Puis ce matin mon ordi redemarre automatiquem

-----------\\ ToolBar S&D 1.2.4 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.80GHz )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : GRARDEL ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081108-0] 4.8.1229 (Activated)
C:\ (Local Disk) - NTFS - Total:29 Go (Free:6 Go)
D:\ (Local Disk) - NTFS - Total:202 Go (Free:69 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

"C:\ToolBar SD" ( MAJ : 27-10-2008|09:25 )
Option : [1] ( 09/11/2008|12:25 )

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(Program Files) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(Program Files) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(Program Files) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(Program Files) - {37E4D8EA-8BDA-4831-8EA1-89053939A250} => pdfdownload


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Url"="http://www.microsoft.com/athome/community/rss.xml"
"Url"="http://rss.msn.com/en-us/?feedoutput=rss&ocid=iehrs&unsub=true"
"Url"="http://www.microsoft.com/atwork/community/rss.xml"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://fr.yahoo.com/"
"SearchAssistant"="http://www.crawler.com/search/ie.aspx?tb_id=60076"
"CustomizeSearch"="http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076"


--------------------\\ Recherche d'autres infections


D:\DOCUME~1\GRARDE~1.SN1\LOCALS~1\APPLIC~1\frxfzdwl.dat.bd.ren
D:\DOCUME~1\GRARDE~1.SN1\LOCALS~1\APPLIC~1\frxfzdwl_nav.dat.bd.ren
D:\DOCUME~1\GRARDE~1.SN1\LOCALS~1\APPLIC~1\frxfzdwl_navps.dat.bd.ren
[b]==> EGDACCESS <==/b

--------------------\\ Cracks & Keygens ..

D:\DOCUME~1\GRARDE~1.SN1\Bureau\RESTAURATION\LOGICIEL\Nero6.3.0.0 + Vision Express 2.2 + KeyGen + DVD-PlugIn.zip
D:\DOCUME~1\GRARDE~1.SN1\Bureau\RESTAURATION\LOGICIEL\nero6\NERO6\keygen.exe
D:\DOCUME~1\GRARDE~1.SN1\Mes documents\Crack for Le Petit Larousse Dictionnaire multimedia 2007.txt



1 - "C:\ToolBar SD\TB_1.txt" - 09/11/2008|12:27 - Option : [1]

-----------\\ Fin du rapport a 12:27:28,51

le lien ne fonctionne pas
impossible d'ouvrir la page

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:57, on 09/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Free\a2service.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\system32\UAService7.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\APPS\Powercinema\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\APPS\SMP\SmpSys.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\program files\orange\media player\Media Player.exe
C:\Program Files\Larousse\Petit Larousse 2009\bin\Hyperappel.exe
C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO Barre de Confiance - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O2 - BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: Barre de confiance - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [MediaDICO9Il] C:\Program Files\Micro Application\9 Dictionnaires Illustrés\LanceMediaDICO9Il.exe Lancement
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Packard Bell Software Suite] C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe /run
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [OrangePlayer] c:\program files\orange\media player\Media Player.exe /systray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [OrangePlayer] c:\program files\orange\media player\Media Player.exe /systray (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NeroScoutOptions.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NeroScoutOptions.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Hyperappel du Petit Larousse 2009.lnk = C:\Program Files\Larousse\Petit Larousse 2009\bin\Hyperappel.exe
O4 - Global Startup: OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega.DMFacade.Interface) - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.orderingmemory.com/controls/cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9117AA14-86C5-470E-8D38-60BFAF784434}: NameServer = 81.253.149.1 80.10.246.3
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

Search Navipromo version 3.6.9 commencé le 09/11/2008 à 14:43:11,32

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "GRARDEL"

Mise à jour le 05.11.2008 à 21h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "D:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Recherche dossiers dans "D:\Documents and Settings\All Users\menudm~1" ***


*** Recherche dossiers dans "d:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "D:\Documents and Settings\GRARDEL.SN117655920314\applic~1" ***


*** Recherche dossiers dans "D:\Documents and Settings\GRARDEL.SN117655920314\locals~1\applic~1" ***


*** Recherche dossiers dans "D:\Documents and Settings\GRARDEL.SN117655920314\menudm~1\progra~1" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "D:\Documents and Settings\GRARDEL.SN117655920314\locals~1\applic~1" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "D:\Documents and Settings\GRARDEL.SN117655920314\locals~1\applic~1" :

frxfzdwl.dat.bd.ren trouvé !
frxfzdwl_nav.dat.bd.ren trouvé !
frxfzdwl_navps.dat.bd.ren trouvé !

3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 09/11/2008 à 14:47:11,87 ***

deja merci pour la recherhche que vous avez faite, j'ai toujours le redemarrage automatique de l'ordi

je vous donne ceci pour info

a bientot de vous lire

salutations

bonsoir!!!

pas grave je me suis douté que vous aviez des obligations autre que de depanner.

je vous joint mon rapport de la derniere manipulation, si il y a d'autre operation a effectué cela peut attendre demain.

encore mille fois merci de m'avoir accordé de votre temps a gérer mon probleme

bonne soirée

a bientot de vous lire

Clean Navipromo version 3.6.9 commencé le 09/11/2008 à 22:23:24,53

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "GRARDEL"

Mise à jour le 05.11.2008 à 21h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS

Mode suppression automatique
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur


*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *


* Suppression dans "D:\Documents and Settings\GRARDEL.SN117655920314\locals~1\applic~1" *



*** Suppression dossiers dans "C:\WINDOWS" ***


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "D:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Suppression dossiers dans "D:\Documents and Settings\All Users\menudm~1" ***


*** Suppression dossiers dans "d:\docume~1\alluse~1\applic~1" ***


*** Suppression dossiers dans "D:\Documents and Settings\GRARDEL.SN117655920314\applic~1" ***


*** Suppression dossiers dans "D:\Documents and Settings\GRARDEL.SN117655920314\locals~1\applic~1" ***


*** Suppression dossiers dans "D:\Documents and Settings\GRARDEL.SN117655920314\menudm~1\progra~1" ***



*** Suppression fichiers ***


*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu D:\Documents and Settings\GRARDEL.SN117655920314\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS\system32" *


* Dans "D:\Documents and Settings\GRARDEL.SN117655920314\locals~1\applic~1" *


frxfzdwl.dat.bd.ren trouvé !
Copie frxfzdwl.dat.bd.ren réalisée avec succès !
frxfzdwl.dat.bd.ren supprimé !

frxfzdwl_nav.dat.bd.ren trouvé !
Copie frxfzdwl_nav.dat.bd.ren réalisée avec succès !
frxfzdwl_nav.dat.bd.ren supprimé !

frxfzdwl_navps.dat.bd.ren trouvé !
Copie frxfzdwl_navps.dat.bd.ren réalisée avec succès !
frxfzdwl_navps.dat.bd.ren supprimé !


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup absent !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Nettoyage terminé le 09/11/2008 à 22:29:40,01 ***

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:53:16, on 09/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\system32\UAService7.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\APPS\Powercinema\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\APPS\SMP\SmpSys.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\program files\orange\media player\Media Player.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\Larousse\Petit Larousse 2009\bin\Hyperappel.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO Barre de Confiance - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O2 - BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: Barre de confiance - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [MediaDICO9Il] C:\Program Files\Micro Application\9 Dictionnaires Illustrés\LanceMediaDICO9Il.exe Lancement
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Packard Bell Software Suite] C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe /run
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [OrangePlayer] c:\program files\orange\media player\Media Player.exe /systray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [OrangePlayer] c:\program files\orange\media player\Media Player.exe /systray (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NeroScoutOptions.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NeroScoutOptions.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Hyperappel du Petit Larousse 2009.lnk = C:\Program Files\Larousse\Petit Larousse 2009\bin\Hyperappel.exe
O4 - Global Startup: OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega.DMFacade.Interface) - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.orderingmemory.com/controls/cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9117AA14-86C5-470E-8D38-60BFAF784434}: NameServer = 80.10.246.1 81.253.149.2
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

bonjour

j'ai effectuer le controle la casse est Décoché "Redémarrer automatiquement" dans propriete systeme avancé

hier matin j'ai supprimé les fichiers en quarantaines dans avast cela en est il la causse ?

j'ai regardé comme vous ne l'avez dit, la casse redemmarrage et decoché. mon ordi redemarre toujours a chaque fois que je veux l'etiendre.

j'ai deja fait car jamais ce logiciel, j'ai fait pas plus tard que ce matin en mode sans echec. il n'a rien trouvé!!!
je suis comme vous je suis accourt de solution.
je suis presque sur que ce redemarrage est du a une infection.
mais ou est le probleme ? mystere

j'ai effectué l'analyse avec combofix .
au lancement de combofix j'ai un message me disant "combofix a detecté la presence d'une activité de rootkit et a besoin de redemarrer la machine"
ci dessous le rapport

ComboFix 08-11-09.04 - GRARDEL 2008-11-10 19:56:35.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.531 [GMT 1:00]
* Un nouveau point de restauration a été créé
.
[color=purple]Les fichiers ci-dessous ont été désactivés pendant l'exécution:[/color]
c:\windows\TEMP\logishrd\LVPrcInj01.dll


(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\setup.inf
c:\windows\TEMP\logishrd\LVPrcInj01.dll
d:\documents and settings\GRARDEL.SN117655920314.006\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . impossible à supprimer

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-10 au 2008-11-10 ))))))))))))))))))))))))))))))))))))
.

2008-11-10 14:40 . 2008-11-10 14:47 <REP> d---s---- d:\documents and settings\NetworkService.AUTORITE NT.013
2008-11-10 14:40 . 2008-11-10 14:47 <REP> d---s---- d:\documents and settings\LocalService.AUTORITE NT.013
2008-11-10 14:40 . 2008-11-10 14:47 <REP> d-------- d:\documents and settings\GRARDEL.SN117655920314.006\Modèles
2008-11-10 14:40 . 2008-11-10 14:47 <REP> d-------- d:\documents and settings\GRARDEL.SN117655920314.006\Mes documents
2008-11-10 14:40 . 2008-11-10 14:47 <REP> d-------- d:\documents and settings\GRARDEL.SN117655920314.006\Favoris
2008-11-10 14:40 . 2007-02-20 05:58 <REP> d-------- d:\documents and settings\GRARDEL.SN117655920314.006\Application Data\Symantec
2008-11-10 14:40 . 2008-11-10 14:47 <REP> d---s---- d:\documents and settings\GRARDEL.SN117655920314.006
2008-11-09 12:24 . 2008-11-10 14:47 <REP> d-------- C:\ToolBar SD
2008-11-05 19:50 . 2008-11-05 19:50 <REP> d-------- c:\program files\PixiePack Codec Pack
2008-11-05 19:46 . 2008-11-05 19:50 <REP> d-------- d:\documents and settings\All Users\Application Data\RapidSolution
2008-11-05 19:46 . 2008-11-05 19:46 <REP> d-------- c:\program files\RapidSolution
2008-11-05 19:29 . 2008-11-05 19:30 <REP> d-------- c:\program files\Satsuki Decoder Pack
2008-11-01 00:06 . 2008-11-01 00:06 <REP> d-------- c:\program files\LimeWire
2008-10-31 22:09 . 2008-10-31 22:42 <REP> d-------- d:\documents and settings\GRARDEL.SN117655920314\Application Data\Media Player
2008-10-31 22:09 . 2008-10-31 22:09 <REP> d-------- c:\program files\Orange
2008-10-28 22:20 . 2008-10-28 22:20 <REP> d-------- C:\DECCHECK
2008-10-28 22:02 . 2008-10-28 22:02 <REP> d-------- c:\windows\system32\VirginMega
2008-10-28 22:02 . 2008-10-28 22:02 <REP> d-------- c:\program files\VirginMega
2008-10-28 21:15 . 2008-10-28 21:15 146 --a------ c:\windows\DelMR.bat
2008-10-26 21:36 . 2008-10-26 21:36 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2008-10-26 21:36 . 2008-10-26 21:36 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2008-10-26 18:05 . 2006-11-13 14:45 1,419,232 --a------ c:\windows\system32\wdfcoinstaller01005.dll
2008-10-26 18:05 . 2007-10-10 16:41 42,112 --a------ c:\windows\system32\drivers\motodrv.sys
2008-10-26 18:05 . 2007-06-18 14:18 23,680 --a------ c:\windows\system32\drivers\motmodem.sys
2008-10-26 18:05 . 2008-08-21 17:49 18,688 --a------ c:\windows\system32\drivers\motccgp.sys
2008-10-26 18:05 . 2008-08-21 17:49 8,320 --a------ c:\windows\system32\drivers\motccgpfl.sys
2008-10-26 18:05 . 2007-11-02 14:51 6,400 --a------ c:\windows\system32\drivers\motswch.sys
2008-10-25 21:31 . 2008-10-25 21:31 0 --a------ c:\windows\mngui.INI
2008-10-25 21:21 . 2008-10-25 21:25 <REP> d-------- d:\documents and settings\GRARDEL.SN117655920314\Application Data\Teleca
2008-10-25 21:21 . 2008-10-25 21:21 <REP> d-------- d:\documents and settings\GRARDEL.SN117655920314\Application Data\Motorola
2008-10-25 21:20 . 2008-10-28 21:15 <REP> d-------- c:\program files\Fichiers communs\Teleca Shared
2008-10-23 18:47 . 2008-10-15 17:35 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2008-10-22 18:40 . 2008-10-22 18:40 <REP> d-------- d:\documents and settings\All Users\Application Data\NortonInstaller
2008-10-21 21:00 . 2008-10-21 21:00 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-10-21 21:00 . 2008-10-21 21:00 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-10-21 20:19 . 2008-10-28 21:04 <REP> d-------- c:\program files\Fichiers communs\Motorola Shared
2008-10-21 20:14 . 2008-10-28 21:16 <REP> d-------- c:\program files\Motorola
2008-10-15 15:19 . 2008-10-15 15:19 43,552 --a------ c:\windows\system32\drivers\tbhsd.sys
2008-10-15 06:11 . 2008-09-08 11:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
2008-10-15 06:10 . 2008-08-14 14:23 2,191,232 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 06:10 . 2008-08-14 14:23 2,147,328 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 06:10 . 2008-08-14 14:23 2,068,096 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 06:10 . 2008-08-14 14:23 2,025,984 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-15 06:10 . 2008-09-15 16:26 1,846,528 --------- c:\windows\system32\dllcache\win32k.sys
2008-10-14 20:36 . 2008-10-14 20:36 1 ---hs---- C:\MSDOS.INF
2008-10-12 21:31 . 2008-10-28 21:05 <REP> d-------- d:\documents and settings\GRARDEL.SN117655920314\Application Data\ESTsoft
2008-10-12 21:31 . 2008-10-12 21:42 <REP> d-------- c:\program files\ESTsoft

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-10 19:02 --------- d-----w c:\program files\Wanadoo
2008-11-10 13:47 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-10 13:47 --------- d-----w c:\program files\Navilog1
2008-11-09 22:06 --------- d-----w d:\documents and settings\GRARDEL.SN117655920314\Application Data\LimeWire
2008-11-09 21:37 --------- d-----w d:\documents and settings\All Users\Application Data\Google Updater
2008-11-08 20:22 2,864 ----a-w c:\windows\system32\winsock.dll
2008-11-08 20:22 2,864 ----a-w c:\windows\system32\dllcache\winsock.dll
2008-11-05 05:14 --------- d-----w d:\documents and settings\GRARDEL.SN117655920314\Application Data\uTorrent
2008-10-28 20:15 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-23 19:07 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-10-22 14:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 14:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-20 17:22 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-19 16:13 --------- d-----w d:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-18 14:54 --------- d-----w c:\program files\a-squared Free
2008-10-11 15:18 --------- d---a-w d:\documents and settings\All Users\Application Data\TEMP
2008-10-09 16:36 --------- d-----w c:\program files\Yahoo!
2008-10-03 17:12 6,066,176 ----a-w c:\windows\system32\dllcache\ieframe.dll
2008-10-01 20:01 339,968 ----a-w c:\windows\system32\pythoncom25.dll
2008-10-01 20:01 2,117,632 ----a-w c:\windows\system32\python25.dll
2008-10-01 20:01 114,688 ----a-w c:\windows\system32\pywintypes25.dll
2008-10-01 20:01 --------- d-----w c:\program files\AGI
2008-09-28 16:39 44,944 ------w c:\windows\system32\drivers\pxhelp20.sys
2008-09-28 16:18 --------- d-----w c:\program files\Picasa2
2008-09-28 15:48 --------- d-----w c:\program files\Larousse
2008-09-28 10:06 --------- d-----w c:\program files\Fichiers communs\xing shared
2008-09-28 10:06 --------- d-----w c:\program files\Fichiers communs\Real
2008-09-20 19:40 --------- d-----w c:\program files\Fichiers communs\Logishrd
2008-09-19 19:25 --------- d-----w c:\program files\Fichiers communs\Logitech
2008-09-19 19:24 --------- d-----w d:\documents and settings\All Users\Application Data\Logishrd
2008-09-19 19:24 --------- d-----w c:\program files\Logitech
2008-09-17 21:08 --------- d-----w c:\program files\Fichiers communs\Ahead
2008-09-16 16:26 1,332,197 ----a-w c:\windows\system32\pythondll.zip
2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
2008-08-27 09:11 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-08-25 08:39 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-08-25 08:38 13,824 ----a-w c:\windows\system32\dllcache\ieudinit.exe
2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-08-14 13:23 2,147,328 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 13:23 2,025,984 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-08-14 10:04 138,496 ------w c:\windows\system32\dllcache\afd.sys
2007-01-06 23:18 92,064 ----a-w d:\documents and settings\GRARDEL\mqdmmdm.sys
2007-01-06 23:18 9,232 ----a-w d:\documents and settings\GRARDEL\mqdmmdfl.sys
2007-01-06 23:18 79,328 ----a-w d:\documents and settings\GRARDEL\mqdmserd.sys
2007-01-06 23:18 66,656 ----a-w d:\documents and settings\GRARDEL\mqdmbus.sys
2007-01-06 23:18 6,208 ----a-w d:\documents and settings\GRARDEL\mqdmcmnt.sys
2007-01-06 23:18 5,936 ----a-w d:\documents and settings\GRARDEL\mqdmwhnt.sys
2007-01-06 23:18 4,048 ----a-w d:\documents and settings\GRARDEL\mqdmcr.sys
2007-01-06 23:18 25,600 ----a-w d:\documents and settings\GRARDEL\usbsermptxp.sys
2007-01-06 23:18 22,768 ----a-w d:\documents and settings\GRARDEL\usbsermpt.sys
2008-05-06 21:05 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008050620080507\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-10-18_21.47.48,78 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-31 21:10:25 5,632 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\Accessibility\1.0.5000.0__b03f5f7f11d50a3a_f81e568f\Accessibility.dll
+ 2008-10-31 21:09:47 77,824 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\AxInterop.SHDocVw\1.1.0.0___7c4f7c07\AxInterop.SHDocVw.dll
+ 2008-10-31 21:09:47 106,496 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\AxInterop.WMPLib\1.0.0.0___b5e78c05\AxInterop.WMPLib.dll
+ 2008-10-31 21:09:48 5,632 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\Chorus.Detector\1.0.2095.29886___f402768a\Chorus.Detector.dll
+ 2008-10-31 21:10:26 24,576 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a_7cc3bbbd\cscompmgd.dll
+ 2008-10-31 21:09:49 573,440 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\DevExpress.Data3\3.0.4.0__79868b8147b5eae4_a7a4a761\DevExpress.Data3.dll
+ 2008-10-31 21:09:52 1,482,752 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\DevExpress.Utils3\3.0.4.0__79868b8147b5eae4_6e1216ee\DevExpress.Utils3.dll
+ 2008-10-31 21:09:57 1,847,296 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\DevExpress.XtraBars3\3.5.4.0__79868b8147b5eae4_68491ab2\DevExpress.XtraBars3.dll
+ 2008-10-31 21:10:00 1,851,392 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\DevExpress.XtraEditors3\3.0.4.0__79868b8147b5eae4_fa3c8a62\DevExpress.XtraEditors3.dll
+ 2008-10-31 21:10:08 1,904,640 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\DevExpress.XtraGrid3\3.0.4.0__79868b8147b5eae4_bfb7d68e\DevExpress.XtraGrid3.dll
+ 2008-10-31 21:10:25 352,256 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\hpCDE.NET.1.1\2.0.4.20411__f782a9d43fe44c78_888f32e8\hpCDE.NET.1.1.dll
+ 2008-10-31 21:10:27 16,384 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a_5b6cdaae\IEExecRemote.dll
+ 2008-10-31 21:10:27 40,960 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\IEHost\1.0.5000.0__b03f5f7f11d50a3a_c9fadf68\IEHost.dll
+ 2008-10-31 21:10:27 5,632 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\IIEHost\1.0.5000.0__b03f5f7f11d50a3a_9257e9c0\IIEHost.dll
+ 2008-10-31 21:10:09 20,480 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\Interop.ChorusWav2Mp3\1.0.0.0___c1084f55\Interop.ChorusWav2Mp3.dll
+ 2008-10-31 21:10:09 20,480 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\Interop.ChorusWav2Wma\1.0.0.0___49572aab\Interop.ChorusWav2Wma.dll
+ 2008-10-31 21:10:09 28,672 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\Interop.CMMSLib\1.0.0.0___0656ba6c\Interop.CMMSLib.dll
+ 2008-10-31 21:10:09 9,728 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\Interop.DrmBurning\1.0.0.0___3d078a84\Interop.DrmBurning.dll
+ 2008-10-31 21:10:10 16,896 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\Interop.DrmContentManager\1.0.0.0___76d70163\Interop.DrmContentManager.dll
+ 2008-10-31 21:10:10 6,656 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\Interop.IntelDHLib\1.0.0.0___86493e81\Interop.IntelDHLib.dll
+ 2008-10-31 21:10:10 6,144 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\Interop.MSNETOBJLib\1.0.0.0___39eb6f58\Interop.MSNETOBJLib.dll
+ 2008-10-31 21:10:10 221,184 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\Interop.SHDocVw\1.1.0.0___cb16270d\Interop.SHDocVw.dll
+ 2008-10-31 21:10:11 487,424 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\Interop.WMPLib\1.0.0.0___511ceebd\Interop.WMPLib.dll
+ 2008-10-31 21:10:11 32,768 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\Interop.WpdManagement\1.0.0.0___a0540ea4\Interop.WpdManagement.dll
+ 2008-10-31 21:10:28 139,264 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a_bcbd80e8\ISymWrapper.dll
+ 2008-10-31 21:10:25 16,384 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\Media Player\3.6.1.6___fedb6d10\Media Player.exe
+ 2008-10-31 21:10:31 1,441,792 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a_126ae436\Microsoft.JScript.dll
+ 2008-10-31 21:10:24 10,584,064 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a_86fd9b41\Microsoft.mshtml.dll
+ 2008-10-31 21:10:32 24,576 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a_0465081b\Microsoft.VisualBasic.Vsa.dll
+ 2008-10-31 21:10:32 475,136 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a_391febd9\Microsoft.VisualBasic.dll
+ 2008-10-31 21:10:33 7,680 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a_02a1ea1d\Microsoft.VisualC.dll
+ 2008-10-31 21:10:34 24,576 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a_80e76c46\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-10-31 21:10:34 32,768 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a_a5ef5121\Microsoft.Vsa.dll
+ 2008-10-31 21:10:35 8,704 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a_2f6d84f1\Microsoft_VsaVb.dll
+ 2008-10-31 21:10:38 1,019,904 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a_107d613d\mscorcfg.dll
+ 2008-10-31 21:10:24 45,056 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\MsHtmHstInterop\[u]0[/u].0.0.0___80767486\MsHtmHstInterop.dll
+ 2008-10-31 21:10:39 36,864 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\Regcode\1.0.5000.0__b03f5f7f11d50a3a_023c7324\Regcode.dll
+ 2008-10-31 21:10:41 73,728 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a_35aa5ce0\System.Configuration.Install.dll
+ 2008-10-31 21:10:50 454,656 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089_4583402f\System.Data.OracleClient.dll
+ 2008-10-31 21:10:48 2,072,576 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Data\1.0.5000.0__b77a5c561934e089_cd2431c3\System.Data.dll
+ 2008-10-31 21:10:51 122,880 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a_62803e42\System.DirectoryServices.dll
+ 2008-10-31 21:10:54 368,640 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a_475558e3\System.EnterpriseServices.dll
+ 2008-10-31 21:10:54 86,016 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a_475558e3\System.EnterpriseServices.Thunk.dll
+ 2008-10-31 21:10:56 655,360 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Management\1.0.5000.0__b03f5f7f11d50a3a_d8efba59\System.Management.dll
+ 2008-10-31 21:10:58 274,432 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a_b5cc6168\System.Messaging.dll
+ 2008-10-31 21:11:00 544,768 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089_3166e2a4\System.Runtime.Remoting.dll
+ 2008-10-31 21:11:01 196,608 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a_c7679311\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-10-31 21:11:02 131,072 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Security\1.0.5000.0__b03f5f7f11d50a3a_bd481ed3\System.Security.dll
+ 2008-10-31 21:11:03 102,400 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a_b5d200cf\System.ServiceProcess.dll
+ 2008-10-31 21:11:13 1,171,456 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a_f84905fe\System.Web.Mobile.dll
+ 2008-10-31 21:11:14 90,112 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a_c7cb6802\System.Web.RegularExpressions.dll
+ 2008-10-31 21:11:16 843,776 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a_145787fc\System.Web.Services.dll
+ 2008-10-31 21:11:09 1,912,832 ----a-w c:\windows\assembly\NativeImages1_v1.1.4322\System.Web\1.0.5000.0__b03f5f7f11d50a3a_a778ff19\System.Web.dll
- 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2008-11-05 18:49:52 3,638 ----a-r c:\windows\Installer\{038B6EA2-D182-4982-82E8-4E5A571818E7}\install.exe
+ 2008-11-05 18:49:52 10,134 ----a-r c:\windows\Installer\{038B6EA2-D182-4982-82E8-4E5A571818E7}\SystemFolder_msiexec.exe
+ 2008-11-05 18:49:52 3,638 ----a-r c:\windows\Installer\{038B6EA2-D182-4982-82E8-4E5A571818E7}\Tunebite.exe
- 2000-08-31 06:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 07:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
- 2000-08-31 06:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 07:00:00 161,792 ----a-w c:\windows\SWREG.exe
- 2006-11-03 07:56:54 7,680 ----a-w c:\windows\system32\asferror.dll
+ 2006-11-03 08:56:54 7,680 ----a-w c:\windows\system32\asferror.dll
- 2006-11-03 07:56:54 7,680 ----a-w c:\windows\system32\dllcache\asferror.dll
+ 2006-11-03 08:56:54 7,680 ----a-w c:\windows\system32\dllcache\asferror.dll
- 2008-04-13 09:45:16 60,160 ----a-w c:\windows\system32\dllcache\drmk.sys
+ 2008-04-13 10:45:16 60,160 ----a-w c:\windows\system32\dllcache\drmk.sys
- 2008-04-13 10:16:38 141,056 ----a-w c:\windows\system32\dllcache\ks.sys
+ 2008-04-13 11:16:38 141,056 ----a-w c:\windows\system32\dllcache\ks.sys
- 2006-11-03 07:57:06 244,224 ----a-w c:\windows\system32\dllcache\mpvis.dll
+ 2006-11-03 08:57:06 244,224 ----a-w c:\windows\system32\dllcache\mpvis.dll
- 2008-04-13 10:19:42 146,048 ----a-w c:\windows\system32\dllcache\portcls.sys
+ 2008-04-13 11:19:42 146,048 ----a-w c:\windows\system32\dllcache\portcls.sys
- 2006-11-03 08:02:28 1,680,384 ----a-w c:\windows\system32\dllcache\setup_wm.exe
+ 2006-11-03 09:02:28 1,680,384 ----a-w c:\windows\system32\dllcache\setup_wm.exe
- 2008-04-13 09:45:16 49,408 ----a-w c:\windows\system32\dllcache\stream.sys
+ 2008-04-13 10:45:16 49,408 ----a-w c:\windows\system32\dllcache\stream.sys
- 2006-11-03 07:58:42 272,384 ----a-w c:\windows\system32\dllcache\wmerror.dll
+ 2006-11-03 08:58:42 272,384 ----a-w c:\windows\system32\dllcache\wmerror.dll
- 2006-11-03 07:58:48 96,256 ----a-w c:\windows\system32\dllcache\wmpband.dll
+ 2006-11-03 08:58:48 96,256 ----a-w c:\windows\system32\dllcache\wmpband.dll
- 2006-11-03 07:59:00 64,000 ----a-w c:\windows\system32\dllcache\wmplayer.exe
+ 2006-11-03 08:59:00 64,000 ----a-w c:\windows\system32\dllcache\wmplayer.exe
- 2006-11-03 08:03:34 8,292,352 ----a-w c:\windows\system32\dllcache\wmploc.dll
+ 2006-11-03 09:03:34 8,292,352 ----a-w c:\windows\system32\dllcache\wmploc.dll
- 2006-11-03 07:59:06 99,840 ----a-w c:\windows\system32\dllcache\wmpshell.dll
+ 2006-11-03 08:59:06 99,840 ----a-w c:\windows\system32\dllcache\wmpshell.dll
- 2008-04-13 09:45:16 60,160 ----a-w c:\windows\system32\drivers\drmk.sys
+ 2008-04-13 10:45:16 60,160 ----a-w c:\windows\system32\drivers\drmk.sys
- 2008-04-13 10:16:38 141,056 ----a-w c:\windows\system32\drivers\ks.sys
+ 2008-04-13 11:16:38 141,056 ----a-w c:\windows\system32\drivers\ks.sys
- 2008-04-13 10:19:42 146,048 ----a-w c:\windows\system32\drivers\portcls.sys
+ 2008-04-13 11:19:42 146,048 ----a-w c:\windows\system32\drivers\portcls.sys
- 2008-04-13 09:45:16 49,408 ----a-w c:\windows\system32\drivers\stream.sys
+ 2008-04-13 10:45:16 49,408 ----a-w c:\windows\system32\drivers\stream.sys
+ 2006-11-02 05:22:54 492,000 ------w c:\windows\system32\drivers\wdf01000.sys
+ 2006-11-02 05:22:52 32,224 ------w c:\windows\system32\drivers\wdfldr.sys
+ 2006-08-11 07:34:10 6,144 -c--a-w c:\windows\system32\DRVSTORE\M2501at_2F5F7EFE99B5F227AF0764DFDBB083834C1FFEC1\M2501cn.sys
+ 2006-08-11 07:34:12 90,128 -c--a-w c:\windows\system32\DRVSTORE\M2501at_2F5F7EFE99B5F227AF0764DFDBB083834C1FFEC1\M2501md.sys
+ 2006-08-11 04:49:48 94,592 -c--a-w c:\windows\system32\DRVSTORE\M2501HCD_B072F3C073A4376B25683AA0AD2B77942B3E843A\M2501HCD.sys
+ 2006-08-11 07:34:10 6,144 -c--a-w c:\windows\system32\DRVSTORE\M2501md_3F9C70CED7D1F0C5A3749D5A551A3DAA6C9518B6\M2501cn.sys
+ 2006-08-11 07:34:12 90,128 -c--a-w c:\windows\system32\DRVSTORE\M2501md_3F9C70CED7D1F0C5A3749D5A551A3DAA6C9518B6\M2501md.sys
+ 2006-08-11 07:34:18 9,360 -c--a-w c:\windows\system32\DRVSTORE\M2501md_3F9C70CED7D1F0C5A3749D5A551A3DAA6C9518B6\M2501mf.sys
+ 2006-08-11 07:34:22 66,592 -c--a-w c:\windows\system32\DRVSTORE\M2501uc_6ABE1D60E560C01F808EBE80F1BCA5A3D9FDEC66\M2501uc.sys
+ 2006-08-11 07:34:24 5,808 -c--a-w c:\windows\system32\DRVSTORE\M2501uc_6ABE1D60E560C01F808EBE80F1BCA5A3D9FDEC66\M2501wn.sys
+ 2008-08-21 16:49:22 18,688 -c--a-w c:\windows\system32\DRVSTORE\motccgp_4B8D9AB3A82A683595609FFF880F0EDF6139A96D\motccgp.sys
+ 2008-08-21 16:49:56 8,320 -c--a-w c:\windows\system32\DRVSTORE\motccgp_4B8D9AB3A82A683595609FFF880F0EDF6139A96D\motccgpfl.sys
+ 2007-11-02 13:51:28 6,400 -c--a-w c:\windows\system32\DRVSTORE\motccgp_4B8D9AB3A82A683595609FFF880F0EDF6139A96D\motswch.sys
+ 2006-11-13 13:45:54 1,419,232 -c--a-w c:\windows\system32\DRVSTORE\motccgp_4B8D9AB3A82A683595609FFF880F0EDF6139A96D\wdfcoinstaller01005.dll
+ 2007-06-18 13:18:26 23,680 -c--a-w c:\windows\system32\DRVSTORE\motmodem_8AAFC1213735C79BDDFE23749C53BFC0F01512CA\motmodem.sys
+ 2006-11-13 13:45:54 1,419,232 -c--a-w c:\windows\system32\DRVSTORE\motmodem_8AAFC1213735C79BDDFE23749C53BFC0F01512CA\wdfcoinstaller01005.dll
+ 2006-07-28 06:10:08 6,144 -c--a-w c:\windows\system32\DRVSTORE\motodrv_EBD40518FA36F6DD08A0EAF14AED13D857D9FFFC\mot_ci.dll
+ 2007-10-10 15:41:50 42,112 -c--a-w c:\windows\system32\DRVSTORE\motodrv_EBD40518FA36F6DD08A0EAF14AED13D857D9FFFC\motodrv.sys
+ 2007-01-23 20:36:20 6,016 -c--a-w c:\windows\system32\DRVSTORE\motousbnet_9F591433B82B0F093333CEA94EE84F00E7481D04\motfilt.sys
+ 2008-03-03 14:03:10 23,296 -c--a-w c:\windows\system32\DRVSTORE\motousbnet_9F591433B82B0F093333CEA94EE84F00E7481D04\Motousbnet.sys
+ 2007-11-02 13:51:28 6,400 -c--a-w c:\windows\system32\DRVSTORE\motousbnet_9F591433B82B0F093333CEA94EE84F00E7481D04\motswch.sys
+ 2006-11-13 13:45:54 1,419,232 -c--a-w c:\windows\system32\DRVSTORE\motousbnet_9F591433B82B0F093333CEA94EE84F00E7481D04\wdfcoinstaller01005.dll
+ 2007-06-18 13:18:26 23,680 -c--a-w c:\windows\system32\DRVSTORE\motport_50487F381F70FF5572305B1B459E22B860F1D8C7\motport.sys
+ 2006-11-13 13:45:54 1,419,232 -c--a-w c:\windows\system32\DRVSTORE\motport_50487F381F70FF5572305B1B459E22B860F1D8C7\wdfcoinstaller01005.dll
- 2008-03-04 11:33:18 7,680 ----a-w c:\windows\system32\ff_vfw.dll
+ 2008-06-18 13:59:56 7,680 ----a-w c:\windows\system32\ff_vfw.dll
- 2008-10-15 05:30:09 384,816 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-10-28 20:21:14 382,424 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-05-07 04:33:28 112,880 ----a-w c:\windows\system32\GDIPFONTCACHEV1.DAT
+ 2008-10-28 21:08:33 112,688 ----a-w c:\windows\system32\GDIPFONTCACHEV1.DAT
+ 2006-07-28 06:10:08 6,144 ----a-w c:\windows\system32\mot_ci.dll
- 2003-04-18 15:29:24 96,256 ----a-w c:\windows\system32\msxml4r.dll
+ 2002-02-04 00:43:00 82,432 ----a-w c:\windows\system32\msxml4r.dll
- 2008-04-13 17:33:36 337,408 ----a-w c:\windows\system32\netapi32.dll
+ 2008-10-15 16:35:43 337,408 ----a-w c:\windows\system32\netapi32.dll
- 2008-07-25 20:30:59 72,152 ----a-w c:\windows\system32\perfc009.dat
+ 2008-10-26 14:28:18 72,152 ----a-w c:\windows\system32\perfc009.dat
- 2008-07-25 20:30:59 85,696 ----a-w c:\windows\system32\perfc00C.dat
+ 2008-10-26 14:28:18 85,696 ----a-w c:\windows\system32\perfc00C.dat
- 2008-07-25 20:30:59 444,528 ----a-w c:\windows\system32\perfh009.dat
+ 2008-10-26 14:28:18 444,528 ----a-w c:\windows\system32\perfh009.dat
- 2008-07-25 20:30:59 513,492 ----a-w c:\windows\system32\perfh00C.dat
+ 2008-10-26 14:28:18 513,492 ----a-w c:\windows\system32\perfh00C.dat
- 2008-04-01 20:24:54 7,036,340 ----a-w c:\windows\system32\Restore\rstrlog.dat
+ 2008-11-10 13:48:19 619,228 ----a-w c:\windows\system32\Restore\rstrlog.dat
- 2007-11-30 11:19:06 18,296 ------w c:\windows\system32\spmsg.dll
+ 2006-09-25 16:58:48 14,640 ------w c:\windows\system32\spmsg.dll
- 2004-09-15 23:00:00 77,824 ----a-w c:\windows\system32\UMLoader.dll
+ 2004-09-16 00:00:00 77,824 ----a-w c:\windows\system32\UMLoader.dll
- 2006-11-03 07:58:42 272,384 ----a-w c:\windows\system32\wmerror.dll
+ 2006-11-03 08:58:42 272,384 ----a-w c:\windows\system32\wmerror.dll
- 2006-11-03 08:03:34 8,292,352 ----a-w c:\windows\system32\wmploc.dll
+ 2006-11-03 09:03:34 8,292,352 ----a-w c:\windows\system32\wmploc.dll
- 2006-11-03 07:59:06 99,840 ----a-w c:\windows\system32\wmpshell.dll
+ 2006-11-03 08:59:06 99,840 ----a-w c:\windows\system32\wmpshell.dll
- 2006-11-02 09:52:12 44,032 ------w c:\windows\system32\wpdshextres.dll
+ 2006-11-02 10:52:12 44,032 ------w c:\windows\system32\wpdshextres.dll
+ 2008-11-10 19:00:11 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_490.dat
+ 2008-11-10 19:00:17 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_ec.dat
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA102584-3B97-47e7-B9BC-75D54C110A7D}]
2008-10-29 17:03 144688 --a------ c:\program files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-11-17 975360]
"MediaDICO9Il"="c:\program files\Micro Application\9 Dictionnaires Illustrés\LanceMediaDICO9Il.exe" [2006-02-04 252416]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"WOOKIT"="c:\program files\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 68856]
"Packard Bell Software Suite"="c:\program files\Packard Bell\Packard Bell Software Suite\Launcher.exe" [2008-08-28 1934144]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"OrangePlayer"="c:\program files\orange\media player\Media Player.exe" [2008-06-05 319488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2006-02-16 295936]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2006-02-23 147456]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-20 98304]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-09-28 185872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
"OrangePlayer"="c:\program files\orange\media player\Media Player.exe" [2008-06-05 319488]

d:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Hyperappel du Petit Larousse 2009.lnk - c:\program files\Larousse\Petit Larousse 2009\bin\Hyperappel.exe [2008-09-28 237568]
OFFICE One Clock v6.5.lnk - c:\program files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe [2007-02-20 257536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.mpegacm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm
"msacm.ulmp3acm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\ashSimpl.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 LVRS;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs.sys [2008-07-26 627864]
R3 USBSTOR;Pilote de stockage de masse USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\Drivers\e4ldr.sys [2006-03-02 63555]
S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\DRIVERS\e4usbaw.sys [2006-05-04 114616]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-08-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-08-21 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2007-10-10 42112]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contenu du dossier 'Tâches planifiées'

2008-11-10 c:\windows\Tasks\Configurer mon PC.job
- c:\apps\SMP\PCSETUP.EXE [2005-11-17 10:03]

2008-11-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-ISUSPM Startup - c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe
HKLM-Run-ISUSScheduler - c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe


.
------- Examen supplémentaire -------
.
FireFox -: Profile - d:\documents and settings\GRARDEL.SN117655920314\Application Data\Mozilla\Firefox\Profiles\v1bjaro2.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://french.icrfast.com/index.php?rvs=hompag
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://french.icrfast.com/index.php?rvs=hompag
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 20:00:54
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Windows Defender\MsMpEng.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\a-squared Free\a2service.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\apps\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Fichiers communs\Logishrd\LVCOMSER\LVComSer.exe
c:\program files\Fichiers communs\Logishrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
c:\windows\system32\snmp.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\windows\system32\UAService7.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Fichiers communs\Logishrd\LVCOMSER\LVComSer.exe
c:\progra~1\Wanadoo\TaskBarIcon.exe
c:\windows\system32\rundll32.exe
c:\program files\Wanadoo\ComComp.exe
c:\program files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\verclsid.exe
.
**************************************************************************
.
Heure de fin: 2008-11-10 20:06:24 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-10 19:06:19
ComboFix2.txt 2008-10-18 19:48:22

Avant-CF: 6 669 340 672 octets libres
Après-CF: 6,661,193,728 octets libres

423 --- E O F --- 2008-11-10 14:18:43

il redemarre toujours

j'ai un autre rapport de combofix de j'ai effectué a la suite de l'autre

ComboFix 08-11-09.04 - GRARDEL 2008-11-10 20:26:53.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.568 [GMT 1:00]
.
[color=purple]Les fichiers ci-dessous ont été désactivés pendant l'exécution:[/color]
c:\windows\TEMP\logishrd\LVPrcInj01.dll


(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . impossible à supprimer

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-10 au 2008-11-10 ))))))))))))))))))))))))))))))))))))
.

2008-11-10 14:40 . 2008-11-10 14:47 <REP> d---s---- d:\documents and settings\NetworkService.AUTORITE NT.013
2008-11-10 14:40 . 2008-11-10 14:47 <REP> d---s---- d:\documents and settings\LocalService.AUTORITE NT.013
2008-11-10 14:40 . 2008-11-10 14:47 <REP> d-------- d:\documents and settings\GRARDEL.SN117655920314.006\Modèles
2008-11-10 14:40 . 2008-11-10 14:47 <REP> d-------- d:\documents and settings\GRARDEL.SN117655920314.006\Mes documents
2008-11-10 14:40 . 2008-11-10 14:47 <REP> d-------- d:\documents and settings\GRARDEL.SN117655920314.006\Favoris
2008-11-10 14:40 . 2007-02-20 05:58 <REP> d-------- d:\documents and settings\GRARDEL.SN117655920314.006\Application Data\Symantec
2008-11-10 14:40 . 2008-11-10 14:47 <REP> d---s---- d:\documents and settings\GRARDEL.SN117655920314.006
2008-11-09 12:24 . 2008-11-10 14:47 <REP> d-------- C:\ToolBar SD
2008-11-05 19:50 . 2008-11-05 19:50 <REP> d-------- c:\program files\PixiePack Codec Pack
2008-11-05 19:46 . 2008-11-05 19:50 <REP> d-------- d:\documents and settings\All Users\Application Data\RapidSolution
2008-11-05 19:46 . 2008-11-05 19:46 <REP> d-------- c:\program files\RapidSolution
2008-11-05 19:29 . 2008-11-05 19:30 <REP> d-------- c:\program files\Satsuki Decoder Pack
2008-11-01 00:06 . 2008-11-01 00:06 <REP> d-------- c:\program files\LimeWire
2008-10-31 22:09 . 2008-10-31 22:42 <REP> d-------- d:\documents and settings\GRARDEL.SN117655920314\Application Data\Media Player
2008-10-31 22:09 . 2008-10-31 22:09 <REP> d-------- c:\program files\Orange
2008-10-28 22:20 . 2008-10-28 22:20 <REP> d-------- C:\DECCHECK
2008-10-28 22:02 . 2008-10-28 22:02 <REP> d-------- c:\windows\system32\VirginMega
2008-10-28 22:02 . 2008-10-28 22:02 <REP> d-------- c:\program files\VirginMega
2008-10-28 21:15 . 2008-10-28 21:15 146 --a------ c:\windows\DelMR.bat
2008-10-26 21:36 . 2008-10-26 21:36 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2008-10-26 21:36 . 2008-10-26 21:36 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2008-10-26 18:05 . 2006-11-13 14:45 1,419,232 --a------ c:\windows\system32\wdfcoinstaller01005.dll
2008-10-26 18:05 . 2007-10-10 16:41 42,112 --a------ c:\windows\system32\drivers\motodrv.sys
2008-10-26 18:05 . 2007-06-18 14:18 23,680 --a------ c:\windows\system32\drivers\motmodem.sys
2008-10-26 18:05 . 2008-08-21 17:49 18,688 --a------ c:\windows\system32\drivers\motccgp.sys
2008-10-26 18:05 . 2008-08-21 17:49 8,320 --a------ c:\windows\system32\drivers\motccgpfl.sys
2008-10-26 18:05 . 2007-11-02 14:51 6,400 --a------ c:\windows\system32\drivers\motswch.sys
2008-10-25 21:31 . 2008-10-25 21:31 0 --a------ c:\windows\mngui.INI
2008-10-25 21:21 . 2008-10-25 21:25 <REP> d-------- d:\documents and settings\GRARDEL.SN117655920314\Application Data\Teleca
2008-10-25 21:21 . 2008-10-25 21:21 <REP> d-------- d:\documents and settings\GRARDEL.SN117655920314\Application Data\Motorola
2008-10-25 21:20 . 2008-10-28 21:15 <REP> d-------- c:\program files\Fichiers communs\Teleca Shared
2008-10-23 18:47 . 2008-10-15 17:35 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2008-10-22 18:40 . 2008-10-22 18:40 <REP> d-------- d:\documents and settings\All Users\Application Data\NortonInstaller
2008-10-21 21:00 . 2008-10-21 21:00 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-10-21 21:00 . 2008-10-21 21:00 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-10-21 20:19 . 2008-10-28 21:04 <REP> d-------- c:\program files\Fichiers communs\Motorola Shared
2008-10-21 20:14 . 2008-10-28 21:16 <REP> d-------- c:\program files\Motorola
2008-10-15 15:19 . 2008-10-15 15:19 43,552 --a------ c:\windows\system32\drivers\tbhsd.sys
2008-10-15 06:11 . 2008-09-08 11:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
2008-10-15 06:10 . 2008-08-14 14:23 2,191,232 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 06:10 . 2008-08-14 14:23 2,147,328 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 06:10 . 2008-08-14 14:23 2,068,096 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 06:10 . 2008-08-14 14:23 2,025,984 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-15 06:10 . 2008-09-15 16:26 1,846,528 --------- c:\windows\system32\dllcache\win32k.sys
2008-10-14 20:36 . 2008-10-14 20:36 1 ---hs---- C:\MSDOS.INF
2008-10-12 21:31 . 2008-10-28 21:05 <REP> d-------- d:\documents and settings\GRARDEL.SN117655920314\Application Data\ESTsoft
2008-10-12 21:31 . 2008-10-12 21:42 <REP> d-------- c:\program files\ESTsoft

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-10 19:30 --------- d-----w c:\program files\Wanadoo
2008-11-10 13:47 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-10 13:47 --------- d-----w c:\program files\Navilog1
2008-11-09 22:06 --------- d-----w d:\documents and settings\GRARDEL.SN117655920314\Application Data\LimeWire
2008-11-09 21:37 --------- d-----w d:\documents and settings\All Users\Application Data\Google Updater
2008-11-05 05:14 --------- d-----w d:\documents and settings\GRARDEL.SN117655920314\Application Data\uTorrent
2008-10-28 20:15 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-23 19:07 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-10-22 14:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 14:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-20 17:22 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-19 16:13 --------- d-----w d:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-18 14:54 --------- d-----w c:\program files\a-squared Free
2008-10-11 15:18 --------- d---a-w d:\documents and settings\All Users\Application Data\TEMP
2008-10-09 16:36 --------- d-----w c:\program files\Yahoo!
2008-10-01 20:01 --------- d-----w c:\program files\AGI
2008-09-28 16:39 44,944 ------w c:\windows\system32\drivers\pxhelp20.sys
2008-09-28 16:18 --------- d-----w c:\program files\Picasa2
2008-09-28 15:48 --------- d-----w c:\program files\Larousse
2008-09-28 10:06 --------- d-----w c:\program files\Fichiers communs\xing shared
2008-09-28 10:06 --------- d-----w c:\program files\Fichiers communs\Real
2008-09-20 19:40 --------- d-----w c:\program files\Fichiers communs\Logishrd
2008-09-19 19:25 --------- d-----w c:\program files\Fichiers communs\Logitech
2008-09-19 19:24 --------- d-----w d:\documents and settings\All Users\Application Data\Logishrd
2008-09-19 19:24 --------- d-----w c:\program files\Logitech
2008-09-17 21:55 6,132,576 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2008-09-17 21:08 --------- d-----w c:\program files\Fichiers communs\Ahead
2007-01-06 23:18 92,064 ----a-w d:\documents and settings\GRARDEL\mqdmmdm.sys
2007-01-06 23:18 9,232 ----a-w d:\documents and settings\GRARDEL\mqdmmdfl.sys
2007-01-06 23:18 79,328 ----a-w d:\documents and settings\GRARDEL\mqdmserd.sys
2007-01-06 23:18 66,656 ----a-w d:\documents and settings\GRARDEL\mqdmbus.sys
2007-01-06 23:18 6,208 ----a-w d:\documents and settings\GRARDEL\mqdmcmnt.sys
2007-01-06 23:18 5,936 ----a-w d:\documents and settings\GRARDEL\mqdmwhnt.sys
2007-01-06 23:18 4,048 ----a-w d:\documents and settings\GRARDEL\mqdmcr.sys
2007-01-06 23:18 25,600 ----a-w d:\documents and settings\GRARDEL\usbsermptxp.sys
2007-01-06 23:18 22,768 ----a-w d:\documents and settings\GRARDEL\usbsermpt.sys
2008-05-06 21:05 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008050620080507\index.dat
.

((((((((((((((((((((((((((((( snapshot_2008-11-10_20.05.48.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-10 19:29:54 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_124.dat
- 2008-11-10 19:00:11 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_490.dat
+ 2008-11-10 19:29:48 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_490.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA102584-3B97-47e7-B9BC-75D54C110A7D}]
2008-10-29 17:03 144688 --a------ c:\program files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-11-17 975360]
"MediaDICO9Il"="c:\program files\Micro Application\9 Dictionnaires Illustrés\LanceMediaDICO9Il.exe" [2006-02-04 252416]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"WOOKIT"="c:\program files\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 68856]
"Packard Bell Software Suite"="c:\program files\Packard Bell\Packard Bell Software Suite\Launcher.exe" [2008-08-28 1934144]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"OrangePlayer"="c:\program files\orange\media player\Media Player.exe" [2008-06-05 319488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2006-02-16 295936]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2006-02-23 147456]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-20 98304]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-09-28 185872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [BU]
"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
"OrangePlayer"="c:\program files\orange\media player\Media Player.exe" [2008-06-05 319488]

d:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Hyperappel du Petit Larousse 2009.lnk - c:\program files\Larousse\Petit Larousse 2009\bin\Hyperappel.exe [2008-09-28 237568]
OFFICE One Clock v6.5.lnk - c:\program files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe [2007-02-20 257536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.mpegacm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm
"msacm.ulmp3acm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\ashSimpl.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 LVRS;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs.sys [2008-07-26 627864]
R3 USBSTOR;Pilote de stockage de masse USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\Drivers\e4ldr.sys [2006-03-02 63555]
S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\DRIVERS\e4usbaw.sys [2006-05-04 114616]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-08-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-08-21 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2007-10-10 42112]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contenu du dossier 'Tâches planifiées'

2008-11-10 c:\windows\Tasks\Configurer mon PC.job
- c:\apps\SMP\PCSETUP.EXE [2005-11-17 10:03]

2008-11-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - d:\documents and settings\GRARDEL.SN117655920314\Application Data\Mozilla\Firefox\Profiles\v1bjaro2.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://french.icrfast.com/index.php?rvs=hompag
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://french.icrfast.com/index.php?rvs=hompag
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 20:30:30
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Windows Defender\MsMpEng.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\a-squared Free\a2service.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\apps\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Fichiers communs\Logishrd\LVCOMSER\LVComSer.exe
c:\program files\Fichiers communs\Logishrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
c:\windows\system32\snmp.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\windows\system32\UAService7.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Fichiers communs\Logishrd\LVCOMSER\LVComSer.exe
c:\progra~1\Wanadoo\TaskBarIcon.exe
c:\windows\system32\rundll32.exe
c:\program files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Heure de fin: 2008-11-10 20:35:45 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-10 19:35:40
ComboFix2.txt 2008-11-10 19:06:26
ComboFix3.txt 2008-10-18 19:48:22

Avant-CF: 6 666 747 904 octets libres
Après-CF: 6,645,383,168 octets libres

248 --- E O F --- 2008-11-10 14:18:43

bonsoir


je n'ai trouvé pour d'eactivé avast je n'ai pas rencontré de probleme je vous joint le rapport

SmitFraudFix v2.374

Rapport fait à 18:07:23,64, 11/11/2008
Executé à partir de D:\Documents and Settings\GRARDEL.SN117655920314\Bureau\09-11-2008\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Mouse Driver\KMWDSrv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\system32\UAService7.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\APPS\Powercinema\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Mouse Driver\StartAutorun.exe
C:\APPS\SMP\SmpSys.exe
C:\Program Files\Mouse Driver\KMConfig.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Mouse Driver\KMProcess.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\program files\orange\media player\Media Player.exe
C:\Program Files\Larousse\Petit Larousse 2009\bin\Hyperappel.exe
C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» D:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\GRARDEL.SN117655920314


»»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\GRARDE~1.SN1\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\GRARDEL.SN117655920314\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\GRARDE~1.SN1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 80.10.246.130
DNS Server Search Order: 81.253.149.10

HKLM\SYSTEM\CCS\Services\Tcpip\..\{9117AA14-86C5-470E-8D38-60BFAF784434}: NameServer=80.10.246.130 81.253.149.10
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9117AA14-86C5-470E-8D38-60BFAF784434}: NameServer=80.10.246.130 81.253.149.10


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

j'ai effectué une annalyse avec bitdefender il m'a trouvé un trojan agent dell.gy et trojan generic 1046131

bonsoir

je n'ai pas le rapport de mon analyse
le redemarrage est toujours la
a bientot de vous lire

-------------- UsbFix V2.405 ---------------

* User : GRARDEL - SN117655920314
* Outils mis a jours le 13/11/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 22:23:32 le 13/11/2008
* Windows Xp - Internet Explorer 7.0.5730.13


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mouse Driver\KMWDSrv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\system32\UAService7.exe
D:\DOCUME~1\GRARDE~1.SN1\LOCALS~1\Temp\1.tmp\b2e.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe

D: - Lecteur fixe

J: - Lecteur fixe

K: - Lecteur fixe


--------------- [ Registre / Startup ] ----------------


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
PHIME2002ASync REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz REG_SZ nwiz.exe /install
High Definition Audio Property Page Shortcut REG_SZ HDAShCut.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
Vade Retro Outlook Express REG_SZ "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
PCMService REG_SZ "c:\APPS\Powercinema\PCMService.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
Adobe Photo Downloader REG_SZ "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
DetectorApp REG_SZ C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
WOOWATCH REG_SZ C:\PROGRA~1\Wanadoo\Watch.exe
WOOTASKBARICON REG_SZ C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
LogitechCommunicationsManager REG_SZ "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
LogitechQuickCamRibbon REG_SZ "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
KMCONFIG REG_SZ C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
SmpcSys REG_SZ C:\APPS\SMP\SmpSys.exe
MediaDICO9Il REG_SZ C:\Program Files\Micro Application\9 Dictionnaires Illustrés\LanceMediaDICO9Il.exe Lancement
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
WOOKIT REG_SZ C:\Program Files\Wanadoo\GestMaj.exe GestionnaireInternet.exe
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Packard Bell Software Suite REG_SZ C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe /run
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
OrangePlayer REG_SZ c:\program files\orange\media player\Media Player.exe /systray

--------------- [ Registre / Mountpoint2 ] ----------------


-> Recherche négative.

--------------- [ Nettoyage des disques ] ----------------

Supprimé ! - [11/11/2008 18:07] C:\WINDOWS\system32\tmp.txt

--------------- [ Listing des fichiers présents ] ----------------

-> /!\ Le resultat doit etre interprété par un spécialiste /!\

[05/08/2004 14:00][--a------] C:\NTDETECT.COM
[12/12/2007 23:56][-rahs----] C:\BOOT.INI
[14/10/2008 20:36][---hs----] C:\MSDOS.INF
[24/02/2008 21:22][--a------] D:\GetPaths.bat
[14/12/2005 15:09][--a------] K:\crccheck.vbs
[05/07/2007 11:03][--a------] K:\ClickMe.exe
[05/07/2007 11:03][--a------] K:\CRC95.EXE

--------------- [ Vaccination ] ----------------

C:\autorun.inf - Dossier autorun.inf crée par UsbFix !
D:\autorun.inf - Dossier autorun.inf crée par UsbFix !
J:\autorun.inf - Dossier autorun.inf crée par UsbFix !
K:\autorun.inf - Dossier autorun.inf crée par UsbFix !

--------------- ! Fin du rapport ! ----------------

bonsoir

je pense que j'ai bien effectué la manip bonne reception
a bientot de vous lire


Fichier GetPaths.bat reçu le 2008.11.14 20:26:45 (CET)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.14.3 2008.11.14 -
AntiVir 7.9.0.31 2008.11.14 -
Authentium 5.1.0.4 2008.11.14 -
Avast 4.8.1281.0 2008.11.14 -
AVG 8.0.0.199 2008.11.14 -
BitDefender 7.2 2008.11.14 -
CAT-QuickHeal 10.00 2008.11.13 -
ClamAV 0.94.1 2008.11.14 -
DrWeb 4.44.0.09170 2008.11.14 -
eSafe 7.0.17.0 2008.11.13 -
eTrust-Vet 31.6.6209 2008.11.14 -
Ewido 4.0 2008.11.14 -
F-Prot 4.4.4.56 2008.11.13 -
F-Secure 8.0.14332.0 2008.11.14 -
Fortinet 3.117.0.0 2008.11.14 -
GData 19 2008.11.14 -
Ikarus T3.1.1.45.0 2008.11.14 -
K7AntiVirus 7.10.525 2008.11.14 -
Kaspersky 7.0.0.125 2008.11.14 -
McAfee 5434 2008.11.14 -
Microsoft 1.4104 2008.11.14 -
NOD32 3614 2008.11.14 -
Norman 5.80.02 2008.11.14 -
Panda 9.0.0.4 2008.11.14 -
PCTools 4.4.2.0 2008.11.14 -
Prevx1 V2 2008.11.14 -
Rising 21.03.42.00 2008.11.14 -
SecureWeb-Gateway 6.7.6 2008.11.14 -
Sophos 4.35.0 2008.11.14 -
Sunbelt 3.1.1801.2 2008.11.14 -
Symantec 10 2008.11.14 -
TheHacker 6.3.1.1.152 2008.11.13 -
TrendMicro 8.700.0.1004 2008.11.14 -
VBA32 3.12.8.9 2008.11.14 -
ViRobot 2008.11.14.1468 2008.11.14 -
VirusBuster 4.5.11.0 2008.11.14 -

Information additionnelle
File size: 520 bytes
MD5...: 621532679722b3b2628acafe95682c38
SHA1..: b0a00df5bc5613df60db21289ebbae2d6f1ab78d
SHA256: a97a01cceb10a58bdf90161077f342c692fa0f697cc4e048eefe79075989a06d
SHA512: b2796a8fa3aa8a8dac6de8b1d302fde049cee1533059d7e315278df1c32fad1b<BR>3869767a023a0ee0bc3376de76c292f3d40ed405c33b091680852f20d715bdc4
PEiD..: -
TrID..: File type identification<BR>Unknown!
PEInfo: -

Fichier ClickMe.exe reçu le 2008.04.19 17:54:49 (CET)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
FileAdvisor - - -
Fortinet - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - Spyware.DollarRevenue
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -

Information additionnelle
MD5: 227c864bf7487f2103a56ad379fa96fa
SHA1: 7adc95130939b7e9a8ad4469dc325bc6d8dcbb2e
SHA256: a1b669e050841a8530aa4cd9f93bc7004e472cff7e7080e88438ecf63f4097a9
SHA512: 9102d7cfa617cf87eaed0ea61e0de704b211983408a1e695ea2c037983a8d1d7770f5fa21d83d585d8729a0feb7a4bc6f5b89be23b1a7528df02231e7af6ac94
<table border="1"><tr><td colspan="4">Fichier ClickMe.exe reçu le 2008.04.19 17:54:49 (CET)</td></tr><tr><td>Antivirus</td><td>Version</td><td>Dernière mise à jour</td><td>Résultat</td</tr><tr><td>AhnLab-V3</td><td>-</td><td>-</td><td>-</td</tr><tr><td>AntiVir</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Authentium</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Avast</td><td>-</td><td>-</td><td>-</td</tr><tr><td>AVG</td><td>-</td><td>-</td><td>-</td</tr><tr><td>BitDefender</td><td>-</td><td>-</td><td>-</td</tr><tr><td>CAT-QuickHeal</td><td>-</td><td>-</td><td>-</td</tr><tr><td>ClamAV</td><td>-</td><td>-</td><td>-</td</tr><tr><td>DrWeb</td><td>-</td><td>-</td><td>-</td</tr><tr><td>eSafe</td><td>-</td><td>-</td><td>-</td</tr><tr><td>eTrust-Vet</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Ewido</td><td>-</td><td>-</td><td>-</td</tr><tr><td>F-Prot</td><td>-</td><td>-</td><td>-</td</tr><tr><td>F-Secure</td><td>-</td><td>-</td><td>-</td</tr><tr><td>FileAdvisor</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Fortinet</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Ikarus</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Kaspersky</td><td>-</td><td>-</td><td>-</td</tr><tr><td>McAfee</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Microsoft</td><td>-</td><td>-</td><td>-</td</tr><tr><td>NOD32v2</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Norman</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Panda</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Prevx1</td><td>-</td><td>-</td><td style="color: red;">Spyware.DollarRevenue</td</tr><tr><td>Rising</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Sophos</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Sunbelt</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Symantec</td><td>-</td><td>-</td><td>-</td</tr><tr><td>TheHacker</td><td>-</td><td>-</td><td>-</td</tr><tr><td>VBA32</td><td>-</td><td>-</td><td>-</td</tr><tr><td>VirusBuster</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Webwasher-Gateway</td><td>-</td><td>-</td><td>-</td</tr><tr><td colspan="4"> </td></tr><tr><td colspan="4">Information additionnelle</td></tr><tr><td colspan="4">MD5: 227c864bf7487f2103a56ad379fa96fa</td></tr><tr><td colspan="4">SHA1: 7adc95130939b7e9a8ad4469dc325bc6d8dcbb2e</td></tr><tr><td colspan="4">SHA256: a1b669e050841a8530aa4cd9f93bc7004e472cff7e7080e88438ecf63f4097a9</td></tr><tr><td colspan="4">SHA512: 9102d7cfa617cf87eaed0ea61e0de704b211983408a1e695ea2c037983a8d1d7770f5fa21d83d585d8729a0feb7a4bc6f5b89be23b1a7528df02231e7af6ac94</td></tr></table>
Antivirus;Version;Dernière mise à jour;Résultat
AhnLab-V3;-;-;-
AntiVir;-;-;-
Authentium;-;-;-
Avast;-;-;-
AVG;-;-;-
BitDefender;-;-;-
CAT-QuickHeal;-;-;-
ClamAV;-;-;-
DrWeb;-;-;-
eSafe;-;-;-
eTrust-Vet;-;-;-
Ewido;-;-;-
F-Prot;-;-;-
F-Secure;-;-;-
FileAdvisor;-;-;-
Fortinet;-;-;-
Ikarus;-;-;-
Kaspersky;-;-;-
McAfee;-;-;-
Microsoft;-;-;-
NOD32v2;-;-;-
Norman;-;-;-
Panda;-;-;-
Prevx1;-;-;Spyware.DollarRevenue
Rising;-;-;-
Sophos;-;-;-
Sunbelt;-;-;-
Symantec;-;-;-
TheHacker;-;-;-
VBA32;-;-;-
VirusBuster;-;-;-
Webwasher-Gateway;-;-;-

Information additionnelle
MD5: 227c864bf7487f2103a56ad379fa96fa
SHA1: 7adc95130939b7e9a8ad4469dc325bc6d8dcbb2e
SHA256: a1b669e050841a8530aa4cd9f93bc7004e472cff7e7080e88438ecf63f4097a9
SHA512: 9102d7cfa617cf87eaed0ea61e0de704b211983408a1e695ea2c037983a8d1d7770f5fa21d83d585d8729a0feb7a4bc6f5b89be23b1a7528df02231e7af6ac94

Fichier CRC95.EXE reçu le 2008.11.14 21:01:55 (CET)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.14.3 2008.11.14 -
AntiVir 7.9.0.31 2008.11.14 -
Authentium 5.1.0.4 2008.11.14 -
Avast 4.8.1281.0 2008.11.14 -
AVG 8.0.0.199 2008.11.14 -
BitDefender 7.2 2008.11.14 -
CAT-QuickHeal 10.00 2008.11.13 -
ClamAV 0.94.1 2008.11.14 -
DrWeb 4.44.0.09170 2008.11.14 -
eSafe 7.0.17.0 2008.11.13 -
eTrust-Vet 31.6.6209 2008.11.14 -
Ewido 4.0 2008.11.14 -
F-Prot 4.4.4.56 2008.11.14 -
F-Secure 8.0.14332.0 2008.11.14 -
Fortinet 3.117.0.0 2008.11.14 -
GData 19 2008.11.14 -
Ikarus T3.1.1.45.0 2008.11.14 -
K7AntiVirus 7.10.525 2008.11.14 -
Kaspersky 7.0.0.125 2008.11.14 -
McAfee 5434 2008.11.14 -
Microsoft 1.4104 2008.11.14 -
NOD32 3614 2008.11.14 -
Norman 5.80.02 2008.11.14 -
Panda 9.0.0.4 2008.11.14 -
PCTools 4.4.2.0 2008.11.14 -
Prevx1 V2 2008.11.14 -
Rising 21.03.42.00 2008.11.14 -
SecureWeb-Gateway 6.7.6 2008.11.14 -
Sophos 4.35.0 2008.11.14 -
Sunbelt 3.1.1801.2 2008.11.14 -
Symantec 10 2008.11.14 -
TheHacker 6.3.1.1.152 2008.11.13 -
TrendMicro 8.700.0.1004 2008.11.14 -
VBA32 3.12.8.9 2008.11.14 -
ViRobot 2008.11.14.1468 2008.11.14 -
VirusBuster 4.5.11.0 2008.11.14 -

Information additionnelle
File size: 405504 bytes
MD5...: 4f1bb63844548bb2ef33ff07030713a1
SHA1..: 1ffb023541f029ff1ce65843d21fe4f246be1476
SHA256: 6a626cde2cbce75291405e1feb5cf19d601613d081e87dd33c271b94383220ab
SHA512: f22d99d5508ff959a40801584573ea170d8545a7b485df607c980af6c7ceac0f<BR>1590e6d31f88ab6f9f28b971f04ab3288149926cc54c888c98f622f8a54b6fbd
PEiD..: -
TrID..: File type identification<BR>Win32 Executable Borland Delphi 5 (60.1%)<BR>Win32 Executable Borland Delphi 3 (34.9%)<BR>Win32 Executable Delphi generic (1.9%)<BR>Win32 Executable Generic (1.1%)<BR>Win32 Dynamic Link Library (generic) (1.0%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x44fbac<BR>timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 8 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>CODE 0x1000 0x4ebf4 0x4ec00 6.52 a401124ee8e5edb1dd423d69719c7a8b<BR>DATA 0x50000 0x1f00 0x2000 5.43 4e6678f40a2c129591932024cff5138a<BR>BSS 0x52000 0x85d 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.idata 0x53000 0x1f86 0x2000 4.93 ce9bc272643a80344bf07fc6080b2f7b<BR>.tls 0x55000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.rdata 0x56000 0x18 0x200 0.20 999af3ce0bb53134632dbd54dc89c809<BR>.reloc 0x57000 0x670c 0x6800 6.64 2287aed45c0237c6b77f47f3cbcb58c1<BR>.rsrc 0x5e000 0x9600 0x9600 4.33 b82db7ee0feffa345b687ca110c1db0b<BR><BR>( 12 imports ) <BR>> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpyA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, ExitProcess, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle<BR>> user32.dll: GetKeyboardType, LoadStringA, MessageBoxA<BR>> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey<BR>> oleaut32.dll: SafeArrayPutElement, SafeArrayGetElement, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysFreeString, SysReAllocStringLen, SysAllocStringLen<BR>> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA, GetModuleFileNameA<BR>> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey<BR>> kernel32.dll: WriteFile, WaitForSingleObject, VirtualQuery, VirtualAlloc, SizeofResource, SetThreadLocale, SetFilePointer, SetFileAttributesA, SetEvent, SetErrorMode, SetEndOfFile, SearchPathA, ReleaseMutex, ReadFile, OpenFileMappingA, MultiByteToWideChar, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, IsDBCSLeadByte, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetTickCount, GetThreadLocale, GetSystemInfo, GetShortPathNameA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFileAttributesA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCurrentDirectoryA, GetCPInfo, FreeResource, InterlockedIncrement, InterlockedDecrement, FreeLibrary, FormatMessageA, FindResourceA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, FatalAppExitA, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateMutexA, CreateFileA, CreateEventA, CompareStringA, CloseHandle<BR>> gdi32.dll: UnrealizeObject, StretchBlt, SetWindowOrgEx, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, Pie, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetTextMetricsA, GetTextExtentPointA, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetCurrentPositionEx, GetBrushOrgEx, GetBitmapBits, ExtTextOutA, ExcludeClipRect, EnumFontsA, EnumFontFamiliesExA, Ellipse, DeleteObject, DeleteDC, CreateSolidBrush, CreateRectRgn, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, BitBlt<BR>> user32.dll: WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowOwnedPopups, ShowCursor, SetWindowRgn, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, OemToCharBuffA, OemToCharA, MessageBoxA, MessageBeep, MapVirtualKeyA, LoadStringA, LoadIconA, LoadCursorA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRgn, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetSystemMetrics, GetSystemMenu, GetSysColor, GetSubMenu, GetScrollPos, GetPropA, GetParent, GetWindow, GetMenuStringA, GetMenuState, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClientRect, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreateWindowExA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerA, CharUpperBuffA, CharToOemBuffA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout<BR>> ole32.dll: OleUninitialize, OleInitialize, CoCreateInstance, CoUninitialize, CoInitialize<BR>> oleaut32.dll: GetErrorInfo, SysFreeString<BR>> comctl32.dll: ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create<BR><BR>( 0 exports ) <BR>
Fichier crccheck.vbs reçu le 2008.11.14 21:08:10 (CET)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.14.3 2008.11.14 -
AntiVir 7.9.0.31 2008.11.14 -
Authentium 5.1.0.4 2008.11.14 -
Avast 4.8.1281.0 2008.11.14 -
AVG 8.0.0.199 2008.11.14 -
BitDefender 7.2 2008.11.14 -
CAT-QuickHeal 10.00 2008.11.13 -
ClamAV 0.94.1 2008.11.14 -
DrWeb 4.44.0.09170 2008.11.14 -
eSafe 7.0.17.0 2008.11.13 -
eTrust-Vet 31.6.6208 2008.11.13 -
Ewido 4.0 2008.11.14 -
F-Prot 4.4.4.56 2008.11.14 -
F-Secure 8.0.14332.0 2008.11.14 -
Fortinet 3.117.0.0 2008.11.14 -
GData 19 2008.11.14 -
Ikarus T3.1.1.45.0 2008.11.14 -
K7AntiVirus 7.10.525 2008.11.14 -
Kaspersky 7.0.0.125 2008.11.14 -
McAfee 5434 2008.11.14 -
Microsoft 1.4104 2008.11.14 -
NOD32 3614 2008.11.14 -
Norman 5.80.02 2008.11.14 -
Panda 9.0.0.4 2008.11.14 Suspicious file
PCTools 4.4.2.0 2008.11.14 -
Prevx1 V2 2008.11.14 -
Rising 21.03.42.00 2008.11.14 -
SecureWeb-Gateway 6.7.6 2008.11.14 -
Sophos 4.35.0 2008.11.14 -
Sunbelt 3.1.1801.2 2008.11.14 -
Symantec 10 2008.11.14 -
TheHacker 6.3.1.1.152 2008.11.13 -
TrendMicro 8.700.0.1004 2008.11.14 -
VBA32 3.12.8.9 2008.11.14 -
ViRobot 2008.11.14.1468 2008.11.14 -
VirusBuster 4.5.11.0 2008.11.14 -

Information additionnelle
File size: 5036 bytes
MD5...: 9615c61432c11acb0128c565c757fc17
SHA1..: 95395b5fd37610cd556e7f2797d02be1bef543fa
SHA256: 0ca53157f8032be23ad66e5ca0ff8eacc112426688ca8e9a84e9be537302be43
SHA512: cba60f7209be1bc9ac557e11f44dbaa611142fc777e4f6e8a272efaa85d5674f<BR>80052f9c493f9eebca6b6c43355fc159ae98e0cb93e8cc620eda306fe2f1008a
PEiD..: -
TrID..: File type identification<BR>Unknown!
PEInfo: -

Fichier ClickMe.exe reçu le 2008.04.19 17:54:49 (CET)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
FileAdvisor - - -
Fortinet - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - Spyware.DollarRevenue
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -

Information additionnelle
MD5: 227c864bf7487f2103a56ad379fa96fa
SHA1: 7adc95130939b7e9a8ad4469dc325bc6d8dcbb2e
SHA256: a1b669e050841a8530aa4cd9f93bc7004e472cff7e7080e88438ecf63f4097a9
SHA512: 9102d7cfa617cf87eaed0ea61e0de704b211983408a1e695ea2c037983a8d1d7770f5fa21d83d585d8729a0feb7a4bc6f5b89be23b1a7528df02231e7af6ac94
<table border="1"><tr><td colspan="4">Fichier ClickMe.exe reçu le 2008.04.19 17:54:49 (CET)</td></tr><tr><td>Antivirus</td><td>Version</td><td>Dernière mise à jour</td><td>Résultat</td</tr><tr><td>AhnLab-V3</td><td>-</td><td>-</td><td>-</td</tr><tr><td>AntiVir</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Authentium</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Avast</td><td>-</td><td>-</td><td>-</td</tr><tr><td>AVG</td><td>-</td><td>-</td><td>-</td</tr><tr><td>BitDefender</td><td>-</td><td>-</td><td>-</td</tr><tr><td>CAT-QuickHeal</td><td>-</td><td>-</td><td>-</td</tr><tr><td>ClamAV</td><td>-</td><td>-</td><td>-</td</tr><tr><td>DrWeb</td><td>-</td><td>-</td><td>-</td</tr><tr><td>eSafe</td><td>-</td><td>-</td><td>-</td</tr><tr><td>eTrust-Vet</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Ewido</td><td>-</td><td>-</td><td>-</td</tr><tr><td>F-Prot</td><td>-</td><td>-</td><td>-</td</tr><tr><td>F-Secure</td><td>-</td><td>-</td><td>-</td</tr><tr><td>FileAdvisor</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Fortinet</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Ikarus</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Kaspersky</td><td>-</td><td>-</td><td>-</td</tr><tr><td>McAfee</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Microsoft</td><td>-</td><td>-</td><td>-</td</tr><tr><td>NOD32v2</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Norman</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Panda</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Prevx1</td><td>-</td><td>-</td><td style="color: red;">Spyware.DollarRevenue</td</tr><tr><td>Rising</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Sophos</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Sunbelt</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Symantec</td><td>-</td><td>-</td><td>-</td</tr><tr><td>TheHacker</td><td>-</td><td>-</td><td>-</td</tr><tr><td>VBA32</td><td>-</td><td>-</td><td>-</td</tr><tr><td>VirusBuster</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Webwasher-Gateway</td><td>-</td><td>-</td><td>-</td</tr><tr><td colspan="4"> </td></tr><tr><td colspan="4">Information additionnelle</td></tr><tr><td colspan="4">MD5: 227c864bf7487f2103a56ad379fa96fa</td></tr><tr><td colspan="4">SHA1: 7adc95130939b7e9a8ad4469dc325bc6d8dcbb2e</td></tr><tr><td colspan="4">SHA256: a1b669e050841a8530aa4cd9f93bc7004e472cff7e7080e88438ecf63f4097a9</td></tr><tr><td colspan="4">SHA512: 9102d7cfa617cf87eaed0ea61e0de704b211983408a1e695ea2c037983a8d1d7770f5fa21d83d585d8729a0feb7a4bc6f5b89be23b1a7528df02231e7af6ac94</td></tr></table>
Antivirus;Version;Dernière mise à jour;Résultat
AhnLab-V3;-;-;-
AntiVir;-;-;-
Authentium;-;-;-
Avast;-;-;-
AVG;-;-;-
BitDefender;-;-;-
CAT-QuickHeal;-;-;-
ClamAV;-;-;-
DrWeb;-;-;-
eSafe;-;-;-
eTrust-Vet;-;-;-
Ewido;-;-;-
F-Prot;-;-;-
F-Secure;-;-;-
FileAdvisor;-;-;-
Fortinet;-;-;-
Ikarus;-;-;-
Kaspersky;-;-;-
McAfee;-;-;-
Microsoft;-;-;-
NOD32v2;-;-;-
Norman;-;-;-
Panda;-;-;-
Prevx1;-;-;Spyware.DollarRevenue
Rising;-;-;-
Sophos;-;-;-
Sunbelt;-;-;-
Symantec;-;-;-
TheHacker;-;-;-
VBA32;-;-;-
VirusBuster;-;-;-
Webwasher-Gateway;-;-;-

Information additionnelle
MD5: 227c864bf7487f2103a56ad379fa96fa
SHA1: 7adc95130939b7e9a8ad4469dc325bc6d8dcbb2e
SHA256: a1b669e050841a8530aa4cd9f93bc7004e472cff7e7080e88438ecf63f4097a9
SHA512: 9102d7cfa617cf87eaed0ea61e0de704b211983408a1e695ea2c037983a8d1d7770f5fa21d83d585d8729a0feb7a4bc6f5b89be23b1a7528df02231e7af6ac94

Fichier crccheck.vbs reçu le 2008.11.14 21:08:10 (CET)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.14.3 2008.11.14 -
AntiVir 7.9.0.31 2008.11.14 -
Authentium 5.1.0.4 2008.11.14 -
Avast 4.8.1281.0 2008.11.14 -
AVG 8.0.0.199 2008.11.14 -
BitDefender 7.2 2008.11.14 -
CAT-QuickHeal 10.00 2008.11.13 -
ClamAV 0.94.1 2008.11.14 -
DrWeb 4.44.0.09170 2008.11.14 -
eSafe 7.0.17.0 2008.11.13 -
eTrust-Vet 31.6.6208 2008.11.13 -
Ewido 4.0 2008.11.14 -
F-Prot 4.4.4.56 2008.11.14 -
F-Secure 8.0.14332.0 2008.11.14 -
Fortinet 3.117.0.0 2008.11.14 -
GData 19 2008.11.14 -
Ikarus T3.1.1.45.0 2008.11.14 -
K7AntiVirus 7.10.525 2008.11.14 -
Kaspersky 7.0.0.125 2008.11.14 -
McAfee 5434 2008.11.14 -
Microsoft 1.4104 2008.11.14 -
NOD32 3614 2008.11.14 -
Norman 5.80.02 2008.11.14 -
Panda 9.0.0.4 2008.11.14 Suspicious file
PCTools 4.4.2.0 2008.11.14 -
Prevx1 V2 2008.11.14 -
Rising 21.03.42.00 2008.11.14 -
SecureWeb-Gateway 6.7.6 2008.11.14 -
Sophos 4.35.0 2008.11.14 -
Sunbelt 3.1.1801.2 2008.11.14 -
Symantec 10 2008.11.14 -
TheHacker 6.3.1.1.152 2008.11.13 -
TrendMicro 8.700.0.1004 2008.11.14 -
VBA32 3.12.8.9 2008.11.14 -
ViRobot 2008.11.14.1468 2008.11.14 -
VirusBuster 4.5.11.0 2008.11.14 -

Information additionnelle
File size: 5036 bytes
MD5...: 9615c61432c11acb0128c565c757fc17
SHA1..: 95395b5fd37610cd556e7f2797d02be1bef543fa
SHA256: 0ca53157f8032be23ad66e5ca0ff8eacc112426688ca8e9a84e9be537302be43
SHA512: cba60f7209be1bc9ac557e11f44dbaa611142fc777e4f6e8a272efaa85d5674f<BR>80052f9c493f9eebca6b6c43355fc159ae98e0cb93e8cc620eda306fe2f1008a
PEiD..: -
TrID..: File type identification<BR>Unknown!
PEInfo: -

une precission je n'ai rien coché ni decoché dans option dossier, tout etait deja fait cela est il normal?

bonjour,

ci-joint le rapport

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
K:\crccheck.vbs moved successfully.
K:\ClickMe.exe moved successfully.
========== COMMANDS ==========
Explorer started successfully
File delete failed. D:\DOCUME~1\GRARDE~1.SN1\LOCALS~1\Temp\~ROMFN_00000DD4 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\CLML_AGENT_LOG1.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4a0.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_740.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_f0.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_BTgRaD7AeBhDj5Y scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11152008_065324

Files moved on Reboot...
File D:\DOCUME~1\GRARDE~1.SN1\LOCALS~1\Temp\~ROMFN_00000DD4 not found!
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\temp\logishrd\LVPrcInj01.dll
C:\WINDOWS\temp\logishrd\LVPrcInj01.dll NOT unregistered.
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\CLML_AGENT_LOG1.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_4a0.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_740.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_f0.dat moved successfully.
File C:\WINDOWS\temp\sqlite_BTgRaD7AeBhDj5Y not found!

je ne sais quelle virus ou autre et dans mon ordi et a quel endroit!!!!
il est toujours là
l'ordi redemarre toujours avec la commande arret
pas faute de vote part de ne pas chercher !!!
avez vous deja eu un probleme aussi dur a regler?
je joint le rapport

je garde espoir avec votre aide nous aurons a un moment donné gain de causse de ce probleme

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:03:04, on 15/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mouse Driver\KMWDSrv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\system32\UAService7.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\APPS\Powercinema\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Mouse Driver\StartAutorun.exe
C:\Program Files\Mouse Driver\KMConfig.exe
C:\APPS\SMP\SmpSys.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mouse Driver\KMProcess.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\program files\orange\media player\Media Player.exe
C:\Program Files\Larousse\Petit Larousse 2009\bin\Hyperappel.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\JMAPP3.exe
C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\PowerSave.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\internet explorer\iexplore.exe
D:\Documents and Settings\GRARDEL.SN117655920314\Bureau\09-11-2008\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO Barre de Confiance - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O2 - BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Barre de confiance - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [MediaDICO9Il] C:\Program Files\Micro Application\9 Dictionnaires Illustrés\LanceMediaDICO9Il.exe Lancement
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Packard Bell Software Suite] C:\Program Files\Packard Bell\Packard Bell Software Suite\Launcher.exe /run
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [OrangePlayer] c:\program files\orange\media player\Media Player.exe /systray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [OrangePlayer] c:\program files\orange\media player\Media Player.exe /systray (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NeroScoutOptions.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NeroScoutOptions.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Hyperappel du Petit Larousse 2009.lnk = C:\Program Files\Larousse\Petit Larousse 2009\bin\Hyperappel.exe
O4 - Global Startup: OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.zebulon.fr/outils/antivirus/kavwebscan_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega.DMFacade.Interface) - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.orderingmemory.com/controls/cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9117AA14-86C5-470E-8D38-60BFAF784434}: NameServer = 80.10.246.130 81.253.149.10
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Mouse Driver\KMWDSrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Packard Bell Software Suite Service 1 (Service1) - Packard Bell Services - C:\Program Files\Packard Bell\Packard Bell Software Suite\PowerSave\HDPBSSS.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

aucun changement

j'ai nero7 qui est installé

si vous pouvez trouver le fichier crack de nero car je ne sais lequel supprimer

merci

la desinstalation dois etre faite par le panneau de configuration ?
y a t il une commande par connaitre les dates d'intallation afin de desintallé les derniers

a bientot de vous lire, merci de votre patience et prise en charge.

j'ai fais l'inventaire de mes installations logiciel et materiel.
j'ai supprimé tout les logiciel sans resultat pour enfin pensé a la souris sans fil que j'ai connecté sur mon ordi.
je l'ai enlevé et remplacé par une souris classique et mon ordi ne redemarre plus.
une histoire de fou!!!!!

maintenant pourquoi la souris fait redemarrer l'ordi ?
elle est de marque SANGHA modele M-7112G

je vous souhaite une bonne soirée a bientot de vous lire