68.dll ----
Company: Microsoft Corporation
File Description: Microsoft Direct3D
File Version: 5.03.2600.5512 (xpsp.080413-0845)
Product Name: Microsoft© Windows© Operating System
Copyright: ¸ Microsoft Corporation. All rights reserved.
Original file name: D3D9.dll
MD5: 7eaec24b85dd04edaa04a51cb07df870

---- C:\WINDOWS\system32\7a4cf68.dll ----
Company: Microsoft Corporation
File Description: Microsoft Direct3D
File Version: 5.03.2600.5512 (xpsp.080413-0845)
Product Name: Microsoft© Windows© Operating System
Copyright: ¸ Microsoft Corporation. All rights reserved.
Original file name: D3D9.dll
MD5: 7eaec24b85dd04edaa04a51cb07df870

((((((((((((((((((((((((((((( snapshot@2008-10-18_19.20.05.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-09 17:15:51 45,376 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 22:11:28 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-06-27 19:03:55 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 14:34:22 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-18 68856]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\TELUS\Trousse SecurWeb\IdxClnR.exe" [2008-03-26 61168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxdcamon"="C:\Program Files\Lexmark 1300 Series\lxdcamon.exe" [2007-04-30 20480]
"TQSWA.exe"="C:\Program Files\TELUS\Service Agent\TQSWA.exe" [2008-03-25 2065648]
"Trousse SécurWeb"="C:\Program Files\TELUS\Trousse SecurWeb\Rps.exe" [2008-03-26 318704]
"-FreedomNeedsReboot"="C:\Program Files\TELUS\Trousse SecurWeb\ZkRunOnceR.exe" [2008-03-26 13552]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 7630848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\TELUS\Trousse SecurWeb\IdxClnR.exe" [2008-03-26 61168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360]

C:\Documents and Settings\Micro\Menu D‚marrer\Programmes\D‚marrage\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-10-08 3098448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-13 22:33 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a------ 2005-09-08 05:20 122940 C:\WINDOWS\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 16:50 221184 C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-08-11 09:43 7630848 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-08-11 09:43 1519616 C:\WINDOWS\system32\nwiz.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\lxdccoms.exe"=
"C:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe"=
"C:\\Program Files\\Lexmark 1300 Series\\App4R.exe"=
"C:\\Program Files\\TeamViewer3\\TeamViewer.exe"=
"C:\\wamp\\Apache2\\bin\\httpd.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\Nexon\Combat Arms\CombatArms.exe"= C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"C:\Nexon\Combat Arms\Engine.exe"= C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"C:\\Nexon\\Combat Arms\\NMService.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcpswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcjswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdctime.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Warcraft III
"3306:TCP"= 3306:TCP:3306
"8080:TCP"= 8080:TCP:8080
"8085:TCP"= 8085:TCP:8085
"3724:TCP"= 3724:TCP:3724
"3427:TCP"= 3427:TCP:3427

R2 lxdc_device;lxdc_device;C:\WINDOWS\system32\lxdccoms.exe [2007-05-25 537520]
R2 npkcmsvc;npkcmsvc;C:\Nexon\Mabinogi\npkcmsvc.exe [2007-08-02 80528]
S2 lxdcCATSCustConnectService;lxdcCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe [2007-05-25 99248]
S2 wampapache;wampapache;c:\wamp\apache2\bin\httpd.exe [2007-01-09 20539]
S2 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe [2006-10-22 4493312]
S3 Radialpoint Security Services;Trousse SécurWeb;C:\Program Files\TELUS\Trousse SecurWeb\RpsSecurityAware.exe [2008-03-26 67824]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [ ]
S3 XDva136;XDva136;C:\WINDOWS\system32\XDva136.sys [ ]
.
- - - - ORPHELINS SUPPRIMES - - - -

MSConfigStartUp-SDFix - C:\SDFix\RunThis.bat

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-18 20:50:31
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MySQL]
"ImagePath"="\"C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\TELUS\Trousse SecurWeb\Fws.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\ehome\ehRecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\No-IP\DUC20.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\TELUS\Trousse SecurWeb\rpsupdaterR.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Heure de fin: 2008-10-18 20:54:13 - La machine a redémarré [Micro]
ComboFix-quarantined-files.txt 2008-10-19 00:53:58
ComboFix2.txt 2008-10-18 23:20:42

Avant-CF: 192,795,865,088 octets libres
Après-CF: 192,820,789,248 octets libres

604 --- E O F --- 2008-10-14 22:09:30
0
Réponse 42 / 91
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
- Télécharge Navilog1 (de IL-MAFIOSO) et enregistre-le sur le bureau :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

- Double-clique sur Navilog1.exe afin de lancer l'installation

- Si le fix ne lance pas automatiquement après son installation, double-clique sur Navilog1 présent sur le bureau

- Appuie sur F ou f puis valide par Entrée

- Appuie sur une touche de ton clavier à chaque fois que cela est demandé, tu arriveras au menu des options

- Choisis l'option 1 et appuie sur la touche Entrée pour valider ton choix

- Patiente jusqu'au message : *** Analyse terminée le ..... ***

- Le scan fini, le bloc-notes contenant le rapport sera affiché, poste le contenu de ce rapport dans ta prochaine réponse

- Si le résultat du scan ne s'affiche pas, tu le trouveras dans C:\fixnavi.txt

N'utilise pas l'option 2, 3 et 4 sans notre accord, des fichiers légitimes peuvent être inclus dans ce scan.
0
Réponse 43 / 91
Micro
 
Alors docteur, allez-vous reussir a guerir mes blessures?
0
Réponse 44 / 91
Micro
 
Search Navipromo version 3.6.6 commencé le 2008-10-18 à 21:06:48,00

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Micro"

Mise à jour le 29.09.2008 à 17h30 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***

*** Recherche dossiers dans "C:\WINDOWS" ***

*** Recherche dossiers dans "C:\Program Files" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***

*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\Micro\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\Micro\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\Micro\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\Micro\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

*** Recherche fichiers ***

*** Recherche clés spécifiques dans le Registre ***

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :

* Dans "C:\Documents and Settings\Micro\locals~1\applic~1" :

* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :

3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

*** Analyse terminée le 2008-10-18 à 21:14:31,21 ***
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 91
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Relance MBAM, va dans Quarantaine et supprime tout.

---> Désinstalle Navilog1.

---> Poste un nouveau rapport HijackThis.
0
Réponse 46 / 91
Micro
 
Mbam?
0
Réponse 47 / 91
Micro
 
Oups -_- Rien dit moi!
0
Réponse 48 / 91
Micro
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:27:38, on 2008-10-18
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TELUS\Trousse SecurWeb\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
C:\Program Files\TELUS\Service Agent\TQSWA.exe
C:\Program Files\TELUS\Trousse SecurWeb\Rps.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\No-IP\DUC20.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\TELUS\Trousse SecurWeb\rpsupdaterR.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Nexon\Combat Arms\NMService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
O4 - HKLM\..\Run: [TQSWA.exe] "C:\Program Files\TELUS\Service Agent\TQSWA.exe" /AUTORUN
O4 - HKLM\..\Run: [Trousse SécurWeb] "C:\Program Files\TELUS\Trousse SecurWeb\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\TELUS\Trousse SecurWeb\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\TELUS\Trousse SecurWeb\IdxClnR.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: lxdcCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe
O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Trousse SécurWeb (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\TELUS\Trousse SecurWeb\RpsSecurityAware.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Trousse SécurWeb - Service de mise à jour (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\TELUS\Trousse SecurWeb\rpsupdaterR.exe
O23 - Service: Trousse SécurWeb Coupe-feu (RP_FWS) - TELUS - C:\Program Files\TELUS\Trousse SecurWeb\Fws.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
0
Réponse 49 / 91
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Relance HijackThis et choisis Do a system scan only

---> Coche les cases qui sont devant les lignes suivantes :

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

---> Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.

---> Redémarre ton PC et poste un nouveau rapport HijackThis.
0
Réponse 50 / 91
Micro
 
Encore moi! :D

Voici le raport :
*****************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:39:07, on 2008-10-18
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TELUS\Trousse SecurWeb\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
C:\Program Files\TELUS\Service Agent\TQSWA.exe
C:\Program Files\TELUS\Trousse SecurWeb\Rps.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\No-IP\DUC20.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\TELUS\Trousse SecurWeb\rpsupdaterR.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
O4 - HKLM\..\Run: [TQSWA.exe] "C:\Program Files\TELUS\Service Agent\TQSWA.exe" /AUTORUN
O4 - HKLM\..\Run: [Trousse SécurWeb] "C:\Program Files\TELUS\Trousse SecurWeb\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\TELUS\Trousse SecurWeb\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\TELUS\Trousse SecurWeb\IdxClnR.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\TELUS\Trousse SecurWeb\IdxClnR.exe"
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: lxdcCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe
O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Trousse SécurWeb (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\TELUS\Trousse SecurWeb\RpsSecurityAware.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Trousse SécurWeb - Service de mise à jour (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\TELUS\Trousse SecurWeb\rpsupdaterR.exe
O23 - Service: Trousse SécurWeb Coupe-feu (RP_FWS) - TELUS - C:\Program Files\TELUS\Trousse SecurWeb\Fws.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
0
Réponse 51 / 91
Micro
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:39:07, on 2008-10-18
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TELUS\Trousse SecurWeb\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
C:\Program Files\TELUS\Service Agent\TQSWA.exe
C:\Program Files\TELUS\Trousse SecurWeb\Rps.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\No-IP\DUC20.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\TELUS\Trousse SecurWeb\rpsupdaterR.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
O4 - HKLM\..\Run: [TQSWA.exe] "C:\Program Files\TELUS\Service Agent\TQSWA.exe" /AUTORUN
O4 - HKLM\..\Run: [Trousse SécurWeb] "C:\Program Files\TELUS\Trousse SecurWeb\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\TELUS\Trousse SecurWeb\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\TELUS\Trousse SecurWeb\IdxClnR.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\TELUS\Trousse SecurWeb\IdxClnR.exe"
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: lxdcCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe
O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Trousse SécurWeb (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\TELUS\Trousse SecurWeb\RpsSecurityAware.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Trousse SécurWeb - Service de mise à jour (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\TELUS\Trousse SecurWeb\rpsupdaterR.exe
O23 - Service: Trousse SécurWeb Coupe-feu (RP_FWS) - TELUS - C:\Program Files\TELUS\Trousse SecurWeb\Fws.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
0
Réponse 52 / 91
Micro
 
J'y venais, je vais desinstaller celui de mon FAI.

Comme tu m'as dit, Antivir semble etre un antivirus tres performant, je vais donc l'utiliser.
Non, les problemes se sont regles.
L'ordi est un peu lente mais, je peux vivre avec!

Merci du fin fond du coeur pour tout ton aide! Sans toi, formatage oubligatoire ;)
0
Réponse 53 / 91
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Ce n'est pas encore fini même si c'est pratiquement fini.

"L'ordi est un peu lente mais, je peux vivre avec! "
---> Avec les deux antivirus, c'est sûr.
0
Réponse 54 / 91
Micro
 
Voila, maintenant la trousse secur web a ete "booter" au profit de Antivir.
0
Réponse 55 / 91
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Poste un rapport pour voir.
0
Réponse 56 / 91
Micro
 
Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:00:31, on 2008-10-18
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
C:\Program Files\TELUS\Service Agent\TQSWA.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\No-IP\DUC20.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Nexon\Combat Arms\NMService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
O4 - HKLM\..\Run: [TQSWA.exe] "C:\Program Files\TELUS\Service Agent\TQSWA.exe" /AUTORUN
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: lxdcCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe
O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
0
Réponse 57 / 91
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Télécharge CCleaner (N'installe pas la Yahoo Toolbar) :
https://www.ccleaner.com/ccleaner/download

---> Lance-le. Va dans "Options" puis "Avancé", tu décoches la case "Effacer uniquement les fichiers etc...". Tu vas dans "Nettoyeur", tu fais "Analyse". Une fois terminé, tu lances le nettoyage. Puis tu vas dans "Registre", tu fais "Chercher des erreurs". Une fois terminé, tu répares toutes les erreurs sans sauvegarder la base de registre.

---> Poste un nouveau rapport HijackThis.
0
Réponse 58 / 91
Micro
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:09:18, on 2008-10-18
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
C:\Program Files\TELUS\Service Agent\TQSWA.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\No-IP\DUC20.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Nexon\Combat Arms\NMService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
O4 - HKLM\..\Run: [TQSWA.exe] "C:\Program Files\TELUS\Service Agent\TQSWA.exe" /AUTORUN
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: lxdcCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe
O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
0
Réponse 59 / 91
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Il y a encore une ligne qui parle de ton antivirus :

O4 - HKLM\..\Run: [TQSWA.exe] "C:\Program Files\TELUS\Service Agent\TQSWA.exe" /AUTORUN
0
Réponse 60 / 91
Micro
 
Et que dois-je faire?
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
HP Battery ALERT
Gershia -
Gershia -

2 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
ALERT en php
snoopy -
appkech -

14 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses