Sujet Précédent Sujet Suivant

WinupGro et Virus

Résolu/Fermé
X_Cyr - 12 déc. 2008 à 12:43
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 - 8 janv. 2009 à 23:34
Bonjour,
J'ai chopé plusieurs virus :
- Backdoor.Graybird
- Dialer.stardial
- Adware.Begin2search
- Adware.ZenoSearch

Et un Bagle :
WinUpGro

Je sais que j'ai d'autres trojan mais je ne me souviens plus.

Le problème est que Norton a été bloqué et ne veut plus démarrer. J'ai lancé un "FindyKill" et un "CCleaner". Maintenant je me demande s'il reste des virus et comment je peux redémarrer Norton ? Si je dois le réinstaller il faut que mon Pc soit clean.
Merci par avance.

16 réponses

Réponse 1 / 16
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
12 déc. 2008 à 13:33
slt,


vire tes cracks

puis

Télécharge Combofix de sUBs : aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: http://bibou0007.forumpro.fr/tutos-f45/tutorial-combofix-t12­1.htm

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
_________________



colle un rapport hijackthis
https://www.01net.com/404/


manuel :

http://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.ht(...)


Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
0
Réponse 2 / 16
X_Cyr
12 déc. 2008 à 13:34
Hum... En attendant j'ai fais un Malwarebytes' Anti-Malware
J'ai eu ce rapport :
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2db32fc3-67e2-5e28-6d4d-43001fcb7d5c} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2db32fc3-67e2-5e28-6d4d-43001fcb7d5c} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5d9ee94-e42b-f5d1-66fe-9b1b2f0d9e6b} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5d9ee94-e42b-f5d1-66fe-9b1b2f0d9e6b} (Adware.BHO) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pwvrbksfnwmuew (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.Search) -> Bad: (http://www2.iesearch.com/) Good: (https://www.google.com/?gws_rd=ssl -> Not selected for removal.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\wzhlskmfnllzmv.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\szfjmbqaughth.dll (Adware.BHO) -> Delete on reboot.
Mais que puis-je faire encore ?
0
Réponse 3 / 16
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
12 déc. 2008 à 13:36
tu redémarre l'ordi pour finir la désinfection de malwarebyte et tu vire ce qui a été mis en quarantaine

puis tu fais le message précédent
0
X_Cyr
12 déc. 2008 à 14:03
Bjr jlpjlp,

Voici le rapport de comboFix. Je lance HijackThis apres.

Lancé depuis: c:\documents and settings\Cyrille\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-11-12 au 2008-12-12 ))))))))))))))))))))))))))))))))))))
.

2008-12-12 13:00 . 2008-12-12 13:11 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-12 13:00 . 2008-12-12 13:00 <REP> d-------- c:\documents and settings\Cyrille\Application Data\Malwarebytes
2008-12-12 13:00 . 2008-12-12 13:00 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-12 13:00 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-12 13:00 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-12 12:28 . 2008-12-12 12:28 <REP> d-------- c:\program files\Trend Micro
2008-12-12 12:01 . 2008-12-12 12:01 <REP> d--h----- c:\documents and settings\Cyrille\Application Data\drivers
2008-12-12 11:54 . 2008-12-12 11:54 <REP> d-------- c:\program files\CCleaner
2008-12-12 10:51 . 2008-12-12 10:55 <REP> d-------- c:\program files\Windows Live Safety Center
2008-12-12 10:33 . 2008-12-12 11:34 <REP> d-------- c:\program files\FindyKill
2008-12-12 09:28 . 2008-12-12 09:28 <REP> d-------- c:\documents and settings\NetworkService\Application Data\X10 Commander
2008-12-12 09:27 . 2008-12-12 11:35 468,490 --a------ c:\windows\system32\perfh040.dat
2008-12-12 09:27 . 2008-12-12 11:35 75,506 --a------ c:\windows\system32\perfc040.dat
2008-12-11 18:17 . 2008-12-11 18:17 <REP> d--h----- c:\documents and settings\All Users\Application Data\{7DE2D9B5-C959-4D68-9E63-E73738EF6F02}
2008-12-05 23:02 . 2008-12-05 23:40 <REP> d-------- c:\documents and settings\Cyrille\Application Data\Skype
2008-12-05 23:01 . 2008-12-05 23:01 <REP> d-------- c:\program files\Skype
2008-12-05 23:01 . 2008-12-05 23:01 <REP> d-------- c:\program files\Fichiers communs\Skype
2008-12-04 11:08 . 2008-12-04 11:08 30 --a------ c:\windows\Iedit.INI
2008-11-29 22:01 . 2008-11-29 22:30 <REP> d-------- c:\program files\uTorrent
2008-11-29 22:01 . 2008-12-05 23:48 <REP> d-------- c:\documents and settings\Cyrille\Application Data\uTorrent
2008-11-29 19:18 . 2008-11-29 19:18 268 --ah----- C:\sqmdata12.sqm
2008-11-29 19:18 . 2008-11-29 19:18 244 --ah----- C:\sqmnoopt12.sqm
2008-11-23 17:02 . 2008-11-23 17:06 <REP> d-------- c:\program files\ConTEXT
2008-11-23 16:35 . 2008-11-23 16:35 <REP> d-------- C:\xampp
2008-11-20 21:44 . 2008-11-20 21:44 42,320 --a------ c:\windows\system32\xfcodec.dll
2008-11-19 19:23 . 2006-09-20 16:58 40,960 --a------ c:\windows\system32\psfind.dll
2008-11-18 22:43 . 2008-12-02 14:22 <REP> d-------- c:\documents and settings\Cyrille\Application Data\dvdcss
2008-11-17 16:59 . 2008-11-17 17:07 <REP> d-------- c:\program files\Celtx
2008-11-15 15:45 . 2008-11-15 15:45 268 --ah----- C:\sqmdata11.sqm
2008-11-15 15:45 . 2008-11-15 15:45 244 --ah----- C:\sqmnoopt11.sqm
2008-11-13 10:42 . 2008-11-13 10:43 <REP> d-------- c:\documents and settings\Cyrille\Application Data\vlc
2008-11-13 10:40 . 2008-11-13 10:40 <REP> d-------- c:\program files\VideoLAN
2008-11-13 10:15 . 2008-09-04 18:16 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-13 10:15 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-11 20:14 --------- d-----w c:\program files\eMule
2008-12-11 17:18 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2008-12-11 17:17 --------- d-----w c:\program files\Iminent
2008-12-10 14:13 --------- d-----w c:\documents and settings\Cyrille\Application Data\HPAppData
2008-12-10 10:22 --------- d-----w c:\program files\CVitae
2008-12-09 13:39 47,586 ----a-w c:\windows\system32\vyerrgqjrbgvvcn.exe
2008-12-09 09:58 --------- d-----w c:\documents and settings\Cyrille\Application Data\Aim Style Heart
2008-12-09 04:21 68,513 ----a-w c:\windows\system32\szfjmbqaughth.dll-uninst.exe
2008-12-05 22:03 --------- d-----w c:\documents and settings\Cyrille\Application Data\skypePM
2008-12-05 22:01 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-12-01 08:38 --------- d-----w c:\program files\Norton Internet Security
2008-12-01 08:32 --------- d-s---w c:\program files\Xfire
2008-11-30 15:54 --------- d-----w c:\documents and settings\Cyrille\Application Data\Xfire
2008-11-27 08:07 --------- d-----w c:\program files\Google
2008-11-19 18:19 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-19 18:19 --------- d-----w c:\program files\THQ
2008-10-26 09:57 --------- d-----w c:\documents and settings\Cyrille\Application Data\Wallpaper
2008-10-26 09:30 --------- d-----w c:\program files\Wallpaper
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-17 00:48 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
0
Réponse 4 / 16
X_Cyr
12 déc. 2008 à 14:08
Et... Voici la suite : pour Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:05:14, on 12/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\xampp\xampp\apache\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\xampp\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Wallpaper\Wallpaper.exe
C:\Program Files\Iminent\imbooster.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Cyrille\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Zapu\Zapu\wDivi.exe
C:\Documents and Settings\Cyrille\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\xampp\xampp\apache\bin\apache.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: torrent_search Toolbar - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - C:\Program Files\torrent_search\tbtorr.dll
R3 - URLSearchHook: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
R3 - URLSearchHook: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Iminent.SearchTheWeb.HelperObject - {0E896FCA-D07E-45FE-901F-6A26FCF59C02} - mscoree.dll (file missing)
O2 - BHO: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\APPS\BAE\BAE.dll
O2 - BHO: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: torrent_search Toolbar - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - C:\Program Files\torrent_search\tbtorr.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: torrent_search Toolbar - {f14b0ccd-aa41-4406-ab68-c5de9d85b4a3} - C:\Program Files\torrent_search\tbtorr.dll
O3 - Toolbar: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
O3 - Toolbar: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
O4 - HKCU\..\Run: [IMBooster] C:\Program Files\Iminent\imbooster.exe /warmup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de notification Live Search.lnk = Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Startup: Zapu Acceleration Engine.lnk = C:\Program Files\Zapu\Zapu\wincm.exe
O4 - Startup: Zapu.lnk = C:\Program Files\Zapu\Zapu\wDivi.exe
O4 - Global Startup: Exif Launcher S.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WiFi Station.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = skyson
O17 - HKLM\Software\..\Telephony: DomainName = skyson
O17 - HKLM\System\CCS\Services\Tcpip\..\{16D59095-99F6-4D1A-8B88-880639D6A718}: NameServer = 80.118.192.100,80.118.196.36
O17 - HKLM\System\CCS\Services\Tcpip\..\{90D4FA0B-9A0F-4183-BA5B-014247BB8022}: NameServer = 212.30.96.108,212.30.124.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC5A431E-F610-4702-8195-53213055EABB}: NameServer = 212.30.96.108,212.30.124.146
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = skyson
O17 - HKLM\System\CS1\Services\Tcpip\..\{16D59095-99F6-4D1A-8B88-880639D6A718}: NameServer = 80.118.192.100,80.118.196.36
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = skyson
O17 - HKLM\System\CS2\Services\Tcpip\..\{16D59095-99F6-4D1A-8B88-880639D6A718}: NameServer = 80.118.192.100,80.118.196.36
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = skyson
O17 - HKLM\System\CS3\Services\Tcpip\..\{16D59095-99F6-4D1A-8B88-880639D6A718}: NameServer = 80.118.192.100,80.118.196.36
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\xampp\apache\bin\apache.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: mysql - Unknown owner - C:\xampp\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0
X_Cyr
12 déc. 2008 à 18:07
Et pour Norton, quelqu'un peut-il me dire comment faire svp ?
En faite, quand je clic dessus j'ai ce message :
"C:\Program Files\Fichiers communs\Symantec Shared\Nmain.exe n'est pas une application Win32 valide."

C'est du à un virus ou un truc comme ca ?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 16
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
12 déc. 2008 à 21:08
télécharge OTMoveIt
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.

double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
(attention bien mettre :files)

:files
c:\windows\system32\vyerrgqjrbgvvcn.exe
c:\documents and settings\Cyrille\Application Data\Aim Style Heart
c:\windows\system32\szfjmbqaughth.dll-uninst.exe




clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.




__________________

tu télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)

__________________



Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :
http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe

/!\ Déconnectes toi et fermes toutes applications en cours

● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Double clique sur l'icône Ad-removersituée sur ton bureau
● Au menu principal choisi l'option "A"
● Postes le rapport qui apparait à la fin .

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :

"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.




_________________






rq:

pour norton il va falloir le virer par la suite et le remettre comme ceci:
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924
0
X_Cyr
12 déc. 2008 à 21:18
Otmovedfiles :

========== FILES ==========
c:\windows\system32\vyerrgqjrbgvvcn.exe moved successfully.
c:\documents and settings\Cyrille\Application Data\Aim Style Heart moved successfully.
c:\windows\system32\szfjmbqaughth.dll-uninst.exe moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12122008_211625
0
Réponse 6 / 16
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
12 déc. 2008 à 21:21
ok fais le reste
0
X_Cyr
12 déc. 2008 à 21:38
Voici :


--------- Logfile of AD-Remover 1.0.7.5 by C_XX ---------

# START at: 21:33:27 | Ven 12/12/2008 | Microsoft® Windows XP™ (v5.1.2600)
# BOOT MODE: MSE

# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat

# PC: cyrillehome | USER: Cyrille ( Current user is an administrator)

# DRIVE(S):
- C:\ (File System: NTFS)

# Internet Explorer v7.0.5730.13

--------- [ RUNNING PROCESSES: 10 ] ---------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ntvdm.exe

-----------------------------------


+-----------------------| Boonty/Boonty Games Elements found :

.

+-----------------------| Eorezo Elements found :

.

+-----------------------| Everest Poker Elements found :

.

+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :

.

+-----------------------| Messenger Skinner Elements found :

.

+-----------------------| Sweetim Elements found :

"HKEY_CLASSES_ROOT\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}"
"HKEY_CLASSES_ROOT\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}"
"HKEY_CLASSES_ROOT\Installer\Features\5D72AF385B5242D47B69FD47F2805AFC"
"HKEY_CLASSES_ROOT\Installer\Features\428C9AFC877ABE7409DCBBD48BC23F84"
"HKEY_CLASSES_ROOT\Installer\Features\5D72AF385B5242D47B69FD47F2805AFC"
"HKEY_CLASSES_ROOT\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_CLASSES_ROOT\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
"HKEY_CLASSES_ROOT\SWEETIE.IEToolbar"
"HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1"
"HKEY_CLASSES_ROOT\SWEETIE.SWEETIE"
"HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3"
"HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook"
"HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1"
"HKEY_CLASSES_ROOT\Toolbar3.SWEETIE"
"HKEY_CLASSES_ROOT\Toolbar3.SWEETIE.1"
"HKEY_CLASSES_ROOT\Typelib\{EEE6C35E-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\Typelib\{EEE6C35F-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator"
"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator.1"
"HKEY_CURRENT_USER\SOFTWARE\SweetIM"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks" /v "{EEE6C35D-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\428C9AFC877ABE7409DCBBD48BC23F84"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\5D72AF385B5242D47B69FD47F2805AFC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CFA9C824-A778-47EB-90CD-BB4DB82CF348}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83FA27D5-25B5-4D24-B796-DF742F08A5CF}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5D72AF385B5242D47B69FD47F2805AFC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\428C9AFC877ABE7409DCBBD48BC23F84"
"HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM"
.
[26/08/2008 19:26|d--------] C:\Program Files\SweetIM
[26/08/2008 19:26|--a------] C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\searchplugins\sweetim.xml
[26/08/2008 19:26|d--------] C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[27/08/2008 17:32|d--------] C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\SweetIMToolbarData
[26/08/2008 19:26|d--------] C:\Documents and Settings\All Users\Application Data\SweetIM

+-----------------------| ADDED SCAN :



+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

...\n9e00o1n.default\prefs.js :

~~~~ Mozilla FireFox version 2.0.0.18 ~~~~

Start Page : "https://www.google.fr/?gws_rd=ssl"

+----------+

FOUND - user_pref("browser.search.defaulturl", "https://search.sweetim.com/search.asp?src=2&q=");
FOUND - user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
FOUND - user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
FOUND - user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
FOUND - user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
FOUND - user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
FOUND - user_pref("sweetim.toolbar.mode.debug", "false");
FOUND - user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"https://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"http://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"http://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"http://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");
FOUND - user_pref("sweetim.toolbar.search.history.capacity", "10");
FOUND - user_pref("sweetim.toolbar.simapp_id", "{C1A8DAC6-98BE-4301-BCD5-29354E23E244}");
FOUND - user_pref("sweetim.toolbar.version", "1.0.0.3");

+---------------------------------------------------------------------------+

+--[HKEY_CURRENT_USER\..\Run]

ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
LDM REG_SZ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
LogitechSoftwareUpdate REG_SZ "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
updateMgr REG_SZ C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
Picasa Media Detector REG_SZ C:\Program Files\Picasa2\PicasaMediaDetector.exe
Wallpaper REG_SZ "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
IMBooster REG_SZ C:\Program Files\Iminent\imbooster.exe /warmup

+--[HKEY_LOCAL_MACHINE\..\Run]

NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
ccApp REG_SZ "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
nwiz REG_SZ nwiz.exe /install
hpqSRMon REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
Symantec PIF AlertEng REG_SZ "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

+--[HKEY_USERS\.DEFAULT\..\Run]

CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE

+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://google.fr/

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://home.sweetim.com

+---------------------------------------------------------------------------+

- "C:\AD-report-12.12.2008.log" (14531 octets)

[ END at: 21:33:39 | 12/12/2008 ] - [ Time elapsed: 11.5 seconds ]

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 163 lines ]
+---------------------------------------------------------------------------+
0
Réponse 7 / 16
X_Cyr
12 déc. 2008 à 21:23
La suite


--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Cyrille ( Administrator )
BOOT : Normal boot
Antivirus : Norton Internet Security 2006 2006 (Activated)
Firewall : Norton Internet Security 2006 2006 (Activated)
C:\ (Local Disk) - NTFS - Total:290 Go (Free:90 Go)
D:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 12/12/2008|21:20 )

--------------------\\ Listing des dossiers dans APPLIC~1

[10/12/2006|14:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[10/12/2006|14:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[10/12/2006|14:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[10/12/2006|14:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
[10/12/2006|14:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
[10/12/2006|14:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver

[11/12/2008|18:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{7DE2D9B5-C959-4D68-9E63-E73738EF6F02}
[29/06/2008|14:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[04/08/2008|19:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\albumphoto
[29/01/2008|16:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[11/08/2008|13:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BufferZone
[25/05/2007|21:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[31/08/2008|00:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
[16/01/2008|16:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[13/08/2008|12:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
[13/08/2008|12:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[13/08/2008|12:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP Product Assistant
[13/08/2008|12:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HPSSUPPLY
[28/08/2008|06:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Htm Support Bait Deaf
[06/08/2008|17:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IM
[06/08/2008|17:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IncrediMail
[10/12/2006|14:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[12/12/2008|13:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[20/08/2008|19:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[10/08/2008|13:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[04/09/2008|07:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[10/12/2006|14:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OD2
[29/06/2008|13:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[05/12/2008|23:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[10/12/2006|14:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SmartSound Software Inc
[26/08/2008|19:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM
[06/10/2008|07:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[10/12/2006|14:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[10/12/2006|14:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
[13/08/2008|13:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WEBREG
[24/07/2008|11:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[29/06/2008|12:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[18/02/2007|15:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\X10 Settings
[25/07/2008|11:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

[08/08/2008|13:15] C:\DOCUME~1\Cyrille\APPLIC~1\Adobe
[29/06/2008|14:50] C:\DOCUME~1\Cyrille\APPLIC~1\AdobeUM
[30/03/2007|17:05] C:\DOCUME~1\Cyrille\APPLIC~1\Ahead
[25/05/2007|21:38] C:\DOCUME~1\Cyrille\APPLIC~1\CyberLink
[13/05/2008|18:25] C:\DOCUME~1\Cyrille\APPLIC~1\DivX
[02/12/2008|14:22] C:\DOCUME~1\Cyrille\APPLIC~1\dvdcss
[29/06/2008|13:29] C:\DOCUME~1\Cyrille\APPLIC~1\FotoWire
[04/06/2008|15:53] C:\DOCUME~1\Cyrille\APPLIC~1\FUJIFILM
[24/04/2008|13:33] C:\DOCUME~1\Cyrille\APPLIC~1\Greyfirst
[04/09/2007|21:14] C:\DOCUME~1\Cyrille\APPLIC~1\Help
[13/08/2008|19:30] C:\DOCUME~1\Cyrille\APPLIC~1\HP
[10/12/2008|15:13] C:\DOCUME~1\Cyrille\APPLIC~1\HPAppData
[10/12/2006|14:13] C:\DOCUME~1\Cyrille\APPLIC~1\Identities
[26/08/2008|20:32] C:\DOCUME~1\Cyrille\APPLIC~1\Iminent
[04/06/2008|15:49] C:\DOCUME~1\Cyrille\APPLIC~1\InstallShield
[26/03/2007|21:46] C:\DOCUME~1\Cyrille\APPLIC~1\Leadertech
[10/12/2006|14:13] C:\DOCUME~1\Cyrille\APPLIC~1\Macromedia
[12/12/2008|13:00] C:\DOCUME~1\Cyrille\APPLIC~1\Malwarebytes
[24/08/2008|16:07] C:\DOCUME~1\Cyrille\APPLIC~1\Microsoft
[10/12/2006|14:13] C:\DOCUME~1\Cyrille\APPLIC~1\Mozilla
[29/06/2008|19:50] C:\DOCUME~1\Cyrille\APPLIC~1\MSNInstaller
[25/03/2007|11:16] C:\DOCUME~1\Cyrille\APPLIC~1\My Games
[26/01/2007|17:27] C:\DOCUME~1\Cyrille\APPLIC~1\OD2
[25/07/2008|09:40] C:\DOCUME~1\Cyrille\APPLIC~1\Real
[05/12/2008|23:40] C:\DOCUME~1\Cyrille\APPLIC~1\Skype
[05/12/2008|23:03] C:\DOCUME~1\Cyrille\APPLIC~1\skypePM
[26/03/2007|21:46] C:\DOCUME~1\Cyrille\APPLIC~1\Sonic
[26/03/2007|21:23] C:\DOCUME~1\Cyrille\APPLIC~1\Sun
[31/08/2008|08:18] C:\DOCUME~1\Cyrille\APPLIC~1\Symantec
[27/07/2007|19:56] C:\DOCUME~1\Cyrille\APPLIC~1\Ulead Systems
[05/12/2008|23:48] C:\DOCUME~1\Cyrille\APPLIC~1\uTorrent
[13/11/2008|10:43] C:\DOCUME~1\Cyrille\APPLIC~1\vlc
[26/10/2008|10:57] C:\DOCUME~1\Cyrille\APPLIC~1\Wallpaper
[30/11/2008|16:54] C:\DOCUME~1\Cyrille\APPLIC~1\Xfire
[10/12/2006|14:13] C:\DOCUME~1\Cyrille\APPLIC~1\You've Got Pictures Screensaver

[10/12/2006|14:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[10/12/2006|14:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[10/12/2006|14:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[10/12/2006|14:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Mozilla
[10/12/2006|14:14] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
[10/12/2006|14:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver

[14/05/2008|01:15] C:\DOCUME~1\LOCALS~1\APPLIC~1\DivX
[10/12/2006|14:13] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[10/12/2006|14:14] C:\DOCUME~1\LOCALS~1\APPLIC~1\X10 Commander

[10/12/2006|14:13] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[12/12/2008|09:28] C:\DOCUME~1\NETWOR~1\APPLIC~1\X10 Commander

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[12/12/2008 18:00][--a------] C:\WINDOWS\tasks\Configurer mon PC.job
[12/12/2008 20:00][--a------] C:\WINDOWS\tasks\Norton AntiVirus - Effectuer une analyse complŠte du systŠme - Cyrille.job
[12/12/2008 18:00][--a------] C:\WINDOWS\tasks\Extension de garantie.job
[12/12/2008 18:00][--a------] C:\WINDOWS\tasks\Master CD_DVD Creator.job
[26/01/2007 17:17][--a------] C:\WINDOWS\tasks\Rappel d'enregistrement 2.job
[12/12/2008 20:23][--ah-----] C:\WINDOWS\tasks\SA.DAT
[10/08/2004 14:00][-rah-c---] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[06/07/2008|21:51] C:\Program Files\2K Games
[27/06/2007|15:02] C:\Program Files\3DO
[10/12/2006|14:13] C:\Program Files\Adobe
[30/03/2007|18:31] C:\Program Files\Ahead
[28/08/2008|06:12] C:\Program Files\Aim Style Heart
[02/12/2007|14:43] C:\Program Files\ANNO 1503 GOLD
[03/02/2008|17:40] C:\Program Files\Anuman Interactive
[29/01/2008|16:51] C:\Program Files\AOL 9.0
[10/12/2006|14:14] C:\Program Files\AOL Compagnon
[09/09/2007|14:07] C:\Program Files\Aquatic Tycoon
[30/01/2007|10:50] C:\Program Files\Atari
[09/03/2007|11:49] C:\Program Files\Bethesda Softworks
[11/08/2008|12:23] C:\Program Files\BitTorrent Fastest Tool
[19/09/2008|20:22] C:\Program Files\Black Isle
[16/10/2007|18:49] C:\Program Files\Browser Mouse
[24/08/2008|16:27] C:\Program Files\BufferZone
[12/12/2008|11:54] C:\Program Files\CCleaner
[17/11/2008|17:07] C:\Program Files\Celtx
[10/12/2006|14:13] C:\Program Files\Common Files
[10/12/2006|14:13] C:\Program Files\ComPlus Applications
[11/08/2008|12:22] C:\Program Files\Conduit
[23/11/2008|17:06] C:\Program Files\ConTEXT
[10/12/2008|11:22] C:\Program Files\CVitae
[10/12/2006|14:13] C:\Program Files\CyberLink
[16/02/2007|12:43] C:\Program Files\directx
[18/08/2008|19:39] C:\Program Files\DivX
[27/01/2008|15:11] C:\Program Files\Doom 3
[29/10/2007|23:47] C:\Program Files\EasyPHP 2.0b1
[11/12/2008|21:14] C:\Program Files\eMule
[03/09/2007|13:09] C:\Program Files\EPSON
[12/12/2008|13:56] C:\Program Files\Fichiers communs
[12/12/2008|20:26] C:\Program Files\FindyKill
[30/08/2008|23:51] C:\Program Files\FinePixViewerS
[26/01/2007|17:45] C:\Program Files\Firaxis Games
[03/01/2008|19:10] C:\Program Files\FireFly Studios
[12/04/2007|21:14] C:\Program Files\Gabest
[28/02/2008|13:28] C:\Program Files\glGo
[27/11/2008|09:07] C:\Program Files\Google
[12/08/2008|18:28] C:\Program Files\Hercules
[13/08/2008|12:56] C:\Program Files\Hewlett-Packard
[13/08/2008|12:58] C:\Program Files\HP
[17/11/2007|12:00] C:\Program Files\IconColl
[11/12/2008|18:17] C:\Program Files\Iminent
[20/07/2007|13:43] C:\Program Files\Infogrames
[04/11/2007|23:59] C:\Program Files\InstallShield
[19/11/2008|19:19] C:\Program Files\InstallShield Installation Information
[11/12/2008|18:13] C:\Program Files\Internet Explorer
[10/12/2006|14:13] C:\Program Files\Java
[25/06/2007|16:19] C:\Program Files\Jeu petit
[14/03/2008|10:43] C:\Program Files\JoWooD
[15/01/2008|14:04] C:\Program Files\Kyodai
[10/12/2006|14:13] C:\Program Files\Learn2.com
[29/06/2008|13:29] C:\Program Files\Logitech
[12/12/2008|13:11] C:\Program Files\Malwarebytes' Anti-Malware
[18/07/2008|20:20] C:\Program Files\Maxis
[13/08/2008|20:04] C:\Program Files\Messenger
[03/02/2008|17:46] C:\Program Files\Micro Application
[16/02/2007|12:53] C:\Program Files\Microids
[27/06/2007|16:48] C:\Program Files\Microprose
[20/08/2008|19:28] C:\Program Files\Microsoft ActiveSync
[29/06/2008|16:17] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[10/12/2006|14:13] C:\Program Files\microsoft frontpage
[27/01/2008|08:30] C:\Program Files\Microsoft Games
[20/08/2008|19:27] C:\Program Files\Microsoft Office
[04/11/2007|23:53] C:\Program Files\Microsoft Visual Studio
[30/06/2008|02:02] C:\Program Files\Microsoft Works
[21/05/2007|17:00] C:\Program Files\Microsoft.NET
[01/03/2007|18:56] C:\Program Files\Monte Cristo
[11/08/2008|17:25] C:\Program Files\Movie Maker
[12/12/2008|21:06] C:\Program Files\Mozilla Firefox
[29/06/2008|19:49] C:\Program Files\MSN
[10/12/2006|14:13] C:\Program Files\MSN Gaming Zone
[27/01/2008|08:33] C:\Program Files\MSXML 4.0
[24/08/2008|15:45] C:\Program Files\Multi_Media_France
[11/08/2008|17:23] C:\Program Files\NetMeeting
[01/12/2008|09:38] C:\Program Files\Norton Internet Security
[10/08/2008|13:48] C:\Program Files\NOS
[10/12/2006|14:15] C:\Program Files\Online Services
[11/08/2008|17:23] C:\Program Files\Outlook Express
[06/08/2008|11:38] C:\Program Files\Picasa2
[09/09/2007|14:08] C:\Program Files\Prison Tycoon
[04/11/2007|23:53] C:\Program Files\Publication Web
[10/12/2006|14:15] C:\Program Files\QuickTime
[10/12/2006|14:13] C:\Program Files\Real
[10/12/2006|14:13] C:\Program Files\Realtek
[19/09/2008|20:12] C:\Program Files\Resounding
[21/01/2008|17:10] C:\Program Files\SDLL
[11/08/2008|13:17] C:\Program Files\Secured eMule
[24/08/2008|16:13] C:\Program Files\Secured IE
[11/08/2008|13:18] C:\Program Files\Secured_eMule
[24/08/2008|16:13] C:\Program Files\securedie
[10/12/2006|14:15] C:\Program Files\Services en ligne
[24/08/2008|16:14] C:\Program Files\Share_Accelerator_MM
[27/02/2008|22:28] C:\Program Files\Sierra
[16/07/2007|11:42] C:\Program Files\Sierra On-Line
[05/12/2008|23:01] C:\Program Files\Skype
[16/07/2007|16:29] C:\Program Files\Smart Projects
[10/12/2006|14:13] C:\Program Files\SmartSound Software
[10/12/2006|14:13] C:\Program Files\Sonic
[08/04/2007|09:10] C:\Program Files\Strategy First
[26/08/2008|19:26] C:\Program Files\SweetIM
[19/08/2008|18:01] C:\Program Files\Symantec
[16/07/2007|14:45] C:\Program Files\Team17
[19/11/2008|19:19] C:\Program Files\THQ
[11/08/2008|12:22] C:\Program Files\torrent_search
[12/12/2008|12:28] C:\Program Files\Trend Micro
[23/06/2008|20:03] C:\Program Files\Ubisoft
[10/12/2006|14:13] C:\Program Files\Ulead Systems
[10/12/2006|14:13] C:\Program Files\Uninstall Information
[29/11/2008|22:30] C:\Program Files\uTorrent
[13/11/2008|10:40] C:\Program Files\VideoLAN
[10/12/2006|14:13] C:\Program Files\Viewpoint
[06/10/2008|23:15] C:\Program Files\VirtualDubMOD
[26/10/2008|10:30] C:\Program Files\Wallpaper
[26/03/2007|22:33] C:\Program Files\WinASPI
[29/06/2008|12:53] C:\Program Files\Windows Live
[12/12/2008|10:55] C:\Program Files\Windows Live Safety Center
[10/12/2006|14:13] C:\Program Files\Windows Media Components
[23/07/2008|08:49] C:\Program Files\Windows Media Connect 2
[31/08/2008|00:15] C:\Program Files\Windows Media Player
[11/08/2008|17:23] C:\Program Files\Windows NT
[10/12/2006|14:13] C:\Program Files\Windows Plus
[10/12/2006|14:13] C:\Program Files\WindowsUpdate
[30/03/2007|17:02] C:\Program Files\WinRAR
[13/05/2007|19:48] C:\Program Files\WinZip
[10/12/2006|14:16] C:\Program Files\X10 Hardware
[10/12/2006|14:13] C:\Program Files\xerox
[01/12/2008|09:32] C:\Program Files\Xfire
[24/08/2008|16:14] C:\Program Files\Zapu

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[29/06/2008|14:47] C:\Program Files\Fichiers communs\Adobe
[10/12/2006|14:14] C:\Program Files\Fichiers communs\AOL
[10/12/2006|14:14] C:\Program Files\Fichiers communs\aolshare
[04/11/2007|23:52] C:\Program Files\Fichiers communs\DESIGNER
[29/06/2008|13:29] C:\Program Files\Fichiers communs\FotoWire
[13/08/2008|12:56] C:\Program Files\Fichiers communs\Hewlett-Packard
[13/08/2008|12:56] C:\Program Files\Fichiers communs\HP
[10/12/2006|14:13] C:\Program Files\Fichiers communs\InstallShield
[10/12/2006|14:13] C:\Program Files\Fichiers communs\Java
[20/08/2008|19:28] C:\Program Files\Fichiers communs\L&H
[29/06/2008|13:28] C:\Program Files\Fichiers communs\Logitech
[20/08/2008|19:28] C:\Program Files\Fichiers communs\Microsoft Shared
[10/12/2006|14:13] C:\Program Files\Fichiers communs\MSSoap
[10/12/2006|14:13] C:\Program Files\Fichiers communs\Nullsoft
[10/12/2006|14:13] C:\Program Files\Fichiers communs\ODBC
[25/07/2008|05:55] C:\Program Files\Fichiers communs\Real
[10/12/2006|14:14] C:\Program Files\Fichiers communs\Services
[05/12/2008|23:01] C:\Program Files\Fichiers communs\Skype
[10/12/2006|14:14] C:\Program Files\Fichiers communs\Sonic Shared
[10/12/2006|14:13] C:\Program Files\Fichiers communs\SpeechEngines
[10/12/2006|14:14] C:\Program Files\Fichiers communs\SureThing Shared
[11/12/2008|18:18] C:\Program Files\Fichiers communs\Symantec Shared
[11/08/2008|17:23] C:\Program Files\Fichiers communs\System
[10/12/2006|14:13] C:\Program Files\Fichiers communs\TiVo Shared
[10/12/2006|14:15] C:\Program Files\Fichiers communs\Ulead Systems
[29/06/2008|12:52] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[25/07/2008|05:55] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 40 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Htm Support Bait Deaf
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Htm Support Bait Deaf\Draw Free.exe
C:\Program Files\BitTorrent Fastest Tool
C:\Program Files\BitTorrent Fastest Tool\3wPlayer-2.0.0.0-setup.exe
C:\Program Files\BitTorrent Fastest Tool\BitP.exe
C:\Program Files\BitTorrent Fastest Tool\DWbrk03_0308.exe
C:\Program Files\BitTorrent Fastest Tool\INSTALL.LOG
C:\Program Files\Multi_Media_France
C:\Program Files\Multi_Media_France\INSTALL.LOG
C:\Program Files\Multi_Media_France
C:\Program Files\Multi_Media_France\INSTALL.LOG

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Love Iso Rdr]
"DisplayName"="CiD Help"
"UninstallString"="C:\\DOCUME~1\\Cyrille\\APPLIC~1\\AIMSTY~1\\Slow real.exe -uninstall"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-12 21:21:41
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 17

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:5][D:1]-> C:\DOCUME~1\Cyrille\LOCALS~1\Temp
[F:28][D:0]-> C:\DOCUME~1\Cyrille\Cookies
[F:103][D:4]-> C:\DOCUME~1\Cyrille\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 12/12/2008|21:22 - Option : [1]

--------------------\\ Fin du rapport a 21:22:32
0
Réponse 8 / 16
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 295
12 déc. 2008 à 21:56
http://www.commentcamarche.net/forum/affich 9875762 probleme norton veut pas demarrer?#13
0
Réponse 9 / 16
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
12 déc. 2008 à 22:11
ok je te laisse finir ici destrio5?


_____________

pour avancer ce que j'avais fais

relance lop sd puis

* Choisis cette fois ci l'Option 2 (Suppression)
* Ne ferme pas la fenêtre lors de la suppression !
* Poste le rapport généré (C:\lopR.txt)


(Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

________________

relance AD remover et choisir l'option B et cocher SWEETIM en mettant le chiffre correspondant a la ligne puis supprimer et coller le rapport

ensuite pour la suite

tu nous remets un rapport RSIT
0
X_Cyr
12 déc. 2008 à 22:23
Voici


--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Cyrille ( Administrator )
BOOT : Normal boot
Antivirus : Norton Internet Security 2006 2006 (Activated)
Firewall : Norton Internet Security 2006 2006 (Activated)
C:\ (Local Disk) - NTFS - Total:290 Go (Free:91 Go)
D:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [2] ( 12/12/2008|22:18 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Htm Support Bait Deaf\Draw Free.exe
Supprime! - C:\Program Files\BitTorrent Fastest Tool\3wPlayer-2.0.0.0-setup.exe
Supprime! - C:\Program Files\BitTorrent Fastest Tool\BitP.exe
Supprime! - C:\Program Files\BitTorrent Fastest Tool\DWbrk03_0308.exe
Supprime! - C:\Program Files\BitTorrent Fastest Tool\INSTALL.LOG
Supprime! - C:\Program Files\Multi_Media_France\INSTALL.LOG
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Htm Support Bait Deaf
Supprime! - C:\Program Files\BitTorrent Fastest Tool
Supprime! - C:\Program Files\Multi_Media_France

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Supprime! - C:\Program Files\Viewpoint
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans APPLIC~1

[10/12/2006|14:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[10/12/2006|14:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[10/12/2006|14:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[10/12/2006|14:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
[10/12/2006|14:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
[10/12/2006|14:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver

[11/12/2008|18:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{7DE2D9B5-C959-4D68-9E63-E73738EF6F02}
[29/06/2008|14:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[04/08/2008|19:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\albumphoto
[29/01/2008|16:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[11/08/2008|13:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BufferZone
[25/05/2007|21:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[31/08/2008|00:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
[16/01/2008|16:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[13/08/2008|12:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
[13/08/2008|12:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[13/08/2008|12:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP Product Assistant
[13/08/2008|12:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HPSSUPPLY
[06/08/2008|17:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IM
[06/08/2008|17:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IncrediMail
[10/12/2006|14:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[12/12/2008|13:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[20/08/2008|19:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[10/08/2008|13:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[04/09/2008|07:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[10/12/2006|14:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OD2
[29/06/2008|13:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[05/12/2008|23:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[10/12/2006|14:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SmartSound Software Inc
[26/08/2008|19:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM
[06/10/2008|07:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[10/12/2006|14:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[13/08/2008|13:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WEBREG
[24/07/2008|11:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[29/06/2008|12:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[18/02/2007|15:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\X10 Settings
[25/07/2008|11:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

[08/08/2008|13:15] C:\DOCUME~1\Cyrille\APPLIC~1\Adobe
[29/06/2008|14:50] C:\DOCUME~1\Cyrille\APPLIC~1\AdobeUM
[30/03/2007|17:05] C:\DOCUME~1\Cyrille\APPLIC~1\Ahead
[25/05/2007|21:38] C:\DOCUME~1\Cyrille\APPLIC~1\CyberLink
[13/05/2008|18:25] C:\DOCUME~1\Cyrille\APPLIC~1\DivX
[02/12/2008|14:22] C:\DOCUME~1\Cyrille\APPLIC~1\dvdcss
[29/06/2008|13:29] C:\DOCUME~1\Cyrille\APPLIC~1\FotoWire
[04/06/2008|15:53] C:\DOCUME~1\Cyrille\APPLIC~1\FUJIFILM
[24/04/2008|13:33] C:\DOCUME~1\Cyrille\APPLIC~1\Greyfirst
[04/09/2007|21:14] C:\DOCUME~1\Cyrille\APPLIC~1\Help
[13/08/2008|19:30] C:\DOCUME~1\Cyrille\APPLIC~1\HP
[10/12/2008|15:13] C:\DOCUME~1\Cyrille\APPLIC~1\HPAppData
[10/12/2006|14:13] C:\DOCUME~1\Cyrille\APPLIC~1\Identities
[26/08/2008|20:32] C:\DOCUME~1\Cyrille\APPLIC~1\Iminent
[04/06/2008|15:49] C:\DOCUME~1\Cyrille\APPLIC~1\InstallShield
[26/03/2007|21:46] C:\DOCUME~1\Cyrille\APPLIC~1\Leadertech
[10/12/2006|14:13] C:\DOCUME~1\Cyrille\APPLIC~1\Macromedia
[12/12/2008|13:00] C:\DOCUME~1\Cyrille\APPLIC~1\Malwarebytes
[24/08/2008|16:07] C:\DOCUME~1\Cyrille\APPLIC~1\Microsoft
[10/12/2006|14:13] C:\DOCUME~1\Cyrille\APPLIC~1\Mozilla
[29/06/2008|19:50] C:\DOCUME~1\Cyrille\APPLIC~1\MSNInstaller
[25/03/2007|11:16] C:\DOCUME~1\Cyrille\APPLIC~1\My Games
[26/01/2007|17:27] C:\DOCUME~1\Cyrille\APPLIC~1\OD2
[25/07/2008|09:40] C:\DOCUME~1\Cyrille\APPLIC~1\Real
[05/12/2008|23:40] C:\DOCUME~1\Cyrille\APPLIC~1\Skype
[05/12/2008|23:03] C:\DOCUME~1\Cyrille\APPLIC~1\skypePM
[26/03/2007|21:46] C:\DOCUME~1\Cyrille\APPLIC~1\Sonic
[26/03/2007|21:23] C:\DOCUME~1\Cyrille\APPLIC~1\Sun
[31/08/2008|08:18] C:\DOCUME~1\Cyrille\APPLIC~1\Symantec
[27/07/2007|19:56] C:\DOCUME~1\Cyrille\APPLIC~1\Ulead Systems
[05/12/2008|23:48] C:\DOCUME~1\Cyrille\APPLIC~1\uTorrent
[13/11/2008|10:43] C:\DOCUME~1\Cyrille\APPLIC~1\vlc
[26/10/2008|10:57] C:\DOCUME~1\Cyrille\APPLIC~1\Wallpaper
[30/11/2008|16:54] C:\DOCUME~1\Cyrille\APPLIC~1\Xfire
[10/12/2006|14:13] C:\DOCUME~1\Cyrille\APPLIC~1\You've Got Pictures Screensaver

[10/12/2006|14:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[10/12/2006|14:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[10/12/2006|14:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[10/12/2006|14:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Mozilla
[10/12/2006|14:14] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
[10/12/2006|14:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver

[14/05/2008|01:15] C:\DOCUME~1\LOCALS~1\APPLIC~1\DivX
[10/12/2006|14:13] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[10/12/2006|14:14] C:\DOCUME~1\LOCALS~1\APPLIC~1\X10 Commander

[10/12/2006|14:13] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[12/12/2008|09:28] C:\DOCUME~1\NETWOR~1\APPLIC~1\X10 Commander

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[12/12/2008 18:00][--a------] C:\WINDOWS\tasks\Configurer mon PC.job
[12/12/2008 20:00][--a------] C:\WINDOWS\tasks\Norton AntiVirus - Effectuer une analyse complète du système - Cyrille.job
[12/12/2008 18:00][--a------] C:\WINDOWS\tasks\Extension de garantie.job
[12/12/2008 18:00][--a------] C:\WINDOWS\tasks\Master CD_DVD Creator.job
[26/01/2007 17:17][--a------] C:\WINDOWS\tasks\Rappel d'enregistrement 2.job
[12/12/2008 22:10][--ah-----] C:\WINDOWS\tasks\SA.DAT
[10/08/2004 14:00][-rah-c---] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[06/07/2008|21:51] C:\Program Files\2K Games
[27/06/2007|15:02] C:\Program Files\3DO
[10/12/2006|14:13] C:\Program Files\Adobe
[12/12/2008|21:33] C:\Program Files\Ad-remover
[30/03/2007|18:31] C:\Program Files\Ahead
[28/08/2008|06:12] C:\Program Files\Aim Style Heart
[02/12/2007|14:43] C:\Program Files\ANNO 1503 GOLD
[03/02/2008|17:40] C:\Program Files\Anuman Interactive
[29/01/2008|16:51] C:\Program Files\AOL 9.0
[10/12/2006|14:14] C:\Program Files\AOL Compagnon
[09/09/2007|14:07] C:\Program Files\Aquatic Tycoon
[30/01/2007|10:50] C:\Program Files\Atari
[09/03/2007|11:49] C:\Program Files\Bethesda Softworks
[19/09/2008|20:22] C:\Program Files\Black Isle
[16/10/2007|18:49] C:\Program Files\Browser Mouse
[24/08/2008|16:27] C:\Program Files\BufferZone
[12/12/2008|11:54] C:\Program Files\CCleaner
[17/11/2008|17:07] C:\Program Files\Celtx
[10/12/2006|14:13] C:\Program Files\Common Files
[10/12/2006|14:13] C:\Program Files\ComPlus Applications
[11/08/2008|12:22] C:\Program Files\Conduit
[23/11/2008|17:06] C:\Program Files\ConTEXT
[10/12/2008|11:22] C:\Program Files\CVitae
[10/12/2006|14:13] C:\Program Files\CyberLink
[16/02/2007|12:43] C:\Program Files\directx
[18/08/2008|19:39] C:\Program Files\DivX
[27/01/2008|15:11] C:\Program Files\Doom 3
[29/10/2007|23:47] C:\Program Files\EasyPHP 2.0b1
[11/12/2008|21:14] C:\Program Files\eMule
[03/09/2007|13:09] C:\Program Files\EPSON
[12/12/2008|22:09] C:\Program Files\Fichiers communs
[12/12/2008|20:26] C:\Program Files\FindyKill
[30/08/2008|23:51] C:\Program Files\FinePixViewerS
[26/01/2007|17:45] C:\Program Files\Firaxis Games
[03/01/2008|19:10] C:\Program Files\FireFly Studios
[12/04/2007|21:14] C:\Program Files\Gabest
[28/02/2008|13:28] C:\Program Files\glGo
[27/11/2008|09:07] C:\Program Files\Google
[12/08/2008|18:28] C:\Program Files\Hercules
[13/08/2008|12:56] C:\Program Files\Hewlett-Packard
[13/08/2008|12:58] C:\Program Files\HP
[17/11/2007|12:00] C:\Program Files\IconColl
[11/12/2008|18:17] C:\Program Files\Iminent
[20/07/2007|13:43] C:\Program Files\Infogrames
[04/11/2007|23:59] C:\Program Files\InstallShield
[19/11/2008|19:19] C:\Program Files\InstallShield Installation Information
[11/12/2008|18:13] C:\Program Files\Internet Explorer
[10/12/2006|14:13] C:\Program Files\Java
[25/06/2007|16:19] C:\Program Files\Jeu petit
[14/03/2008|10:43] C:\Program Files\JoWooD
[15/01/2008|14:04] C:\Program Files\Kyodai
[10/12/2006|14:13] C:\Program Files\Learn2.com
[29/06/2008|13:29] C:\Program Files\Logitech
[12/12/2008|13:11] C:\Program Files\Malwarebytes' Anti-Malware
[18/07/2008|20:20] C:\Program Files\Maxis
[13/08/2008|20:04] C:\Program Files\Messenger
[03/02/2008|17:46] C:\Program Files\Micro Application
[16/02/2007|12:53] C:\Program Files\Microids
[27/06/2007|16:48] C:\Program Files\Microprose
[20/08/2008|19:28] C:\Program Files\Microsoft ActiveSync
[29/06/2008|16:17] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[10/12/2006|14:13] C:\Program Files\microsoft frontpage
[27/01/2008|08:30] C:\Program Files\Microsoft Games
[20/08/2008|19:27] C:\Program Files\Microsoft Office
[04/11/2007|23:53] C:\Program Files\Microsoft Visual Studio
[30/06/2008|02:02] C:\Program Files\Microsoft Works
[21/05/2007|17:00] C:\Program Files\Microsoft.NET
[01/03/2007|18:56] C:\Program Files\Monte Cristo
[11/08/2008|17:25] C:\Program Files\Movie Maker
[12/12/2008|22:13] C:\Program Files\Mozilla Firefox
[29/06/2008|19:49] C:\Program Files\MSN
[10/12/2006|14:13] C:\Program Files\MSN Gaming Zone
[27/01/2008|08:33] C:\Program Files\MSXML 4.0
[11/08/2008|17:23] C:\Program Files\NetMeeting
[01/12/2008|09:38] C:\Program Files\Norton Internet Security
[10/08/2008|13:48] C:\Program Files\NOS
[10/12/2006|14:15] C:\Program Files\Online Services
[11/08/2008|17:23] C:\Program Files\Outlook Express
[06/08/2008|11:38] C:\Program Files\Picasa2
[09/09/2007|14:08] C:\Program Files\Prison Tycoon
[04/11/2007|23:53] C:\Program Files\Publication Web
[10/12/2006|14:15] C:\Program Files\QuickTime
[10/12/2006|14:13] C:\Program Files\Real
[10/12/2006|14:13] C:\Program Files\Realtek
[19/09/2008|20:12] C:\Program Files\Resounding
[21/01/2008|17:10] C:\Program Files\SDLL
[11/08/2008|13:17] C:\Program Files\Secured eMule
[24/08/2008|16:13] C:\Program Files\Secured IE
[11/08/2008|13:18] C:\Program Files\Secured_eMule
[24/08/2008|16:13] C:\Program Files\securedie
[10/12/2006|14:15] C:\Program Files\Services en ligne
[24/08/2008|16:14] C:\Program Files\Share_Accelerator_MM
[27/02/2008|22:28] C:\Program Files\Sierra
[16/07/2007|11:42] C:\Program Files\Sierra On-Line
[05/12/2008|23:01] C:\Program Files\Skype
[16/07/2007|16:29] C:\Program Files\Smart Projects
[10/12/2006|14:13] C:\Program Files\SmartSound Software
[10/12/2006|14:13] C:\Program Files\Sonic
[08/04/2007|09:10] C:\Program Files\Strategy First
[26/08/2008|19:26] C:\Program Files\SweetIM
[19/08/2008|18:01] C:\Program Files\Symantec
[16/07/2007|14:45] C:\Program Files\Team17
[19/11/2008|19:19] C:\Program Files\THQ
[11/08/2008|12:22] C:\Program Files\torrent_search
[12/12/2008|12:28] C:\Program Files\Trend Micro
[23/06/2008|20:03] C:\Program Files\Ubisoft
[10/12/2006|14:13] C:\Program Files\Ulead Systems
[10/12/2006|14:13] C:\Program Files\Uninstall Information
[29/11/2008|22:30] C:\Program Files\uTorrent
[13/11/2008|10:40] C:\Program Files\VideoLAN
[06/10/2008|23:15] C:\Program Files\VirtualDubMOD
[26/10/2008|10:30] C:\Program Files\Wallpaper
[26/03/2007|22:33] C:\Program Files\WinASPI
[29/06/2008|12:53] C:\Program Files\Windows Live
[12/12/2008|10:55] C:\Program Files\Windows Live Safety Center
[10/12/2006|14:13] C:\Program Files\Windows Media Components
[23/07/2008|08:49] C:\Program Files\Windows Media Connect 2
[31/08/2008|00:15] C:\Program Files\Windows Media Player
[11/08/2008|17:23] C:\Program Files\Windows NT
[10/12/2006|14:13] C:\Program Files\Windows Plus
[10/12/2006|14:13] C:\Program Files\WindowsUpdate
[30/03/2007|17:02] C:\Program Files\WinRAR
[13/05/2007|19:48] C:\Program Files\WinZip
[10/12/2006|14:16] C:\Program Files\X10 Hardware
[10/12/2006|14:13] C:\Program Files\xerox
[01/12/2008|09:32] C:\Program Files\Xfire
[24/08/2008|16:14] C:\Program Files\Zapu

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[29/06/2008|14:47] C:\Program Files\Fichiers communs\Adobe
[10/12/2006|14:14] C:\Program Files\Fichiers communs\AOL
[10/12/2006|14:14] C:\Program Files\Fichiers communs\aolshare
[04/11/2007|23:52] C:\Program Files\Fichiers communs\DESIGNER
[29/06/2008|13:29] C:\Program Files\Fichiers communs\FotoWire
[13/08/2008|12:56] C:\Program Files\Fichiers communs\Hewlett-Packard
[13/08/2008|12:56] C:\Program Files\Fichiers communs\HP
[10/12/2006|14:13] C:\Program Files\Fichiers communs\InstallShield
[10/12/2006|14:13] C:\Program Files\Fichiers communs\Java
[20/08/2008|19:28] C:\Program Files\Fichiers communs\L&H
[29/06/2008|13:28] C:\Program Files\Fichiers communs\Logitech
[20/08/2008|19:28] C:\Program Files\Fichiers communs\Microsoft Shared
[10/12/2006|14:13] C:\Program Files\Fichiers communs\MSSoap
[10/12/2006|14:13] C:\Program Files\Fichiers communs\Nullsoft
[10/12/2006|14:13] C:\Program Files\Fichiers communs\ODBC
[25/07/2008|05:55] C:\Program Files\Fichiers communs\Real
[10/12/2006|14:14] C:\Program Files\Fichiers communs\Services
[05/12/2008|23:01] C:\Program Files\Fichiers communs\Skype
[10/12/2006|14:14] C:\Program Files\Fichiers communs\Sonic Shared
[10/12/2006|14:13] C:\Program Files\Fichiers communs\SpeechEngines
[10/12/2006|14:14] C:\Program Files\Fichiers communs\SureThing Shared
[11/12/2008|18:18] C:\Program Files\Fichiers communs\Symantec Shared
[11/08/2008|17:23] C:\Program Files\Fichiers communs\System
[10/12/2006|14:13] C:\Program Files\Fichiers communs\TiVo Shared
[10/12/2006|14:15] C:\Program Files\Fichiers communs\Ulead Systems
[29/06/2008|12:52] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[25/07/2008|05:55] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 51 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-12 22:19:12
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 17

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:3][D:1]-> C:\DOCUME~1\Cyrille\LOCALS~1\Temp
[F:28][D:0]-> C:\DOCUME~1\Cyrille\Cookies
[F:10][D:2]-> C:\DOCUME~1\Cyrille\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 12/12/2008|21:22 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 12/12/2008|22:19 - Option : [2]

--------------------\\ Fin du rapport a 22:19:59
0
X_Cyr
12 déc. 2008 à 22:32
Voici le rapport RSIT:

Ce qui m'ettone c'est qu'il n'y a que le fichier log et pas info.

Logfile of random's system information tool 1.04 (written by random/random)
Run by Cyrille at 2008-12-12 22:29:52
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 93 GB (31%) free of 297 GB
Total RAM: 1022 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:29:56, on 12/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Wallpaper\Wallpaper.exe
C:\Program Files\Iminent\imbooster.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\Documents and Settings\Cyrille\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Program Files\Zapu\Zapu\wDivi.exe
C:\Documents and Settings\Cyrille\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\xampp\xampp\apache\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\xampp\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\xampp\xampp\apache\bin\apache.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Cyrille\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Cyrille.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
R3 - URLSearchHook: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Iminent.SearchTheWeb.HelperObject - {0E896FCA-D07E-45FE-901F-6A26FCF59C02} - mscoree.dll (file missing)
O2 - BHO: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\APPS\BAE\BAE.dll
O2 - BHO: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
O3 - Toolbar: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
O4 - HKCU\..\Run: [IMBooster] C:\Program Files\Iminent\imbooster.exe /warmup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de notification Live Search.lnk = Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Startup: Zapu Acceleration Engine.lnk = C:\Program Files\Zapu\Zapu\wincm.exe
O4 - Startup: Zapu.lnk = C:\Program Files\Zapu\Zapu\wDivi.exe
O4 - Global Startup: Exif Launcher S.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WiFi Station.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = skyson
O17 - HKLM\Software\..\Telephony: DomainName = skyson
O17 - HKLM\System\CCS\Services\Tcpip\..\{16D59095-99F6-4D1A-8B88-880639D6A718}: NameServer = 80.118.192.100,80.118.196.36
O17 - HKLM\System\CCS\Services\Tcpip\..\{90D4FA0B-9A0F-4183-BA5B-014247BB8022}: NameServer = 212.30.96.108,212.30.124.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC5A431E-F610-4702-8195-53213055EABB}: NameServer = 212.30.96.108,212.30.124.146
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = skyson
O17 - HKLM\System\CS1\Services\Tcpip\..\{16D59095-99F6-4D1A-8B88-880639D6A718}: NameServer = 80.118.192.100,80.118.196.36
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = skyson
O17 - HKLM\System\CS2\Services\Tcpip\..\{16D59095-99F6-4D1A-8B88-880639D6A718}: NameServer = 80.118.192.100,80.118.196.36
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = skyson
O17 - HKLM\System\CS3\Services\Tcpip\..\{16D59095-99F6-4D1A-8B88-880639D6A718}: NameServer = 80.118.192.100,80.118.196.36
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\xampp\apache\bin\apache.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: mysql - Unknown owner - C:\xampp\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0
Réponse 10 / 16
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 295
12 déc. 2008 à 22:12
jlpjlp, continue ;)
0
Réponse 11 / 16
X_Cyr
12 déc. 2008 à 22:29
Voici pour ad remover :


--------- Logfile of AD-Remover 1.0.7.5 by C_XX ---------

*** Limited to ***

Sweetim

******************

# START at: 22:25:50 | Ven 12/12/2008 | Microsoft® Windows XP™ (v5.1.2600)
# BOOT MODE: Normal

# OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat

# PC: cyrillehome | USER: Cyrille ( Current user is an administrator)

# DRIVE(S):
- C:\ (File System: NTFS)

# Internet Explorer v7.0.5730.13

--------- [ RUNNING PROCESSES: 47 ] ---------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Wallpaper\Wallpaper.exe
C:\Program Files\Iminent\imbooster.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\Documents and Settings\Cyrille\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Program Files\Zapu\Zapu\wDivi.exe
C:\Documents and Settings\Cyrille\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\xampp\xampp\apache\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\xampp\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\xampp\xampp\apache\bin\apache.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ntvdm.exe

-----------------------------------

(!) ---- IE start pages reset

+-----------------------| Sweetim Elements Deleted :

"HKEY_CLASSES_ROOT\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}"
"HKEY_CLASSES_ROOT\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}"
"HKEY_CLASSES_ROOT\Installer\Features\5D72AF385B5242D47B69FD47F2805AFC"
"HKEY_CLASSES_ROOT\Installer\Features\428C9AFC877ABE7409DCBBD48BC23F84"
"HKEY_CLASSES_ROOT\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_CLASSES_ROOT\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
"HKEY_CLASSES_ROOT\SWEETIE.IEToolbar"
"HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1"
"HKEY_CLASSES_ROOT\SWEETIE.SWEETIE"
"HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3"
"HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook"
"HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1"
"HKEY_CLASSES_ROOT\Toolbar3.SWEETIE"
"HKEY_CLASSES_ROOT\Toolbar3.SWEETIE.1"
"HKEY_CLASSES_ROOT\Typelib\{EEE6C35E-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\Typelib\{EEE6C35F-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator"
"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator.1"
"HKEY_CURRENT_USER\SOFTWARE\SweetIM"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks" /v "{EEE6C35D-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\428C9AFC877ABE7409DCBBD48BC23F84"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\5D72AF385B5242D47B69FD47F2805AFC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CFA9C824-A778-47EB-90CD-BB4DB82CF348}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83FA27D5-25B5-4D24-B796-DF742F08A5CF}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5D72AF385B5242D47B69FD47F2805AFC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\428C9AFC877ABE7409DCBBD48BC23F84"
"HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM"
.
[26/08/2008 19:26|d--------] C:\Program Files\SweetIM
[26/08/2008 19:26|--a------] C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\searchplugins\sweetim.xml
[26/08/2008 19:26|d--------] C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[27/08/2008 17:32|d--------] C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\SweetIMToolbarData
[26/08/2008 19:26|d--------] C:\Documents and Settings\All Users\Application Data\SweetIM

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.


+-----------------------| ADDED SCAN :



+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

...\n9e00o1n.default\prefs.js :

~~~~ Mozilla FireFox version 2.0.0.18 ~~~~

Start Page : "https://www.google.fr/?gws_rd=ssl"

+----------+

REMOVED - user_pref("browser.search.defaulturl", "https://search.sweetim.com/search.asp?src=2&q=");
REMOVED - user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
REMOVED - user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
REMOVED - user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
REMOVED - user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
REMOVED - user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
REMOVED - user_pref("sweetim.toolbar.mode.debug", "false");
REMOVED - user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"https://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"http://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"http://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"http://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");
REMOVED - user_pref("sweetim.toolbar.search.history.capacity", "10");
REMOVED - user_pref("sweetim.toolbar.simapp_id", "{C1A8DAC6-98BE-4301-BCD5-29354E23E244}");
REMOVED - user_pref("sweetim.toolbar.version", "1.0.0.3");

+---------------------------------------------------------------------------+

+--[HKEY_CURRENT_USER\..\Run]

ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
LDM REG_SZ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
LogitechSoftwareUpdate REG_SZ "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
updateMgr REG_SZ C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
Picasa Media Detector REG_SZ C:\Program Files\Picasa2\PicasaMediaDetector.exe
Wallpaper REG_SZ "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
IMBooster REG_SZ C:\Program Files\Iminent\imbooster.exe /warmup

+--[HKEY_LOCAL_MACHINE\..\Run]

NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
ccApp REG_SZ "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
nwiz REG_SZ nwiz.exe /install
hpqSRMon REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
Symantec PIF AlertEng REG_SZ "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

+--[HKEY_USERS\.DEFAULT\..\Run]

CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE

+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://fr.msn.com/

+---------------------------------------------------------------------------+

- "C:\AD-report-12.12.2008.log" (15986 octets)

[ END at: 22:26:41 | 12/12/2008 ] - [ Time elapsed: 51.5 seconds ]

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 195 lines ]
+---------------------------------------------------------------------------+
0
Réponse 12 / 16
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
12 déc. 2008 à 22:43
comme tu veux destrio5


________________


colle le rapport d'un scan en ligne
avec un des suivants:


Panda en ligne :
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
0
X_Cyr
12 déc. 2008 à 23:12
Aie, mamamia. Sa s' arrête jamais ? Et en plus c'était un scan rapide....

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-12-12 23:08:42
PROTECTIONS: 1
MALWARE: 10
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Norton Internet Security 2006 2006 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Cyrille\Cookies\cyrille@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\cookies.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Cyrille\Cookies\cyrille@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\cookies.txt[.atdmt.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Cyrille\Cookies\cyrille@tradedoubler[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\cookies.txt[.mediaplex.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\cookies.txt[.xiti.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Cyrille\Cookies\cyrille@ad.yieldmanager[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\cookies.txt[.apmebf.com/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Cyrille\Cookies\cyrille@weborama[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\cookies.txt[.smartadserver.com/]
03548697 Trj/Clicker.ALY Virus/Trojan No 1 No No C:\WINDOWS\system32\g37.exe[■%%\²ºÇ]
;===================================================================================================================================================================================
SUSPECTS
Sent Location 6
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description 6
;===================================================================================================================================================================================
;===================================================================================================================================================================================
0
X_Cyr
12 déc. 2008 à 23:15 
;***********************************************************************************************************************************************************************************

ANALYSIS: 2008-12-12 23:08:42

PROTECTIONS: 1

MALWARE: 10

SUSPECTS: 0

;***********************************************************************************************************************************************************************************

PROTECTIONS

Description                                  Version                       Active    Updated

;===================================================================================================================================================================================

Norton Internet Security 2006                2006                          Yes       Yes

;===================================================================================================================================================================================

MALWARE

Id        Description                        Type                Active    Severity  Disinfectable  Disinfected Location

;===================================================================================================================================================================================

00139061  Cookie/Doubleclick                 TrackingCookie      No        0         Yes            No           C:\Documents and Settings\Cyrille\Cookies\cyrille@doubleclick[2].txt

00139061  Cookie/Doubleclick                 TrackingCookie      No        0         Yes            No           C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\cookies.txt[.doubleclick.net/]

00139064  Cookie/Atlas DMT                   TrackingCookie      No        0         Yes            No           C:\Documents and Settings\Cyrille\Cookies\cyrille@atdmt[2].txt

00139064  Cookie/Atlas DMT                   TrackingCookie      No        0         Yes            No           C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\cookies.txt[.atdmt.com/]

00145393  Cookie/Tradedoubler                TrackingCookie      No        0         Yes            No           C:\Documents and Settings\Cyrille\Cookies\cyrille@tradedoubler[2].txt

00145738  Cookie/Mediaplex                   TrackingCookie      No        0         Yes            No           C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\cookies.txt[.mediaplex.com/]

00167704  Cookie/Xiti                        TrackingCookie      No        0         Yes            No           C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\cookies.txt[.xiti.com/]

00168056  Cookie/YieldManager                TrackingCookie      No        0         Yes            No           C:\Documents and Settings\Cyrille\Cookies\cyrille@ad.yieldmanager[1].txt

00168061  Cookie/Apmebf                      TrackingCookie      No        0         Yes            No           C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\cookies.txt[.apmebf.com/]

00168106  Cookie/Weborama                    TrackingCookie      No        0         Yes            No           C:\Documents and Settings\Cyrille\Cookies\cyrille@weborama[1].txt

00273339  Cookie/Smartadserver               TrackingCookie      No        0         Yes            No           C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\cookies.txt[.smartadserver.com/]

00273339  Cookie/Smartadserver               TrackingCookie      No        0         Yes            No           C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\cookies.txt[.smartadserver.com/]

00273339  Cookie/Smartadserver               TrackingCookie      No        0         Yes            No           C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\cookies.txt[.smartadserver.com/]

00273339  Cookie/Smartadserver               TrackingCookie      No        0         Yes            No           C:\Documents and Settings\Cyrille\Application Data\Mozilla\Firefox\Profiles\n9e00o1n.default\cookies.txt[.smartadserver.com/]

03548697  Trj/Clicker.ALY                    Virus/Trojan        No        1         No             No           C:\WINDOWS\system32\g37.exe[■%%\²ºÇ]

;===================================================================================================================================================================================

SUSPECTS

Sent      Location                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              6

;===================================================================================================================================================================================

;===================================================================================================================================================================================

VULNERABILITIES

Id        Severity   Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                6

;===================================================================================================================================================================================

;===================================================================================================================================================================================

C'est mieux comme ca. 

Y parait que Norton est encore en route. Panda la détecté.
    




    
 
    
        
    0

                    
        
    
    

            



    

        
        
    



    

    
            

        

                    


            
    
    

        



    

                    

    
        
    
    

            

    


    
    

                

    x_cyr


    

    13 déc. 2008 à 00:21

    






    suite à un CCleaner voila le dernier fichier :



;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-12-13 00:02:31
PROTECTIONS: 1
MALWARE: 1
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description                                  Version                       Active    Updated
;===================================================================================================================================================================================
Norton Internet Security 2006                2006                          Yes       Yes
;===================================================================================================================================================================================
MALWARE
Id        Description                        Type                Active    Severity  Disinfectable  Disinfected Location
;===================================================================================================================================================================================
03548697  Trj/Clicker.ALY                    Virus/Trojan        No        1         No             No           C:\WINDOWS\system32\g37.exe[&#9632;%%\²ºÇ]
;===================================================================================================================================================================================
SUSPECTS
Sent      Location                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              |
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id        Severity   Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |
;===================================================================================================================================================================================
;===================================================================================================================================================================================


    




    
 
    
        
    0

                    
        
    
    

            



    

        
        
    



    

    
            

        

                    


            
    
    

        



    

                    

    
        
    
    

            

    


    
    

                

    x_cyr


    

    13 déc. 2008 à 16:54

    






    Non mais la j'y crois pas. J'ai rien fait à part me connecter à ce site et voila le résultat apres une deuxieme analyse :

-------------------------------------------------------------------------------
 KASPERSKY ON-LINE SCANNER REPORT
 Saturday, December 13, 2008 4:45:05 PM
 Système d'exploitation : Microsoft Windows XP Professional, Service Pack 3 (Build 2600)
 Kaspersky On-line Scanner version : 5.0.84.2
 Dernière mise à jour de la base antivirus Kaspersky : 13/12/2008
 Enregistrements dans la base antivirus Kaspersky : 1306711
-------------------------------------------------------------------------------

Paramètres d'analyse:
	Analyser avec la base antivirus suivante: standard
	Analyser les archives: vrai
	Analyser les bases de messagerie: vrai

Cible de l'analyse - Poste de travail:
	C:\
	D:\
	F:\
	G:\
	H:\
	I:\

Statistiques de l'analyse:
	Total d'objets analysés: 161229
	Nombre de virus trouvés: 6
	Nombre d'objets infectés: 9 / 0
	Nombre d'objets suspects: 0
	Durée de l'analyse: 02:41:26

Nom de l'objet infecté / Nom du virus / Dernière action

C:\Documents and Settings\Cyrille\Bureau\OTMoveIt3.exe	Infecté : Backdoor.Win32.SubSeven.asu	ignoré
C:\Lop SD\Backup-Lop\DOCUME~1\ALLUSE~1\APPLIC~1\Htm Support Bait Deaf\Draw Free.exe	Infecté : Trojan.Win32.Obfuscated.gen	ignoré
C:\Lop SD\Backup-Lop\Program Files\BitTorrent Fastest Tool\DWbrk03_0308.exe	Infecté : Trojan-Downloader.Win32.Agent.afyh	ignoré
C:\Program Files\eMule\Incoming\The Elder Scrolls Iv Oblivion Crack (Test Ok)..rar/Setup+Patch.exe	Infecté : Trojan-Dropper.Win32.Agent.aang	ignoré
C:\Program Files\eMule\Incoming\The Elder Scrolls Iv Oblivion Crack (Test Ok)..rar	CAB: infecté - 1	ignoré
C:\Qoobox\Quarantine\C\APPS\SMP\SMPSYS.EXE.vir	Infecté : Trojan-Downloader.Win32.Bagle.ahi	ignoré
C:\WINDOWS\system32\g37.exe/stream/data0002	Infecté : Trojan-Clicker.Win32.Agent.buj	ignoré
C:\WINDOWS\system32\g37.exe/stream	Infecté : Trojan-Clicker.Win32.Agent.buj	ignoré
C:\WINDOWS\system32\g37.exe	NSIS: infecté - 2	ignoré


Analyse terminée.





J'ai deux autres PC qui vont sur internet. Et y a pas d'anti virus et ils n'ont pas de virus qui saoul.

Je dois faire quoi maintenant ?

Merci pour l'aide.
    




    
 
    
        
    0

                    
        
    
    

            



    

        
        
    



    

    
            

        

            

        

        
        
        

                        Réponse 13 / 16
        


                

                

        

                    

        


     
             

            
    
    

            

    


        
        

                

        


     
             

                    jlpjlp
    
        
    
                    Messages postés
            
                


     
             

            51580
        
            
                            Date d'inscription
            vendredi 18 mai 2007
                            Statut
            Contributeur sécurité
                            Dernière intervention
             3 mai 2022
            

            


     
             

                    5 040
    
        

                    

                    13 déc. 2008 à 20:23
                        

    


    

                        

                    ok les 3 premiers c'est rien!!!! le premier c'est otmovit qui est un faux positif! les deux suivant ont été mis en quarantaine par lop sd!!!









C:\Documents and Settings\Cyrille\Bureau\OTMoveIt3.exe

C:\Lop SD\Backup-Lop\DOCUME~1\ALLUSE~1\APPLIC~1\Htm Support Bait Deaf\Draw Free.exe

C:\Lop SD\Backup-Lop\Program Files\BitTorrent Fastest Tool\DWbrk03_0308.exe



vire ce qui est dans le dossier backup lop en allant dans psote de travail puis

C:\Lop SD\Backup-Lop

________________





ces deux là sont des cracks que tu tlécharge avec emule alors vire les deux fichiers et arrete de télécharger n'importe quoi!!!



C:\Program Files\eMule\Incoming\The Elder Scrolls Iv Oblivion Crack (Test Ok)..rar/Setup+Patch.exe	

C:\Program Files\eMule\Incoming\The Elder Scrolls Iv Oblivion Crack (Test Ok)..rar	





_______________



vire ce qui est dans le dossier quarantine en allant dans poste de travail puis



C:\Qoobox\Quarantine\C\APPS\SMP\SMPSYS.EXE.vir

	

_____________



télécharge OTMoveIt 

http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.



double-clique sur OTMoveIt.exe pour le lancer. 

copie la liste qui se trouve en citation ci-dessous, 

et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved. 

(attention bien mettre :files)



:files

C:\WINDOWS\system32\g37.exe/stream/data0002

C:\WINDOWS\system32\g37.exe/stream	

C:\WINDOWS\system32\g37.exe

C:\Program Files\Aim Style Heart 



clique sur MoveIt! pour lancer la suppression. 

le résultat apparaitra dans le cadre "Results". 

clique sur Exit pour fermer. 

poste le rapport situé dans C:\_OTMoveIt\MovedFiles. 



il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes. 





________________________





ensuite







Télécharge ToolsCleaner sur ton bureau. 

-->  http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

# Clique sur Recherche et laisse le scan agir ... 

# Clique sur Suppression pour finaliser. 

# Tu peux, si tu le souhaites, te servir des Options facultatives. 

# Clique sur Quitter pour obtenir le rapport. 

# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\). 





__________________________







désactive la restauration système pour purger les virus qui seraient dedans (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre)

puis redémarre ton ordi  puis réactive la

_________________________



réinstalle norton et dis si il marche















remets un rapport RSIt et dis si encore des soucis
                
                

    
        

    
            
        0
                                
                
    

            



    

        
        
    


        

                

                    

                    


            
    
    

        



    

                    

    
        
    
    

            

    


    
    

                

    x_cyr


    

    13 déc. 2008 à 21:51

    






    Oui, pour Oblivion, je l'avais fait.



Pour OtMoveIt j'ai un message d'erreur et pas de rapport :



Invalid Time Flag! [data0002]

Must be numerical



Sinon, j'ai déjà réussi à réinstaller Norton et il fonctionne. (à 1ere vue)



Reste plus qu'a installer ToolsCleaner.



Mais pour E-mule je crois avoir compris la leçon.
    




    
 
    
        
    0

                    
        
    
    

            



    

        
        
    



    

    
            

        

                    


            
    
    

        



    

                    

    
        
    
    

            

    


    
    

                

    x_cyr


    

    13 déc. 2008 à 23:22

    






    le rapport tools cleaner :



[ Rapport ToolsCleaner version 2.2.7 (par A.Rothstein & dj QUIOU) ]

-->- Recherche: 

C:\lopR.txt: trouvé !
C:\FindyKill.txt: trouvé !
C:\Combofix: trouvé !
C:\Lop SD: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Cyrille\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Cyrille\Bureau\LopSD.exe: trouvé !
C:\Documents and Settings\Cyrille\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Cyrille\Bureau\OTMoveIt3.exe: trouvé !
C:\Documents and Settings\Cyrille\Bureau\Rsit.exe: trouvé !
C:\Documents and Settings\Cyrille\Menu Démarrer\Programmes\FindyKill: trouvé !
C:\Program Files\FindyKill: trouvé !
C:\Program Files\Ad-remover\TOOLS\NIRCMD.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\WINDOWS\NIRCMD.exe: trouvé !

---------------------------------
-->- Suppression: 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Cyrille\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\Cyrille\Bureau\LopSD.exe: supprimé !
C:\Documents and Settings\Cyrille\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\lopR.txt: supprimé !
C:\FindyKill.txt: supprimé !
C:\Documents and Settings\Cyrille\Bureau\OTMoveIt3.exe: supprimé !
C:\Documents and Settings\Cyrille\Bureau\Rsit.exe: supprimé !
C:\Program Files\Ad-remover\TOOLS\NIRCMD.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\WINDOWS\NIRCMD.exe: supprimé !
C:\Combofix: supprimé !
C:\Lop SD: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Rsit: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\Cyrille\Menu Démarrer\Programmes\FindyKill: supprimé !
C:\Program Files\FindyKill: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Fichiers temporaires nettoyés !
Corbeille vidée!

    




    
 
    
        
    0

                    
        
    
    

            



    

        
        
    



    

    
            

        

                    


            
    
    

        



    

                    

    
        
    
    

            

    


    
    

                

    x_cyr


    

    13 déc. 2008 à 23:43

    






    Le rapport Rsit :



Logfile of random's system information tool 1.04 (written by random/random)
Run by Cyrille at 2008-12-13 23:32:57
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 93 GB (31%) free of 297 GB
Total RAM: 1022 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:33:30, on 13/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\xampp\xampp\apache\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\xampp\xampp\mysql\bin\mysqld-nt.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\xampp\xampp\apache\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Iminent\imbooster.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\Documents and Settings\Cyrille\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Program Files\Zapu\Zapu\wDivi.exe
C:\Documents and Settings\Cyrille\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Cyrille\Bureau\RSIT.exe
C:\Program Files\trend micro\Cyrille.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
R3 - URLSearchHook: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
R3 - URLSearchHook: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Iminent.SearchTheWeb.HelperObject - {0E896FCA-D07E-45FE-901F-6A26FCF59C02} - mscoree.dll (file missing)
O2 - BHO: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\APPS\BAE\BAE.dll
O2 - BHO: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
O3 - Toolbar: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
O3 - Toolbar: securedie Toolbar - {cd36797a-70f3-4acd-8825-623d3b896881} - C:\Program Files\securedie\tbsecu.dll
O3 - Toolbar: Share Accelerator MM Toolbar - {4596013b-6c31-408b-a266-deae5c086dc2} - C:\Program Files\Share_Accelerator_MM\tbShar.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
O4 - HKCU\..\Run: [IMBooster] C:\Program Files\Iminent\imbooster.exe /warmup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de notification Live Search.lnk = Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Startup: Zapu Acceleration Engine.lnk = C:\Program Files\Zapu\Zapu\wincm.exe
O4 - Startup: Zapu.lnk = C:\Program Files\Zapu\Zapu\wDivi.exe
O4 - Global Startup: Exif Launcher S.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WiFi Station.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game10.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = skyson
O17 - HKLM\Software\..\Telephony: DomainName = skyson
O17 - HKLM\System\CCS\Services\Tcpip\..\{16D59095-99F6-4D1A-8B88-880639D6A718}: NameServer = 80.118.192.100,80.118.196.36
O17 - HKLM\System\CCS\Services\Tcpip\..\{90D4FA0B-9A0F-4183-BA5B-014247BB8022}: NameServer = 212.30.96.108,212.30.124.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC5A431E-F610-4702-8195-53213055EABB}: NameServer = 212.30.96.108,212.30.124.146
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = skyson
O17 - HKLM\System\CS1\Services\Tcpip\..\{16D59095-99F6-4D1A-8B88-880639D6A718}: NameServer = 80.118.192.100,80.118.196.36
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = skyson
O17 - HKLM\System\CS2\Services\Tcpip\..\{16D59095-99F6-4D1A-8B88-880639D6A718}: NameServer = 80.118.192.100,80.118.196.36
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = skyson
O17 - HKLM\System\CS3\Services\Tcpip\..\{16D59095-99F6-4D1A-8B88-880639D6A718}: NameServer = 80.118.192.100,80.118.196.36
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\xampp\apache\bin\apache.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: mysql - Unknown owner - C:\xampp\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 13976 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Configurer mon PC.job
C:\WINDOWS\tasks\Extension de garantie.job
C:\WINDOWS\tasks\Master CD_DVD Creator.job
C:\WINDOWS\tasks\Norton AntiVirus - Effectuer une analyse complète du système - Cyrille.job
C:\WINDOWS\tasks\Rappel d'enregistrement 2.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02 1298024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E896FCA-D07E-45FE-901F-6A26FCF59C02}]
Iminent.SearchTheWeb.HelperObject - C:\WINDOWS\system32\mscoree.dll [2007-04-13 271360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}]
Secured_eMule toolbar - C:\Program Files\Secured_eMule\tbSecu.dll [2007-05-27 1326104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-07-25 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4596013b-6c31-408b-a266-deae5c086dc2}]
Share Accelerator MM Toolbar - C:\Program Files\Share_Accelerator_MM\tbShar.dll [2007-12-10 1510424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}]
CNisExtBho Class - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll [2005-10-22 94336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}]
CNavExtBho Class - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2007-06-07 140912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\APPS\BAE\BAE.dll [2006-06-23 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cd36797a-70f3-4acd-8825-623d3b896881}]
securedie Toolbar - C:\Program Files\securedie\tbsecu.dll [2007-09-06 1453080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - Secured_eMule toolbar - C:\Program Files\Secured_eMule\tbSecu.dll [2007-05-27 1326104]
{cd36797a-70f3-4acd-8825-623d3b896881} - securedie Toolbar - C:\Program Files\securedie\tbsecu.dll [2007-09-06 1453080]
{4596013b-6c31-408b-a266-deae5c086dc2} - Share Accelerator MM Toolbar - C:\Program Files\Share_Accelerator_MM\tbShar.dll [2007-12-10 1510424]
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - Norton Internet Security 2006 - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll [2005-10-22 94336]
{C4069E3A-68F1-403E-B40E-20066696354B} - Norton AntiVirus - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2007-06-07 140912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-04-27 7573504]
"nwiz"=nwiz.exe /install []
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-08-20 150016]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-11-09 98304]
"ccApp"=C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe [2005-09-16 52848]
"URLLSTCK.exe"=C:\Program Files\Norton Internet Security\UrlLstCk.exe [2007-02-01 23168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [2008-06-29 20480]
"LogitechSoftwareUpdate"=C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-06-08 196608]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-02-26 443968]
"Wallpaper"=C:\Program Files\Wallpaper\Wallpaper.exe [2007-08-21 233472]
"IMBooster"=C:\Program Files\Iminent\imbooster.exe [2008-11-26 415232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Exif Launcher S.lnk - C:\Program Files\FinePixViewerS\QuickDCF2.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
WiFi Station.lnk - C:\Program Files\Hercules\WiFi Station\WifiStation.exe

C:\Documents and Settings\Cyrille\Menu Démarrer\Programmes\Démarrage
Outil de notification Live Search.lnk - C:\Documents and Settings\Cyrille\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
Zapu Acceleration Engine.lnk - C:\Program Files\Zapu\Zapu\wincm.exe
Zapu.lnk - C:\Program Files\Zapu\Zapu\wDivi.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 240128]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%ProgramFiles%\AOL 9.0\aol.exe"="%ProgramFiles%\AOL 9.0\aol.exe:*:Enabled:AOL"
"%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe"="%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA"
"%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe"="%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:PANDORA"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Microprose\Risk II\RiskII.exe"="C:\Program Files\Microprose\Risk II\RiskII.exe:*:Enabled:Risk II"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Microsoft Visual Studio\COMMON\Tools\VS-Ent98\Vanalyzr\VARPC.EXE"="C:\Program Files\Microsoft Visual Studio\COMMON\Tools\VS-Ent98\Vanalyzr\VARPC.EXE:*:Enabled:Microsoft (R) Visual Studio VSA RPC Event Creator"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Zapu\Zapu\wDivi.exe"="C:\Program Files\Zapu\Zapu\wDivi.exe:*:Enabled:Zapu Control"
"C:\Documents and Settings\Cyrille\Local Settings\Temp\WZSE0.TMP\SymNRT.exe"="C:\Documents and Settings\Cyrille\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Norton Removal Tool"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eb2f0708-4cf7-11dd-b45d-001b2faed07a}]
shell\AutoRun\command - E:\memorybar.exe


======List of files/folders created in the last 1 months======

2008-12-13 23:32:57 ----D---- C:\rsit
2008-12-13 23:19:25 ----A---- C:\TCleaner.txt
2008-12-13 23:19:10 ----D---- C:\WINDOWS\Temp
2008-12-13 21:03:32 ----D---- C:\Documents and Settings\Cyrille\Application Data\Symantec
2008-12-13 20:36:45 ----D---- C:\Program Files\Norton Internet Security
2008-12-13 20:35:51 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2008-12-13 20:35:22 ----D---- C:\Program Files\Symantec
2008-12-13 20:35:17 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-12-13 17:37:30 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-13 13:32:10 ----D---- C:\WINDOWS\system32\Kaspersky Lab
2008-12-12 23:02:30 ----D---- C:\Program Files\Panda Security
2008-12-12 22:26:37 ----SHD---- C:\RECYCLER
2008-12-12 21:32:51 ----D---- C:\Program Files\Ad-remover
2008-12-12 13:39:14 ----A---- C:\WINDOWS\SWREG.exe
2008-12-12 13:39:13 ----A---- C:\WINDOWS\zip.exe
2008-12-12 13:39:13 ----A---- C:\WINDOWS\VFIND.exe
2008-12-12 13:39:13 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-12 13:39:13 ----A---- C:\WINDOWS\SWSC.exe
2008-12-12 13:39:13 ----A---- C:\WINDOWS\sed.exe
2008-12-12 13:39:13 ----A---- C:\WINDOWS\grep.exe
2008-12-12 13:39:13 ----A---- C:\WINDOWS\fdsv.exe
2008-12-12 13:39:11 ----D---- C:\WINDOWS\ERDNT
2008-12-12 13:00:28 ----D---- C:\Documents and Settings\Cyrille\Application Data\Malwarebytes
2008-12-12 13:00:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-12 13:00:23 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-12 12:28:50 ----D---- C:\Program Files\Trend Micro
2008-12-12 11:54:45 ----D---- C:\Program Files\CCleaner
2008-12-12 10:51:38 ----D---- C:\Program Files\Windows Live Safety Center
2008-12-11 18:17:05 ----HD---- C:\Documents and Settings\All Users\Application Data\{7DE2D9B5-C959-4D68-9E63-E73738EF6F02}
2008-12-11 18:06:53 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 18:01:49 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 18:01:13 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 18:01:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-10 23:16:09 ----A---- C:\debug.txt
2008-12-05 23:02:03 ----D---- C:\Documents and Settings\Cyrille\Application Data\Skype
2008-12-05 23:01:36 ----D---- C:\Program Files\Skype
2008-12-05 23:01:35 ----D---- C:\Program Files\Fichiers communs\Skype
2008-12-04 11:08:59 ----A---- C:\WINDOWS\Iedit.INI
2008-11-29 22:01:44 ----D---- C:\Program Files\uTorrent
2008-11-29 22:01:39 ----D---- C:\Documents and Settings\Cyrille\Application Data\uTorrent
2008-11-23 17:02:33 ----D---- C:\Program Files\ConTEXT
2008-11-23 16:35:26 ----D---- C:\xampp
2008-11-20 21:44:26 ----A---- C:\WINDOWS\system32\xfcodec.dll
2008-11-19 19:23:43 ----A---- C:\WINDOWS\system32\psfind.dll
2008-11-18 22:43:17 ----D---- C:\Documents and Settings\Cyrille\Application Data\dvdcss
2008-11-17 16:59:58 ----D---- C:\Program Files\Celtx

======List of files/folders modified in the last 1 months======

2008-12-13 23:33:06 ----D---- C:\Program Files\Fichiers communs\Symantec Shared
2008-12-13 23:30:42 ----D---- C:\Program Files\Mozilla Firefox
2008-12-13 23:19:10 ----AD---- C:\WINDOWS
2008-12-13 23:18:25 ----RD---- C:\Program Files
2008-12-13 21:32:25 ----D---- C:\WINDOWS\Tasks
2008-12-13 21:32:09 ----D---- C:\WINDOWS\Registration
2008-12-13 21:32:02 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-13 21:31:20 ----HD---- C:\Config.Msi
2008-12-13 21:30:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-13 21:17:05 ----SHD---- C:\WINDOWS\Installer
2008-12-13 21:16:27 ----D---- C:\Program Files\Fichiers communs
2008-12-13 21:16:23 ----D---- C:\WINDOWS\system32\drivers
2008-12-13 21:16:23 ----D---- C:\WINDOWS\system32
2008-12-13 21:01:08 ----SHD---- C:\DRIVERS
2008-12-13 13:32:10 ----D---- C:\WINDOWS\inf
2008-12-13 13:32:10 ----D---- C:\WINDOWS\Downloaded Program Files
2008-12-12 23:13:05 ----SHD---- C:\System Volume Information
2008-12-12 23:13:05 ----D---- C:\WINDOWS\system32\Restore
2008-12-12 23:03:59 ----D---- C:\WINDOWS\Prefetch
2008-12-12 22:10:08 ----A---- C:\WINDOWS\system.ini
2008-12-12 22:09:00 ----D---- C:\WINDOWS\AppPatch
2008-12-12 20:18:00 ----D---- C:\Autre
2008-12-12 13:42:49 ----D---- C:\WINDOWS\system32\config
2008-12-12 11:56:03 ----D---- C:\WINDOWS\Minidump
2008-12-12 11:56:03 ----AD---- C:\WINDOWS\Debug
2008-12-12 11:35:24 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-12 10:40:45 ----ASH---- C:\BOOT.INI
2008-12-12 09:10:26 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-11 21:14:22 ----D---- C:\Program Files\eMule
2008-12-11 18:17:44 ----D---- C:\Program Files\Iminent
2008-12-11 18:17:28 ----RSD---- C:\WINDOWS\assembly
2008-12-11 18:13:28 ----D---- C:\Program Files\Internet Explorer
2008-12-11 18:04:56 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-11 18:04:45 ----D---- C:\WINDOWS\ie7updates
2008-12-11 18:04:37 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-10 15:13:30 ----D---- C:\Documents and Settings\Cyrille\Application Data\HPAppData
2008-12-10 11:22:46 ----D---- C:\Program Files\CVitae
2008-12-10 00:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-05 23:03:52 ----D---- C:\Documents and Settings\Cyrille\Application Data\skypePM
2008-12-05 23:01:38 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2008-12-01 09:32:18 ----SD---- C:\Program Files\Xfire
2008-11-30 16:54:54 ----D---- C:\Documents and Settings\Cyrille\Application Data\Xfire
2008-11-29 19:31:24 ----AC---- C:\WINDOWS\mdm.ini
2008-11-27 09:08:02 ----D---- C:\APPS
2008-11-27 09:07:52 ----D---- C:\Program Files\Google
2008-11-27 09:07:18 ----D---- C:\Photos
2008-11-19 19:23:52 ----D---- C:\WINDOWS\system32\DirectX
2008-11-19 19:19:57 ----D---- C:\Program Files\THQ
2008-11-19 19:19:52 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-14 16:28:15 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys [2003-12-03 13566]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-05-13 79488]
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-10-01 189320]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-08-12 21419]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-10 63232]
R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-10 55936]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 3xHybrid;ASUSTek SAA713x PCI Card; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-28 882688]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-06-12 43008]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-05-16 4275712]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20081213.002\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20081213.002\NavEx15.Sys []
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-04-27 3663040]
R3 RT61;802.11g Wireless Driver RT61; C:\WINDOWS\system32\DRIVERS\RT61.sys [2006-12-01 395648]
R3 SAVRT;SAVRT; \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS []
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2007-10-01 12680]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2007-10-01 98184]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2007-10-01 31624]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\idsdefs\20081210.002\symidsco.sys []
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2007-10-01 28040]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-10-01 23944]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 X10Hid;X10 Hid Device; C:\WINDOWS\System32\Drivers\x10hid.sys [2005-11-28 7040]
R3 XUIF;X10 USB Wireless Transceiver; C:\WINDOWS\System32\Drivers\x10ufx2.sys [2005-05-19 17792]
S3 Bridge;Pont MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;Miniport de pont MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 gsplittm;gsplittm; \??\C:\DOCUME~1\Cyrille\LOCALS~1\Temp\gsplittm.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-01-31 22016]
S3 MHNDRV;Pilote MHN; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2005-01-31 211712]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service; C:\WINDOWS\system32\DRIVERS\WPN111.sys [2005-09-26 362944]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73600]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apache2.2;Apache2.2; C:\xampp\xampp\apache\bin\apache.exe [2008-06-14 17408]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe [2005-09-16 192112]
R2 ccProxy;Symantec Network Proxy; C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe [2005-09-16 202352]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe [2005-09-16 169584]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Service de planification Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 103424]
R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 mysql;mysql; C:\xampp\xampp\mysql\bin\mysqld-nt.exe [2008-08-04 5779456]
R2 navapsvc;Service Norton AntiVirus Auto-Protect; C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe [2007-05-28 139888]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-04-27 143426]
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 100032]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe [2007-10-01 214408]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-09-15 1160800]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-12-13 1251720]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152]
R2 USBDeviceService;USBDeviceService; C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe [2005-10-20 90112]
R2 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 NSCService;Norton Protection Center Service; C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE [2006-12-15 750720]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 ccISPwdSvc;Symantec Internet Security Password Validation; C:\Program Files\Norton Internet Security\ccPwdSvc.exe [2007-02-20 72328]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 comHost;COM Host; C:\Program Files\Norton Internet Security\comHost.exe [2007-02-01 45696]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-06-26 31592]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-08-03 2119360]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SAVScan;Symantec AVScan; C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe [2005-08-26 198368]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 Visual Studio Analyzer RPC bridge;Visual Studio Analyzer RPC bridge; C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe [1998-06-06 34036]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe [2004-04-08 1135728]

-----------------EOF-----------------





J'ai relancé Norton et il a détecté d'autres virus. J'en ai viré un mais il reste toujours le G37.exe

Voici le rapport ;

Résultats d'analyse : 

--------------------------------------------------------------------------------

Heure de début d'analyse13/12/2008 21:52:28 



Durée de l'analyse : 77 minutes 45 secondes 





Eléments analysés: 638607

Sections de registre: 11445

Aucune action effectuée: 483

Fichiers: 625892

Echec de la suppression: 2

Détecté: 1

Aucune action effectuée: 76

Processus: 49

Aucune action requise: 2

Fichiers batch: 9

Fichiers INI: 5

Services: 1006

Programmes au démarrage: 20

Type COM: 89

HOSTS: 90

Fournisseurs de services multicouches: 2

Menaces corrigées: 1

Détails

SecurityRisk.Cmdow : Exclu

Analyse manuelle 

Catégorie de risque : Risque de sécurité 

Impact global du risque : Faible 

Performances : Faible 

Confidentialité : Faible 

Suppression : Faible 

Furtivité : Faible 

Cliquez pour plus d'informations sur ce risque : SecurityRisk.Cmdow 

Action effectuée : Exclu 

Description : Zones affectées :

1 fichiers :

C:\Program Files\Ad-remover\TOOLS\cmdow.exe - Exclu





Menaces restantes: 2

Détails

Dialer.Stardial : Echec de la suppression

Analyse manuelle 

Catégorie de risque : Numéroteur 

Impact global du risque : Elevé 

Performances : Elevé 

Confidentialité : Elevé 

Suppression : Elevé 

Furtivité : Elevé 

Cliquez pour plus d'informations sur ce risque : Dialer.Stardial 

Action effectuée : Echec de la suppression 

Description : Zones affectées :

1 fichiers :

Railroad Tycoon 3.exe dans Railroad Tycoon III + crack no cd\Railroad Tycoon 3.crack nocd keygen.zip dans C:\Program Files\eMule\Incoming\Jeux cycy\Railroad Tycoon III + crack no cd.rar - Echec de la suppression





Adware.Begin2search : Echec de la suppression

Analyse manuelle 

Catégorie de risque : Logiciel publicitaire 

Impact global du risque : Elevé 

Performances : Elevé 

Confidentialité : Moyen 

Suppression : Elevé 

Furtivité : Elevé 

Cliquez pour plus d'informations sur ce risque : Adware.Begin2search 

Action effectuée : Echec de la suppression 

Description : Zones affectées :

1 fichiers :

C:\WINDOWS\system32\g37.exe - Echec de la suppression



9 clés de registre :

HKEY_USERS\S-1-5-21-3961666731-3408890296-1442537433-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000} - Aucune action effectuée

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Search Bar - Aucune action effectuée

HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar - Aucune action effectuée

HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar - Aucune action effectuée

HKEY_USERS\S-1-5-21-3961666731-3408890296-1442537433-500\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar - Aucune action effectuée

HKEY_USERS\S-1-5-21-3961666731-3408890296-1442537433-1005\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar - Aucune action effectuée

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar - Aucune action effectuée

HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\Search Page - Aucune action effectuée

HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\Search Page - Aucune action effectuée





Voila, voila... Il en reste plus qu'un et Norton Fonctionne. Je suis heureux.
    




    
 
    
        
    0

                    
        
    
    

            



    

        
        
    



    

    
            

        

            

        

        
        
        

                        Réponse 14 / 16
        


                

                

        

                    

        


     
             

            
    
    

            

    


        
        

                

        


     
             

                    jlpjlp
    
        
    
                    Messages postés
            
                


     
             

            51580
        
            
                            Date d'inscription
            vendredi 18 mai 2007
                            Statut
            Contributeur sécurité
                            Dernière intervention
             3 mai 2022
            

            


     
             

                    5 040
    
        

                    

                    14 déc. 2008 à 11:04
                        

    


    

                        

                    vire les barres de recherche :

securedie Toolbar

Share Accelerator MM Toolbar



via ton panneau de configuration



_________________







Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".



O2 - BHO: Iminent.SearchTheWeb.HelperObject - {0E896FCA-D07E-45FE-901F-6A26FCF59C02} - mscoree.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - Startup: Zapu Acceleration Engine.lnk = C:\Program Files\Zapu\Zapu\wincm.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe





____________________



mettre à jour adobe reader

https://acrobat.adobe.com/fr/fr/acrobat/pdf-reader.html



_________________

mets a jour java:

Télécharge JavaRa.zip de Paul 'Prm753' McLain et Fred de Vries. 

Décompresse le fichier sur ton bureau (clique droit > Extraire tout.) 

Double-clique sur le répertoire JavaRa obtenu. 

Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher) 

Clique sur Search For Updates. 

Sélectionne Update Using jucheck.exe puis clique sur Search. 

Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes. 

Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions. 

Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok. 

Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse. 

Note : le rapport se trouve aussi à la racine de la partition système, en général C:\ sous le nom JavaRa.log 

(c:\JavaRa.log) 

Ferme l'application. 



si cela ne fonctionne pas 



https://www.java.com/fr/download/windows_manual.jsp?locale=fr&host=www.java.com:80 



tu peux désinstaller les vieilles versions. 



__________________





télécharges et installes : 



kill box 

https://www.bleepingcomputer.com/download/linux/ 





aide kill box 

http://perso.wanadoo.fr/jesses/Docs/Logiciels/KillBox.htm 





- Redémarre en mode sans échec, si tu sais pas comment on fait lis ceci 



- Double-clic sur fix.reg 



Ouvres killbox 

- Sélectionne "delete on reboot" 

- Clique sur le dossier jaune à droite et sélectionne le fichier : C:\WINDOWS\system32\g37.exe

- Clique sur la croix rouge et et blanche 

- Répond yes et laisse redémarrer ton pc. 

N'hésite pas à consulter l'Aide killbox 



Vérifie que le fichier C:\WINDOWS\system32\g37.exe n'est plus présent.









__________________________



verifie avec norton en mode sans echec aussi qu'il ne reste rien



___________________________



encore des soucis???
                
                

    
        

    
            
        0
                                
                
    

            



    

        
        
    


        

                

                    

            

        

        
        
        

                        Réponse 15 / 16
        


                

                

        

                    

        
    
    

            

    

        

            gbgbgb                    

                     8 janv. 2009 à 23:30
                        

    


    

                        

                    bonjour,



j'ai été infecté par winupgro, j'ai passé toute la journée à lire des forums et essayer plein de trucs, mais la je suis bloqué.



Je n'arrive pas à lancer ComboFix ("combofix.exe n'est pas une application valide"..) meme en mode sans echec

les seuls que j'ai pu faire fonctionner sont elibagla, malwarebytes, et hijack this



Est ce que vous auriez une idée pour que je puisse lancer combofix?

merci beaucoup
                
                

    
        

    
            
        0
                                
                
    

            



    

        
        
    


        

                

                    

            

        

        
        
        

                        Réponse 16 / 16
        


                    
                    

                

        

                    

        


     
             

            
    
    

                
            

    


        
        

                

        


     
             

                    Destrio5
    
        
    
                    Messages postés
            
                


     
             

            85985
        
            
                            Date d'inscription
            dimanche 11 juillet 2010
                            Statut
            Modérateur
                            Dernière intervention
            17 février 2023
            

            


     
             

                    10 295
    
        

                    

                     8 janv. 2009 à 23:34
                        

    


    

                        

                    Salut,



Merci de faire un nouveau sujet :

http://www.commentcamarche.net/forum/forum 7#ecrire
                
                

    
        

    
            
        0
                                
                
    

            



    

        
        
    


        

                

                    

            

        

    



    
Discussions similaires

                                                    

                
                    Est ce que le site tlauncher est dangereux ?
                    

                        
    
    

            

    


                        

                                                                                    caribou -  

                            
                                                                                    bazfile - 
                        

                    

                    

                    

                        1 réponse
                    

                
            

                                                        

                
                    Softonic,est-ce un virus ?
                    

                        
    
    

                
            

    


                        

                                                                                    techmel1 -  

                            
                                                                                    techmel1 - 
                        

                    

                    

                    

                        6 réponses
                    

                
            

                                                        

                
                    4 virus en raison d’un porno ????
                    

                        
    
    

            

    


                        

                                                                                    valou -  

                            
                                                                                    Bello040420 - 
                        

                    

                    

                    

                        9 réponses
                    

                
            

                                                        

                
                    problême Opéra est ce un virus??
                    

                        
    
    

            

    


                        

                                                                                    sand2504 -  

                            
                                                                                    sand2504 - 
                        

                    

                    

                    

                        85 réponses
                    

                
            

                                                        

                
                    Virus MSN Tinyurl
                    

                        
    
    

            

    


                        

                                                                                    djkifkif -  

                            
                                                                                    matt56430 - 
                        

                    

                    

                    

                        8 réponses