Pc infecté !!! help svp !
noknok01
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour tout le monde,
j'ai un problème avec mon pc (qui s'en doutait... :D) il y a quelques jours alors qu'une copine branchait sa clé usb sur mon pc, avast m'a alerté qu'une sale bestiole, un trojan je crois, avait migré vers mon pc..."oliga" je crois...depuis mon pc rame terriblement....
quelqu'un pourrait-il me dire comment virer cette %µ*^£§!! svp ?
à++ ;)
j'ai un problème avec mon pc (qui s'en doutait... :D) il y a quelques jours alors qu'une copine branchait sa clé usb sur mon pc, avast m'a alerté qu'une sale bestiole, un trojan je crois, avait migré vers mon pc..."oliga" je crois...depuis mon pc rame terriblement....
quelqu'un pourrait-il me dire comment virer cette %µ*^£§!! svp ?
à++ ;)
A voir également:
- Pc infecté !!! help svp !
- Reinitialiser pc - Guide
- Test performance pc - Guide
- Pc lent - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Forcer demarrage pc - Guide
4 réponses
bonsoir,
Commence par poster un rapport HijackThis stp,
>Télécharge HiJackThis : http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
- Lance le programme, puis sélectionne < do a system scan and save a logfile >
- Enregistre le rapport sur ton bureau.
Et envoie, par copier/coller, ton log Hijackthis sur le forum,
A+
Tuto : si problème : http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
Commence par poster un rapport HijackThis stp,
>Télécharge HiJackThis : http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
- Lance le programme, puis sélectionne < do a system scan and save a logfile >
- Enregistre le rapport sur ton bureau.
Et envoie, par copier/coller, ton log Hijackthis sur le forum,
A+
Tuto : si problème : http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
salut archet9,
voilàle rapport du scan que tu m'as demandé
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:43:06, on 11/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2C9CAD4C-0F2C-4061-923B-2ABBB7D3454C} - C:\WINDOWS\system32\rqRKARjK.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {747D7961-AC00-4610-AA58-14ADCBB937E1} - C:\WINDOWS\system32\cbXRHwvU.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9EC4A248-FDE4-4BC2-830E-725CB59E98A0} - C:\WINDOWS\system32\byXPIxvt.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {BDD714BC-D36C-487B-8142-8BA020FB6535} - C:\WINDOWS\system32\urqoligH.dll (file missing)
O2 - BHO: (no name) - {C8B167F1-7C8E-4666-AE69-7211828DC1F2} - C:\WINDOWS\system32\ddcArqOF.dll (file missing)
O2 - BHO: (no name) - {FCB7D915-A464-4A32-B7CA-35D6B20BC6DA} - C:\WINDOWS\system32\cbXRJAtu.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WindowFX] C:\Program Files\Stardock\Object Desktop\WindowFX\\wfxload.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingD4548] cmd /c del "C:\WINDOWS\system32\byXPIxvt.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1315] command /c del "C:\WINDOWS\system32\dbvmhtkm.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8374] cmd /c del "C:\WINDOWS\system32\dbvmhtkm.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7773] command /c del "C:\WINDOWS\system32\jloudeov.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5340] cmd /c del "C:\WINDOWS\system32\jloudeov.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1693] command /c del "C:\WINDOWS\system32\byXPIxvt.dll_old"
O4 - HKUS\S-1-5-19\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'Default user')
O4 - S-1-5-18 Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: TranspApps.lnk = C:\Program Files\Vasilios Applications\TranspApps\TranspApps.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'Default user')
O4 - .DEFAULT Startup: TranspApps.lnk = C:\Program Files\Vasilios Applications\TranspApps\TranspApps.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: TranspApps.lnk = C:\Program Files\Vasilios Applications\TranspApps\TranspApps.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?01e870d5df3f4bd8a818f90159ad7229
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?01e870d5df3f4bd8a818f90159ad7229
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - Winlogon Notify: urqoligH - urqoligH.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
voilàle rapport du scan que tu m'as demandé
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:43:06, on 11/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2C9CAD4C-0F2C-4061-923B-2ABBB7D3454C} - C:\WINDOWS\system32\rqRKARjK.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {747D7961-AC00-4610-AA58-14ADCBB937E1} - C:\WINDOWS\system32\cbXRHwvU.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9EC4A248-FDE4-4BC2-830E-725CB59E98A0} - C:\WINDOWS\system32\byXPIxvt.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {BDD714BC-D36C-487B-8142-8BA020FB6535} - C:\WINDOWS\system32\urqoligH.dll (file missing)
O2 - BHO: (no name) - {C8B167F1-7C8E-4666-AE69-7211828DC1F2} - C:\WINDOWS\system32\ddcArqOF.dll (file missing)
O2 - BHO: (no name) - {FCB7D915-A464-4A32-B7CA-35D6B20BC6DA} - C:\WINDOWS\system32\cbXRJAtu.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WindowFX] C:\Program Files\Stardock\Object Desktop\WindowFX\\wfxload.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingD4548] cmd /c del "C:\WINDOWS\system32\byXPIxvt.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1315] command /c del "C:\WINDOWS\system32\dbvmhtkm.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8374] cmd /c del "C:\WINDOWS\system32\dbvmhtkm.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7773] command /c del "C:\WINDOWS\system32\jloudeov.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5340] cmd /c del "C:\WINDOWS\system32\jloudeov.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1693] command /c del "C:\WINDOWS\system32\byXPIxvt.dll_old"
O4 - HKUS\S-1-5-19\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'Default user')
O4 - S-1-5-18 Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: TranspApps.lnk = C:\Program Files\Vasilios Applications\TranspApps\TranspApps.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'Default user')
O4 - .DEFAULT Startup: TranspApps.lnk = C:\Program Files\Vasilios Applications\TranspApps\TranspApps.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: TranspApps.lnk = C:\Program Files\Vasilios Applications\TranspApps\TranspApps.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?01e870d5df3f4bd8a818f90159ad7229
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?01e870d5df3f4bd8a818f90159ad7229
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - Winlogon Notify: urqoligH - urqoligH.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
infection vundo....
fait ceci:
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\ important
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
a+
fait ceci:
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\ important
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
a+
ComboFix 08-11-11.01 - Administrateur 2008-11-12 17:56:27.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1289 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\BM5f583621.txt
c:\windows\BM5f583621.xml
c:\windows\IE4 Error Log.txt
c:\windows\system32\aqrrwuvs.ini
c:\windows\system32\aqrrwuvs.ini2
c:\windows\system32\aqrrwuvs.tmp
c:\windows\system32\byyhcxhj.ini
c:\windows\system32\CID
c:\windows\system32\FOqrAcdd.ini
c:\windows\system32\FOqrAcdd.ini2
c:\windows\system32\intufuyb.ini
c:\windows\system32\KjRAKRqr.ini
c:\windows\system32\KjRAKRqr.ini2
c:\windows\system32\lsprst7.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\mmwkunqe.ini
c:\windows\system32\mpmwfhhl.ini
c:\windows\system32\mqvekvgx.ini
c:\windows\system32\pvltpbpt.ini
c:\windows\system32\ssprs.dll
c:\windows\system32\SvcNm
c:\windows\system32\tvxIPXyb.ini
c:\windows\system32\tvxIPXyb.ini2
c:\windows\system32\ugawugpu.ini
c:\windows\system32\url1
c:\windows\system32\url2
c:\windows\system32\url3
c:\windows\system32\utAJRXbc.ini
c:\windows\system32\utAJRXbc.ini2
c:\windows\system32\UvwHRXbc.ini
c:\windows\system32\UvwHRXbc.ini2
c:\windows\system32\vxmfnlaa.ini
c:\windows\system32\wscmp.dll.tmp
c:\windows\system32\wypyqlfo.ini
c:\windows\Temp\scsE.tmp
c:\windows\Temp\scsF.tmp
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NTLOAD
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-12 au 2008-11-12 ))))))))))))))))))))))))))))))))))))
.
2008-11-10 03:11 . 2008-11-10 03:11 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-10 03:11 . 2008-11-10 03:11 1,409 --a------ c:\windows\QTFont.for
2008-11-05 01:44 . 2008-11-07 02:34 <REP> d-------- c:\documents and settings\Administrateur\Application Data\dvdcss
2008-10-25 09:31 . 2008-10-25 11:27 <REP> d-------- C:\GTA San Andreas User Files
2008-10-15 14:25 . 2008-10-15 14:25 <REP> d-------- c:\program files\Rockstar Games
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-11 23:43 --------- d-----w c:\documents and settings\Administrateur\Application Data\uTorrent
2008-10-12 22:58 --------- d-----w c:\documents and settings\Administrateur\Application Data\gtk-2.0
2008-10-10 14:04 --------- d-----w c:\program files\Xilisoft
2008-10-10 14:04 --------- d-----w c:\documents and settings\Administrateur\Application Data\Xilisoft Corporation
2008-10-05 23:06 --------- d-----w c:\program files\Activision
2008-10-05 09:25 --------- d-----w c:\program files\Veoh Networks
2008-10-04 20:03 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-10-04 16:13 --------- d-----w c:\documents and settings\Administrateur\Application Data\vlc
2008-10-04 16:08 --------- d-----w c:\program files\VideoLAN
2008-10-01 13:37 --------- d-----w c:\program files\Fichiers communs\Macromedia
2008-10-01 13:36 --------- d-----w c:\program files\Macromedia
2008-09-28 03:54 --------- d-----w c:\program files\uTorrent
2008-09-26 21:24 --------- d-----w c:\program files\ArKaos VJ 3.6.1 FC2
2008-09-26 10:21 --------- d-----w c:\program files\Stardock
2008-09-23 05:40 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-09-23 05:36 --------- d--h--r c:\documents and settings\Administrateur\Application Data\SecuROM
2007-11-25 09:44 24,640 -c--a-w c:\program files\Fichiers communs\security
.
------- Sigcheck -------
2005-07-21 13:18 578048 0df75fb73f705b011630159a43d7c354 c:\windows\system32\user32.dll
2005-07-18 19:14 359936 3c6e2f1f8ba768d1a5b033fb9429f242 c:\windows\system32\drivers\tcpip.sys
2005-07-23 13:37 2017280 50b3a210b6fa8d3089a36a32e7d8b21f c:\windows\system32\ntkrnlpa.exe
2005-07-21 13:18 2137600 e75f7aa5a33479f29c636fd0890f5762 c:\windows\system32\ntoskrnl.exe
2005-07-21 13:18 1036288 0bee3b07ace3303ee57698808e1d2de3 c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
"WindowFX"="c:\program files\Stardock\Object Desktop\WindowFX\\wfxload.exe" [2006-08-02 820912]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingD4548"="del" [X]
"SpybotDeletingB1315"="command" [X]
"SpybotDeletingD8374"="del" [X]
"SpybotDeletingB7773"="command" [X]
"SpybotDeletingD5340"="del" [X]
"SpybotDeletingB1693"="command" [X]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 200069]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 221184]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-11-20 185632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-10-19 286720]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"nwiz"="nwiz.exe" [2007-10-04 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 c:\windows\RTHDCPL.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-03-14 2756608]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi2"= ma_cmidn.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Image-Line\\FL Studio 7\\FL.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
R1 Asapi;Asapi;c:\windows\system32\drivers\Asapi.sys [2002-04-17 11264]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 MA_CMIDI;%EVOL_USB.SvcDesc%;c:\windows\system32\drivers\ma_cmidi.sys [2005-06-14 21888]
R3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\Drivers\tascusb2.sys [2007-12-18 360448]
R3 TASCAM_US122L_MIDI;TASCAM US-122L WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [2007-12-18 18944]
R3 TASCAM_US122L_WDM;TASCAM US-122L WDM;c:\windows\system32\drivers\tscusb2a.sys [2007-12-18 33792]
S3 BCMIDI;BCMIDI;c:\windows\system32\Drivers\bcmidi2.sys [2005-10-19 22432]
S3 BCR2000;B-Control Rotary/Fader 2000 (08/04/2004,1.1.1.0);c:\windows\system32\drivers\bcr2000.sys [2004-08-13 21024]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c367aca-aa1b-11dd-a35e-001bb9beaf4e}]
\Shell\AutoRun\command - L:\u9dyi.exe
\Shell\explore\Command - L:\u9dyi.exe
\Shell\open\Command - L:\u9dyi.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea285d52-f28f-11dc-a2da-001bb9beaf4e}]
\Shell\Auto\command - wscript "esta ig.vbs"
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript "esta ig.vbs"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea285d53-f28f-11dc-a2da-001bb9beaf4e}]
\Shell\Auto\command - wscript "esta ig.vbs"
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript "esta ig.vbs"
.
Contenu du dossier 'Tâches planifiées'
2008-11-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
2008-11-12 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 15:54]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{2C9CAD4C-0F2C-4061-923B-2ABBB7D3454C} - c:\windows\system32\rqRKARjK.dll
BHO-{747D7961-AC00-4610-AA58-14ADCBB937E1} - c:\windows\system32\cbXRHwvU.dll
BHO-{9EC4A248-FDE4-4BC2-830E-725CB59E98A0} - c:\windows\system32\byXPIxvt.dll
BHO-{BDD714BC-D36C-487B-8142-8BA020FB6535} - (no file)
BHO-{C8B167F1-7C8E-4666-AE69-7211828DC1F2} - c:\windows\system32\ddcArqOF.dll
BHO-{FCB7D915-A464-4A32-B7CA-35D6B20BC6DA} - c:\windows\system32\cbXRJAtu.dll
HKLM-Run-RemoteControl8 - c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe
HKLM-Run-PDVD8LanguageShortcut - c:\program files\CyberLink\PowerDVD8\Language\Language.exe
HKU-Default-RunOnce-XPPro4.0 - c:\windows\REG\run.cmd
Notify-urqoligH - urqoligH.dll
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\3fx8vg5j.default\
FF -: plugin - c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-12 18:00:27
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\wdfmgr.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Stardock\Object Desktop\WindowFX\wfxload.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2008-11-12 18:02:17 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-12 17:02:12
Avant-CF: 47 162 191 872 octets libres
Après-CF: 48,896,479,232 octets libres
235
voilà le rapport !
sacrebleu c'que j'ai eu la pétoche pendant que ce truc tournait...je dois préciser quelques trucs ::: au redémarrage combo fix s'ouvre de suite et demande à ce qu'aucune appli ne soit lancée,or j'ai 2 logiciels qui démarrent automatiquement, dont spybot qui me demande si j'autorise une modif ( valeur supprimée = alcmtr.exe) dois je autoriser ou refuser ? autre petit point l'icone d'avast n'apparait plus dans la barre de taches à coté de l'heure malgré plusieurs tentatives de réactivation (dans "thèmes") cela veut il dire qu' avast tourne pas comme il faut ou ça n'a aucune importance??
un grand merci pour ton aide, et j'espère pas trop abuser de ton temps et de ta patience....
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1289 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\BM5f583621.txt
c:\windows\BM5f583621.xml
c:\windows\IE4 Error Log.txt
c:\windows\system32\aqrrwuvs.ini
c:\windows\system32\aqrrwuvs.ini2
c:\windows\system32\aqrrwuvs.tmp
c:\windows\system32\byyhcxhj.ini
c:\windows\system32\CID
c:\windows\system32\FOqrAcdd.ini
c:\windows\system32\FOqrAcdd.ini2
c:\windows\system32\intufuyb.ini
c:\windows\system32\KjRAKRqr.ini
c:\windows\system32\KjRAKRqr.ini2
c:\windows\system32\lsprst7.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\mmwkunqe.ini
c:\windows\system32\mpmwfhhl.ini
c:\windows\system32\mqvekvgx.ini
c:\windows\system32\pvltpbpt.ini
c:\windows\system32\ssprs.dll
c:\windows\system32\SvcNm
c:\windows\system32\tvxIPXyb.ini
c:\windows\system32\tvxIPXyb.ini2
c:\windows\system32\ugawugpu.ini
c:\windows\system32\url1
c:\windows\system32\url2
c:\windows\system32\url3
c:\windows\system32\utAJRXbc.ini
c:\windows\system32\utAJRXbc.ini2
c:\windows\system32\UvwHRXbc.ini
c:\windows\system32\UvwHRXbc.ini2
c:\windows\system32\vxmfnlaa.ini
c:\windows\system32\wscmp.dll.tmp
c:\windows\system32\wypyqlfo.ini
c:\windows\Temp\scsE.tmp
c:\windows\Temp\scsF.tmp
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NTLOAD
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-12 au 2008-11-12 ))))))))))))))))))))))))))))))))))))
.
2008-11-10 03:11 . 2008-11-10 03:11 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-10 03:11 . 2008-11-10 03:11 1,409 --a------ c:\windows\QTFont.for
2008-11-05 01:44 . 2008-11-07 02:34 <REP> d-------- c:\documents and settings\Administrateur\Application Data\dvdcss
2008-10-25 09:31 . 2008-10-25 11:27 <REP> d-------- C:\GTA San Andreas User Files
2008-10-15 14:25 . 2008-10-15 14:25 <REP> d-------- c:\program files\Rockstar Games
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-11 23:43 --------- d-----w c:\documents and settings\Administrateur\Application Data\uTorrent
2008-10-12 22:58 --------- d-----w c:\documents and settings\Administrateur\Application Data\gtk-2.0
2008-10-10 14:04 --------- d-----w c:\program files\Xilisoft
2008-10-10 14:04 --------- d-----w c:\documents and settings\Administrateur\Application Data\Xilisoft Corporation
2008-10-05 23:06 --------- d-----w c:\program files\Activision
2008-10-05 09:25 --------- d-----w c:\program files\Veoh Networks
2008-10-04 20:03 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-10-04 16:13 --------- d-----w c:\documents and settings\Administrateur\Application Data\vlc
2008-10-04 16:08 --------- d-----w c:\program files\VideoLAN
2008-10-01 13:37 --------- d-----w c:\program files\Fichiers communs\Macromedia
2008-10-01 13:36 --------- d-----w c:\program files\Macromedia
2008-09-28 03:54 --------- d-----w c:\program files\uTorrent
2008-09-26 21:24 --------- d-----w c:\program files\ArKaos VJ 3.6.1 FC2
2008-09-26 10:21 --------- d-----w c:\program files\Stardock
2008-09-23 05:40 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-09-23 05:36 --------- d--h--r c:\documents and settings\Administrateur\Application Data\SecuROM
2007-11-25 09:44 24,640 -c--a-w c:\program files\Fichiers communs\security
.
------- Sigcheck -------
2005-07-21 13:18 578048 0df75fb73f705b011630159a43d7c354 c:\windows\system32\user32.dll
2005-07-18 19:14 359936 3c6e2f1f8ba768d1a5b033fb9429f242 c:\windows\system32\drivers\tcpip.sys
2005-07-23 13:37 2017280 50b3a210b6fa8d3089a36a32e7d8b21f c:\windows\system32\ntkrnlpa.exe
2005-07-21 13:18 2137600 e75f7aa5a33479f29c636fd0890f5762 c:\windows\system32\ntoskrnl.exe
2005-07-21 13:18 1036288 0bee3b07ace3303ee57698808e1d2de3 c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
"WindowFX"="c:\program files\Stardock\Object Desktop\WindowFX\\wfxload.exe" [2006-08-02 820912]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingD4548"="del" [X]
"SpybotDeletingB1315"="command" [X]
"SpybotDeletingD8374"="del" [X]
"SpybotDeletingB7773"="command" [X]
"SpybotDeletingD5340"="del" [X]
"SpybotDeletingB1693"="command" [X]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 200069]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 221184]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-11-20 185632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-10-19 286720]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"nwiz"="nwiz.exe" [2007-10-04 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 c:\windows\RTHDCPL.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-03-14 2756608]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi2"= ma_cmidn.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Image-Line\\FL Studio 7\\FL.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
R1 Asapi;Asapi;c:\windows\system32\drivers\Asapi.sys [2002-04-17 11264]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 MA_CMIDI;%EVOL_USB.SvcDesc%;c:\windows\system32\drivers\ma_cmidi.sys [2005-06-14 21888]
R3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\Drivers\tascusb2.sys [2007-12-18 360448]
R3 TASCAM_US122L_MIDI;TASCAM US-122L WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [2007-12-18 18944]
R3 TASCAM_US122L_WDM;TASCAM US-122L WDM;c:\windows\system32\drivers\tscusb2a.sys [2007-12-18 33792]
S3 BCMIDI;BCMIDI;c:\windows\system32\Drivers\bcmidi2.sys [2005-10-19 22432]
S3 BCR2000;B-Control Rotary/Fader 2000 (08/04/2004,1.1.1.0);c:\windows\system32\drivers\bcr2000.sys [2004-08-13 21024]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c367aca-aa1b-11dd-a35e-001bb9beaf4e}]
\Shell\AutoRun\command - L:\u9dyi.exe
\Shell\explore\Command - L:\u9dyi.exe
\Shell\open\Command - L:\u9dyi.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea285d52-f28f-11dc-a2da-001bb9beaf4e}]
\Shell\Auto\command - wscript "esta ig.vbs"
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript "esta ig.vbs"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea285d53-f28f-11dc-a2da-001bb9beaf4e}]
\Shell\Auto\command - wscript "esta ig.vbs"
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript "esta ig.vbs"
.
Contenu du dossier 'Tâches planifiées'
2008-11-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
2008-11-12 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 15:54]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{2C9CAD4C-0F2C-4061-923B-2ABBB7D3454C} - c:\windows\system32\rqRKARjK.dll
BHO-{747D7961-AC00-4610-AA58-14ADCBB937E1} - c:\windows\system32\cbXRHwvU.dll
BHO-{9EC4A248-FDE4-4BC2-830E-725CB59E98A0} - c:\windows\system32\byXPIxvt.dll
BHO-{BDD714BC-D36C-487B-8142-8BA020FB6535} - (no file)
BHO-{C8B167F1-7C8E-4666-AE69-7211828DC1F2} - c:\windows\system32\ddcArqOF.dll
BHO-{FCB7D915-A464-4A32-B7CA-35D6B20BC6DA} - c:\windows\system32\cbXRJAtu.dll
HKLM-Run-RemoteControl8 - c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe
HKLM-Run-PDVD8LanguageShortcut - c:\program files\CyberLink\PowerDVD8\Language\Language.exe
HKU-Default-RunOnce-XPPro4.0 - c:\windows\REG\run.cmd
Notify-urqoligH - urqoligH.dll
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\3fx8vg5j.default\
FF -: plugin - c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-12 18:00:27
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\wdfmgr.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Stardock\Object Desktop\WindowFX\wfxload.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2008-11-12 18:02:17 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-12 17:02:12
Avant-CF: 47 162 191 872 octets libres
Après-CF: 48,896,479,232 octets libres
235
voilà le rapport !
sacrebleu c'que j'ai eu la pétoche pendant que ce truc tournait...je dois préciser quelques trucs ::: au redémarrage combo fix s'ouvre de suite et demande à ce qu'aucune appli ne soit lancée,or j'ai 2 logiciels qui démarrent automatiquement, dont spybot qui me demande si j'autorise une modif ( valeur supprimée = alcmtr.exe) dois je autoriser ou refuser ? autre petit point l'icone d'avast n'apparait plus dans la barre de taches à coté de l'heure malgré plusieurs tentatives de réactivation (dans "thèmes") cela veut il dire qu' avast tourne pas comme il faut ou ça n'a aucune importance??
un grand merci pour ton aide, et j'espère pas trop abuser de ton temps et de ta patience....
il faut bien lire les consignes avant d exécuter 1log...
tu n avais pas fait ceci:
--/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
pour avast on verra + tard
pous spybot: desactive le tea timer:
http://img81.imageshack.us/img81/7585/spybotrsident2ke.jpg
colle 1 nouveau scan hijack stp...
a+
Antonio Giacomo Stradivari, souvent appelé Stradivarius (Crémone, 1644 - Crémone, 18 décembre 1737
Le Soil (1714), considéré par beaucoup comme le meilleur instrument du monde.
peu de temps avant sa mort il cherchait encore...
tu n avais pas fait ceci:
--/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
pour avast on verra + tard
pous spybot: desactive le tea timer:
http://img81.imageshack.us/img81/7585/spybotrsident2ke.jpg
colle 1 nouveau scan hijack stp...
a+
Antonio Giacomo Stradivari, souvent appelé Stradivarius (Crémone, 1644 - Crémone, 18 décembre 1737
Le Soil (1714), considéré par beaucoup comme le meilleur instrument du monde.
peu de temps avant sa mort il cherchait encore...
voilà le nouveau hijackthis ::
et
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:05:33, on 12/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Image-Line\FL Studio 7\FL.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2C9CAD4C-0F2C-4061-923B-2ABBB7D3454C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {747D7961-AC00-4610-AA58-14ADCBB937E1} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9EC4A248-FDE4-4BC2-830E-725CB59E98A0} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {BDD714BC-D36C-487B-8142-8BA020FB6535} - (no file)
O2 - BHO: (no name) - {C8B167F1-7C8E-4666-AE69-7211828DC1F2} - (no file)
O2 - BHO: (no name) - {FCB7D915-A464-4A32-B7CA-35D6B20BC6DA} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WindowFX] C:\Program Files\Stardock\Object Desktop\WindowFX\\wfxload.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingD4548] cmd /c del "C:\WINDOWS\system32\byXPIxvt.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1315] command /c del "C:\WINDOWS\system32\dbvmhtkm.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8374] cmd /c del "C:\WINDOWS\system32\dbvmhtkm.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7773] command /c del "C:\WINDOWS\system32\jloudeov.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5340] cmd /c del "C:\WINDOWS\system32\jloudeov.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1693] command /c del "C:\WINDOWS\system32\byXPIxvt.dll_old"
O4 - HKUS\S-1-5-19\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - S-1-5-18 Startup: TranspApps.lnk = C:\Program Files\Vasilios Applications\TranspApps\TranspApps.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: TranspApps.lnk = C:\Program Files\Vasilios Applications\TranspApps\TranspApps.exe (User 'Default user')
O4 - Startup: TranspApps.lnk = C:\Program Files\Vasilios Applications\TranspApps\TranspApps.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?01e870d5df3f4bd8a818f90159ad7229
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?01e870d5df3f4bd8a818f90159ad7229
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - Winlogon Notify: urqoligH - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
et
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:05:33, on 12/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Image-Line\FL Studio 7\FL.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2C9CAD4C-0F2C-4061-923B-2ABBB7D3454C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {747D7961-AC00-4610-AA58-14ADCBB937E1} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9EC4A248-FDE4-4BC2-830E-725CB59E98A0} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {BDD714BC-D36C-487B-8142-8BA020FB6535} - (no file)
O2 - BHO: (no name) - {C8B167F1-7C8E-4666-AE69-7211828DC1F2} - (no file)
O2 - BHO: (no name) - {FCB7D915-A464-4A32-B7CA-35D6B20BC6DA} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WindowFX] C:\Program Files\Stardock\Object Desktop\WindowFX\\wfxload.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingD4548] cmd /c del "C:\WINDOWS\system32\byXPIxvt.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1315] command /c del "C:\WINDOWS\system32\dbvmhtkm.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8374] cmd /c del "C:\WINDOWS\system32\dbvmhtkm.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7773] command /c del "C:\WINDOWS\system32\jloudeov.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5340] cmd /c del "C:\WINDOWS\system32\jloudeov.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1693] command /c del "C:\WINDOWS\system32\byXPIxvt.dll_old"
O4 - HKUS\S-1-5-19\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - S-1-5-18 Startup: TranspApps.lnk = C:\Program Files\Vasilios Applications\TranspApps\TranspApps.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: TranspApps.lnk = C:\Program Files\Vasilios Applications\TranspApps\TranspApps.exe (User 'Default user')
O4 - Startup: TranspApps.lnk = C:\Program Files\Vasilios Applications\TranspApps\TranspApps.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?01e870d5df3f4bd8a818f90159ad7229
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?01e870d5df3f4bd8a818f90159ad7229
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - Winlogon Notify: urqoligH - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe