Actualité informatique
Test comparatif matériel informatique
Jeux vidéo
Astuces informatique
Vidéo
Télécharger
Services en ligne
Forum informatique
01Business

|-  SECURITE


|||-  

[résolu] Win32:TratBHO [Trj] détécté par AVAST

 

Ajouter une réponse
 

 
Page photos
 
     
Vider la liste des messages à citer
 
 Page :
1
Auteur
 Sujet :

[résolu] Win32:TratBHO [Trj] détécté par AVAST

Prévenir les modérateurs en cas d'abus 
Rasorbak
rasorbak
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 21/01/2008 à 10:34:06  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonjour, depuis quelques jours AVAST me détecte Win32:TratBHO [Trj]. J'ai beau le mettre en quarantaine ou le supprimer, le problème revient.

merillym
Habitué (de 5 000 à 9 999 messages postés)
  1. Posté le 21/01/2008 à 10:47:33  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:hello:
 1) Télécharge Hijackthis V 2.02, renomme le scanner (si c'est pas fait renomme le avant tout scan) et mets-le dans un dossier nommé hijackthis dans tes program files ! (C:\Program Files\HijackThis)
 http://www.trendsecure.com/por [...] nstall.exe

 Ferme toutes les fenêtres, HJT doit être exécuté seul (tout autre programme fermé).

 Tuto:   http://bibou0007.forumpro.fr/t [...] 2-t108.htm

 Clique alors sur "Do a system scan and save a logfile"
 Le scan se fait très rapidement, puis un bloc-note apparaît
 (le "logfile" )

 Dans ce bloc-note, va dans "Edition", puis "Selectionner Tout",
 le texte est alors sélectionné, retourne dans "Edition" toujours
 en laissant le texte sélectionné, et clique sur copier.
 Colle le contenu ici dans ta prochaine réponse !

(Publicité)
rasorbak
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 21/01/2008 à 13:39:22  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Donc voila ce que ça donne :

 Logfile of Trend Micro HijackThis v2.0.2
 Scan saved at 13:36:08, on 21/01/2008
 Platform: Windows XP SP2 (WinNT 5.01.2600)
 MSIE: Internet Explorer v7.00 (7.00.6000.16574)
 Boot mode: Normal

 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\SYSTEM32\winlogon.e​xe
 C:\WINDOWS\system32\services.e​xe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\Ati2evxx.e​xe
 C:\WINDOWS\system32\svchost.ex​e
 C:\Program Files\Windows Defender\MsMpEng.exe
 C:\WINDOWS\System32\svchost.ex​e
 C:\WINDOWS\SYSTEM32\Ati2evxx.e​xe
 C:\WINDOWS\system32\ZoneLabs\v​smon.exe
 C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
 C:\WINDOWS\Explorer.EXE
 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
 C:\Program Files\Alwil Software\Avast4\ashServ.exe
 C:\WINDOWS\system32\spoolsv.ex​e
 C:\Program Files\NVIDIA Corporation\nTune\nTuneService​.exe
 C:\WINDOWS\System32\svchost.ex​e
 C:\PROGRA~1\ALWILS~1\Avast4\as​hDisp.exe
 C:\Program Files\Java\jre1.6.0_03\bin\jus​ched.exe
 C:\Program Files\ASUS\AI Gear\GearHelp.exe
 C:\Program Files\InterVideo\Common\Bin\Wi​nCinemaMgr.exe
 C:\WINDOWS\System32\spool\DRIV​ERS\W32X86\3\E_FATI9HE.EXE
 C:\Program Files\Winamp\winampa.exe
 C:\Program Files\Windows Defender\MSASCui.exe
 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
 C:\Program Files\Analog Devices\Core\smax4pnp.exe
 C:\Program Files\FarStone\VirtualDrive\VD​Task.exe
 C:\Program Files\FarStone\VirtualDrive\VH​D\RDTask.exe
 C:\Program Files\ATI Technologies\ATI.ACE\Core-Stat​ic\MOM.EXE
 C:\Program Files\Trust\AMI MOUSE 250S WIRELESS OPTICAL\1.0\lwbwheel.exe
 C:\Program Files\DAP\DAP.EXE
 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
 C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
 C:\WINDOWS\system32\ctfmon.exe
 C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
 C:\Program Files\Messenger\msmsgs.exe
 C:\WINDOWS\system32\svchost.ex​e
 C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
 C:\Program Files\SlySoft\AnyDVD\AnyDVD.ex​e
 C:\Program Files\ATI Technologies\ATI.ACE\Core-Stat​ic\ccc.exe
 C:\WINDOWS\System32\wbem\wmiap​srv.exe
 C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
 C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
 C:\Program Files\HijackThis\HijackThis.ex​e

 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Main,Start Page = http://www.aliceadsl.fr/
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Default_Search_U​RL = http://go.microsoft.com/fwlink/?LinkId=54896
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
 R0 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Toolbar,LinksFolderNa​me = Liens
 R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-00902​71D4F88} - C:\Program Files\Yahoo!\Companion\Install​s\cpn1\yt.dll
 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695E​CA05670} - C:\Program Files\Yahoo!\Companion\Install​s\cpn1\yt.dll
 O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC​8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7​942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.​dll
 O2 - BHO: (no name) - {5AAF23D8-4489-43D8-A064-319D1​254ABCA} - C:\WINDOWS\system32\tuvspmn.dl​l
 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF​1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv​.dll
 O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-00902​71D4F88} - C:\Program Files\Yahoo!\Companion\Install​s\cpn1\yt.dll
 O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198​F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
 O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
 O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\System32\JMRaidSetu​p.exe boot
 O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe​" clear
 O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\as​hDisp.exe
 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jus​ched.exe"
 O4 - HKLM\..\Run: [Ai Gear Help] "C:\Program Files\ASUS\AI Gear\GearHelp.exe"
 O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\Wi​nCinemaMgr.exe"
 O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIV​ERS\W32X86\3\E_FATI9HE.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"
 O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Stat​ic\CLIStart.exe"
 O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
 O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.​exe
 O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
 O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
 O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDT​ray.exe" /s
 O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\VirtualDrive\VD​Task.exe" /AutoRestore
 O4 - HKLM\..\Run: [RAMDrive] "C:\Program Files\FarStone\VirtualDrive\VH​D\RDTask.exe"
 O4 - HKLM\..\Run: [TrustInstaller] F:\SETUP.EXE
 O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Trust\AMI MOUSE 250S WIRELESS OPTICAL\1.0\lwbwheel.exe
 O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
 O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
 O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
 O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.ex​e
 O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
 O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
 O4 - HKCU\..\Policies\Explorer\Run: [NTSecurity] NTSecurity.exe
 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
 O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
 O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
 O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
 O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\Wi​nCinemaMgr.exe
 O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
 O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
 O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
 O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users.WINDOWS\Application Data\Winamp Toolbar\ieToolbar\resources\en​-US\local\search.html
 O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv​.dll
 O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv​.dll
 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-08002​00c9a66} - C:\WINDOWS\bdoscandel.exe
 O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-08002​00c9a66} - C:\WINDOWS\bdoscandel.exe
 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB​36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.​dll
 O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB​36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.​dll
 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba3​8496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba3​8496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O15 - Trusted Zone: http://www.secuser.com
 O16 - DPF: {2C7B74DE-3A9E-4CD3-A8DB-47411​E9680A8} (VirginMega.DML.Interface) - http://alice.vm-wl.com/Telecha [...] nLight.cab
 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4​f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelpe​r.dll
 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730​F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.co [...] oscan8.cab
 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF​33E833C} (WUWebControl Class) - http://www.update.microsoft.co [...] 2877152411
 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA​91D2FC3} (MUWebControl Class) - http://www.update.microsoft.co [...] 2889516078
 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04​F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840 [...] scan53.cab
 O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE5​9B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr [...] Helper.cab
 O20 - Winlogon Notify: tuvspmn - C:\WINDOWS\SYSTEM32\tuvspmn.dl​l
 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.e​xe
 O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.e​xe
 O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
 O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
 O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
 O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService​.exe
 O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefr​agService.exe
 O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\v​smon.exe

 --
 End of file - 11007 bytes

merillym
Habitué (de 5 000 à 9 999 messages postés)
  1. Posté le 21/01/2008 à 15:59:25  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 



Infection Vundo / Virtumonde




 1) Affiche les fichiers et dossiers cachés …
 Pour ce faire, tu vas dans un dossier, par ex. "Mes Images".
 Ensuite, clique sur > Outils > Options des dossiers ...
 clique sur l' onglet « Affichage » et ...
 coche ---> Afficher les fichiers et dossiers cachés
 décoche > Masquer les extensions des fichiers dont le type est connu
 décoche > Masquer les fichiers protégés du système d' exploitation (recommandé).
 « Appliquer » et « OK ».

 2) Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

 http://www.atribune.org/ccount/click.php?id=4

 ·  Double-clique VundoFix.exe afin de le lancer
 ·  Clique sur le bouton Scan for Vundo
 ·  Lorsque le scan est complété, clique sur le bouton Remove Vundo
 ·  Une invite te demandera si tu veux supprimer les fichiers, clique YES
 ·  Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
 ·  Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
 ·  Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse

 Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-dessus, à partir de "clique sur le bouton Scan for Vundo".


 3) Téléchargez VirtumundoBeGone sur votre bureau : http://secured2k.home.comcast. [...] BeGone.exe

 Double-cliquez ensuite sur VirtumundoBeGone.exe et suivez les instructions qui s'affichent à l'écran.

 Une fois terminé, redémarrez votre PC.

 PS : Ne vous inquiètez pas si vous voyez un écran bleu "Erreur fatale", c'est normal.

 Poste le rapport généré par VirtumundoBeGone ^^

 4) Télécharge Combofix de sUBs :
 http://download.bleepingcomput [...] mboFix.exe
 Sauvegarde le sur ton bureau et pas ailleurs !

 Aide à l’utilisation de combofix ici: http://bibou0007.forumpro.fr/t [...] x-t121.htm
 
 Redémarre en mode sans échecs : aide ici >>>

 http://forum.telecharger.01net [...] ges-1.html

 Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
 Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

 5) Copie/colle un nouveau rapport HiJackThis avec.

rasorbak
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 21/01/2008 à 19:58:41  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 

 VundoFix V6.7.7

 Checking Java version...

 Java version is 1.5.0.6
 Old versions of java are exploitable and should be removed.

 Java version is 1.5.0.9
 Old versions of java are exploitable and should be removed.

 Scan started at 19:10:36 21/01/2008

 Listing files found while scanning....

 C:\WINDOWS\system32\tuvspmn.dl​l

 Beginning removal...

 Attempting to delete C:\WINDOWS\system32\tuvspmn.dl​l
 C:\WINDOWS\system32\tuvspmn.dl​l Could not be deleted.

 Performing Repairs to the registry.
 Done!

 Beginning removal...

 Attempting to delete C:\WINDOWS\system32\tuvspmn.dl​l
 C:\WINDOWS\system32\tuvspmn.dl​l Could not be deleted.

 Performing Repairs to the registry.
 Done!

 Beginning removal...

 Logfile of Trend Micro HijackThis v2.0.2
 Scan saved at 19:34:53, on 21/01/2008
 Platform: Windows XP SP2 (WinNT 5.01.2600)
 MSIE: Internet Explorer v7.00 (7.00.6000.16574)
 Boot mode: Normal

 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\SYSTEM32\winlogon.e​xe
 C:\WINDOWS\system32\services.e​xe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\Ati2evxx.e​xe
 C:\WINDOWS\system32\svchost.ex​e
 C:\Program Files\Windows Defender\MsMpEng.exe
 C:\WINDOWS\System32\svchost.ex​e
 C:\WINDOWS\SYSTEM32\Ati2evxx.e​xe
 C:\WINDOWS\system32\ZoneLabs\v​smon.exe
 C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
 C:\Program Files\Alwil Software\Avast4\ashServ.exe
 C:\WINDOWS\Explorer.EXE
 C:\WINDOWS\system32\spoolsv.ex​e
 C:\Program Files\NVIDIA Corporation\nTune\nTuneService​.exe
 C:\WINDOWS\System32\svchost.ex​e
 C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
 C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
 C:\WINDOWS\System32\wbem\wmiap​srv.exe
 C:\PROGRA~1\ALWILS~1\Avast4\as​hDisp.exe
 C:\Program Files\Java\jre1.6.0_03\bin\jus​ched.exe
 C:\Program Files\ASUS\AI Gear\GearHelp.exe
 C:\Program Files\InterVideo\Common\Bin\Wi​nCinemaMgr.exe
 C:\WINDOWS\System32\spool\DRIV​ERS\W32X86\3\E_FATI9HE.EXE
 C:\Program Files\Winamp\winampa.exe
 C:\Program Files\Windows Defender\MSASCui.exe
 C:\Program Files\ATI Technologies\ATI.ACE\Core-Stat​ic\MOM.EXE
 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
 C:\Program Files\Analog Devices\Core\smax4pnp.exe
 C:\Program Files\FarStone\VirtualDrive\VD​Task.exe
 C:\Program Files\FarStone\VirtualDrive\VH​D\RDTask.exe
 C:\Program Files\Trust\AMI MOUSE 250S WIRELESS OPTICAL\1.0\lwbwheel.exe
 C:\Program Files\DAP\DAP.EXE
 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
 C:\WINDOWS\system32\ctfmon.exe
 C:\WINDOWS\system32\svchost.ex​e
 C:\Program Files\Messenger\msmsgs.exe
 C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
 C:\Program Files\SlySoft\AnyDVD\AnyDVD.ex​e
 C:\Program Files\ATI Technologies\ATI.ACE\Core-Stat​ic\ccc.exe
 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
 C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
 C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
 C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
 C:\Program Files\HijackThis\HijackThis.ex​e

 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Main,Start Page = http://www.aliceadsl.fr/
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Default_Search_U​RL = http://go.microsoft.com/fwlink/?LinkId=54896
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
 R0 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Toolbar,LinksFolderNa​me = Liens
 R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-00902​71D4F88} - C:\Program Files\Yahoo!\Companion\Install​s\cpn1\yt.dll
 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695E​CA05670} - C:\Program Files\Yahoo!\Companion\Install​s\cpn1\yt.dll
 O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC​8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7​942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.​dll
 O2 - BHO: (no name) - {5AAF23D8-4489-43D8-A064-319D1​254ABCA} - C:\WINDOWS\system32\tuvspmn.dl​l
 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF​1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv​.dll
 O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-00902​71D4F88} - C:\Program Files\Yahoo!\Companion\Install​s\cpn1\yt.dll
 O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198​F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
 O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
 O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\System32\JMRaidSetu​p.exe boot
 O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe​" clear
 O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\as​hDisp.exe
 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jus​ched.exe"
 O4 - HKLM\..\Run: [Ai Gear Help] "C:\Program Files\ASUS\AI Gear\GearHelp.exe"
 O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\Wi​nCinemaMgr.exe"
 O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIV​ERS\W32X86\3\E_FATI9HE.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"
 O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Stat​ic\CLIStart.exe"
 O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
 O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.​exe
 O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
 O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
 O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDT​ray.exe" /s
 O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\VirtualDrive\VD​Task.exe" /AutoRestore
 O4 - HKLM\..\Run: [RAMDrive] "C:\Program Files\FarStone\VirtualDrive\VH​D\RDTask.exe"
 O4 - HKLM\..\Run: [TrustInstaller] F:\SETUP.EXE
 O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Trust\AMI MOUSE 250S WIRELESS OPTICAL\1.0\lwbwheel.exe
 O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
 O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
 O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
 O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.ex​e
 O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
 O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
 O4 - HKCU\..\Policies\Explorer\Run: [NTSecurity] NTSecurity.exe
 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
 O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
 O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
 O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
 O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\Wi​nCinemaMgr.exe
 O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
 O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
 O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
 O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users.WINDOWS\Application Data\Winamp Toolbar\ieToolbar\resources\en​-US\local\search.html
 O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv​.dll
 O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv​.dll
 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-08002​00c9a66} - C:\WINDOWS\bdoscandel.exe
 O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-08002​00c9a66} - C:\WINDOWS\bdoscandel.exe
 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB​36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.​dll
 O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB​36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.​dll
 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba3​8496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba3​8496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O15 - Trusted Zone: http://www.secuser.com
 O16 - DPF: {2C7B74DE-3A9E-4CD3-A8DB-47411​E9680A8} (VirginMega.DML.Interface) - http://alice.vm-wl.com/Telecha [...] nLight.cab
 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4​f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelpe​r.dll
 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730​F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.co [...] oscan8.cab
 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF​33E833C} (WUWebControl Class) - http://www.update.microsoft.co [...] 2877152411
 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA​91D2FC3} (MUWebControl Class) - http://www.update.microsoft.co [...] 2889516078
 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04​F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840 [...] scan53.cab
 O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE5​9B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr [...] Helper.cab
 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.e​xe
 O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.e​xe
 O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
 O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
 O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
 O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService​.exe
 O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefr​agService.exe
 O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\v​smon.exe

 --
 End of file - 11084 bytes



 [01/21/2008, 19:36:38] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Bureau\VirtumundoBeGone.exe" )
 [01/21/2008, 19:36:46] - Detected System Information:
 [01/21/2008, 19:36:46] -  Windows Version: 5.1.2600, Service Pack 2
 [01/21/2008, 19:36:46] -  Current Username: Cédric (Admin)
 [01/21/2008, 19:36:46] -  Windows is in NORMAL mode.
 [01/21/2008, 19:36:46] - Searching for Browser Helper Objects:
 [01/21/2008, 19:36:46] -  BHO 1: {02478D38-C3F9-4EFB-9B51-7695E​CA05670} (Yahoo! Toolbar Helper)
 [01/21/2008, 19:36:46] -  BHO 2: {25CEE8EC-5730-41bc-8B58-22DDC​8AB8C20} (Winamp Toolbar BHO)
 [01/21/2008, 19:36:46] -  BHO 3: {53707962-6F74-2D53-2644-206D7​942484F} (Spybot-S&D IE Protection)
 [01/21/2008, 19:36:46] -  BHO 4: {5AAF23D8-4489-43D8-A064-319D1​254ABCA} ()
 [01/21/2008, 19:36:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
 [01/21/2008, 19:36:46] -  Checking for HKLM\...\Winlogon\Notify\tuvsp​mn
 [01/21/2008, 19:36:46] -  Key not found: HKLM\...\Winlogon\Notify\tuvsp​mn, continuing.
 [01/21/2008, 19:36:46] -  BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF​1D92D43} (SSVHelper Class)
 [01/21/2008, 19:36:46] - Finished Searching Browser Helper Objects
 [01/21/2008, 19:36:46] - Finishing up...
 [01/21/2008, 19:36:46] - Nothing found! Exiting...


 ComboFix 08-01-20.1 - C‚dric 2008-01-21 19:47:42.1 - NTFSx86 MINIMAL
 Microsoft Windows XP Édition familiale  5.1.2600.2.1252.1.1036.18.1772 [GMT 1:00]
 Running from: C:\Documents and Settings\C‚dric.CWIKLINS-BUTMY​1\Bureau\ComboFix.exe

 WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
 .

 ((((((((((((((((((((((((((((((​((((((   Autres suppressions   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .

 C:\Documents and Settings\C‚dric\Application Data\DOBE~1
 C:\Documents and Settings\C‚dric\Application Data\inst.exe
 C:\Documents and Settings\Cédric\Application Data\DOBE~1\?dobe\
 C:\Program Files\Fichiers communs\{346C6~1
 C:\Program Files\Fichiers communs\{646C6~1
 C:\WINDOWS\system32\tuvspmn.dl​l

 .
 (((((((((((((((((((((((((((((   Fichiers créés 2007-12-21 to 2008-01-21  ))))))))))))))))))))))))))))))​))))))
 .

 2008-01-21 19:47 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
 2008-01-21 12:51 . 2006-11-10 10:47 18,704 -ra------ C:\WINDOWS\system32\drivers\se​2Bnd5.sys
 2008-01-21 12:50 . 2006-11-10 10:47 97,184 -ra------ C:\WINDOWS\system32\drivers\SE​2Bmdm.sys
 2008-01-21 12:50 . 2006-11-10 10:47 90,800 -ra------ C:\WINDOWS\system32\drivers\se​2Bunic.sys
 2008-01-21 12:50 . 2006-11-10 10:47 88,688 -ra------ C:\WINDOWS\system32\drivers\SE​2Bmgmt.sys
 2008-01-21 12:50 . 2006-11-10 10:47 86,560 -ra------ C:\WINDOWS\system32\drivers\SE​2Bobex.sys
 2008-01-21 12:50 . 2006-11-10 10:46 9,360 -ra------ C:\WINDOWS\system32\drivers\SE​2Bmdfl.sys
 2008-01-21 12:50 . 2006-11-10 10:46 6,240 -ra------ C:\WINDOWS\system32\drivers\SE​2Bcmnt.sys
 2008-01-21 12:50 . 2006-11-10 10:46 6,240 -ra------ C:\WINDOWS\system32\drivers\SE​2Bcm.sys
 2008-01-21 12:50 . 2006-11-10 10:46 4,128 -ra------ C:\WINDOWS\system32\drivers\se​2Bcr.sys
 2008-01-21 12:48 .  <REP>  C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Application Data\Teleca
 2008-01-21 12:45 . 2006-11-10 10:46 61,600 -ra------ C:\WINDOWS\system32\drivers\SE​2Bbus.sys
 2008-01-21 12:45 . 2006-11-10 10:47 5,872 -ra------ C:\WINDOWS\system32\drivers\SE​2Bwhnt.sys
 2008-01-21 12:45 . 2006-11-10 10:47 5,872 -ra------ C:\WINDOWS\system32\drivers\SE​2Bwh.sys
 2008-01-21 12:38 . 2008-01-21 12:38 <REP> d-------- C:\Program Files\Sony Ericsson
 2008-01-21 12:38 . 2008-01-21 12:38 <REP> d-------- C:\Program Files\Fichiers communs\Sony Ericsson Shared
 2008-01-21 12:38 .  <REP>  C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Application Data\Sony Ericsson
 2008-01-21 12:37 . 2008-01-21 12:38 <REP> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Teleca
 2008-01-21 12:37 . 2008-01-21 12:38 <REP> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sony Ericsson
 2008-01-20 15:21 . 2008-01-21 19:44 999,456 --ahs---- C:\WINDOWS\system32\drivers\fi​dbox.dat
 2008-01-20 15:21 . 2008-01-21 19:44 14,876 --ahs---- C:\WINDOWS\system32\drivers\fi​dbox.idx
 2008-01-20 13:04 . 2008-01-20 13:04 <REP> d-------- C:\Program Files\AxBx
 2008-01-20 11:37 . 2008-01-20 11:37 35,146,061 --a------ C:\WINDOWS\VPTNFILE.951
 2008-01-20 11:37 . 2008-01-20 11:37 35,146,061 --a------ C:\WINDOWS\LPT$VPN.951
 2008-01-20 11:36 . 2008-01-20 11:37 <REP> d-------- C:\WINDOWS\AU_Temp
 2008-01-18 11:13 . 2008-01-18 11:13 <REP> d-------- C:\WINDOWS\system32\VirginMega
 2008-01-17 13:53 . 2008-01-17 13:56 <REP> d-------- C:\Program Files\DAP
 2008-01-17 13:53 . 2008-01-17 13:53 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx
 2008-01-17 13:53 . 2008-01-17 13:53 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
 2008-01-17 13:53 . 2008-01-17 13:53 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dl​l
 2008-01-16 23:17 . 2008-01-17 09:59 <REP> d-------- C:\Program Files\TuneUp Utilities 2008
 2008-01-16 23:17 . 2008-01-16 23:17 306,432 --a------ C:\WINDOWS\system32\TuneUpDefr​agService.exe
 2008-01-16 22:17 .  <REP>  C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Application Data\dvdcss
 2008-01-16 14:05 . 2008-01-16 14:05 <REP> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\Trymedia
 2008-01-16 14:01 . 2008-01-16 14:01 <REP> d-------- C:\Program Files\Valusoft
 2008-01-14 14:46 . 2008-01-14 14:46 <REP> d-------- C:\Program Files\Trust
 2008-01-14 14:46 . 2000-05-10 06:29 6,205 --a------ C:\WINDOWS\system32\LWBHMVXD.V​XD
 2008-01-09 10:40 . 2008-01-09 10:41 <REP> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\farstone
 2008-01-09 10:39 .  <REP>  C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Application Data\FarStone
 2008-01-09 10:36 . 2006-11-10 12:43 37,120 --a------ C:\WINDOWS\system32\drivers\fs​RamDsk.sys
 2008-01-09 10:35 . 2006-11-30 16:33 81,920 --a------ C:\WINDOWS\VPlay801.exe
 2008-01-09 10:35 . 2006-12-05 12:24 81,048 --a------ C:\WINDOWS\system32\drivers\fv​xscsi.sys
 2008-01-09 10:35 . 2006-11-10 14:55 17,840 --a------ C:\WINDOWS\system32\drivers\fc​dabus.sys
 2008-01-09 10:35 . 2006-08-08 10:03 14,496 --a------ C:\WINDOWS\system32\VDI08X.dat
 2008-01-09 10:35 . 2006-08-08 10:03 2,238 --a------ C:\WINDOWS\Driver.ico
 2008-01-09 10:34 . 2008-01-09 10:34 <REP> d-------- C:\Program Files\FarStone
 2008-01-09 10:30 . 2008-01-09 10:30 126,976 --a------ C:\WINDOWS\system32\DVC.dll
 2008-01-09 10:30 . 2006-11-10 15:23 102,400 --------- C:\WINDOWS\system32\RDrv2KInte​rface.dll
 2008-01-09 10:30 . 2008-01-09 10:30 86,016 --a------ C:\WINDOWS\system32\Dversion.d​ll
 2008-01-09 10:30 . 2004-01-13 05:51 53,248 --------- C:\WINDOWS\system32\RDrvNTInte​rface.dll
 2008-01-09 10:30 . 2006-11-15 10:43 36,864 --------- C:\WINDOWS\system32\unVHDDrvEx​e.exe
 2008-01-09 10:30 . 2006-09-19 06:20 36,864 --------- C:\WINDOWS\system32\inVHDDrvEx​e.exe
 2008-01-09 10:30 . 2004-07-17 09:33 32,768 --------- C:\WINDOWS\system32\RDrv9xInte​rface.dll
 2008-01-09 10:30 . 2006-11-01 10:34 28,672 --------- C:\WINDOWS\system32\RDrvInterf​ace.dll
 2008-01-09 09:18 .  <REP>  C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Application Data\LimeWire
 2008-01-06 13:07 . 2008-01-06 13:51 15,183 --a------ C:\FRAGLIST.HTM
 2008-01-06 02:03 . 2008-01-06 02:03 681 --a------ C:\WINDOWS\mozver.dat
 2008-01-05 12:58 .  <REP>  C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Application Data\U3
 2007-12-31 13:10 . 2007-12-31 13:10 <REP> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneUp Software
 2007-12-31 13:10 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.d​ll
 2007-12-23 02:06 . 2007-12-23 02:06 <REP> d----c--- C:\Documents and Settings\All Users.WINDOWS\Application Data\SlySoft
 2007-12-23 02:01 . 2007-12-23 02:05 <REP> d-------- C:\Program Files\SlySoft
 2007-12-22 19:07 . 2007-12-23 02:06 96 ---hs---- C:\WINDOWS\SEE9D3159.tmp
 2007-12-22 19:06 . 2007-12-22 19:06 <REP> d-------- C:\Program Files\Elaborate Bytes
 2007-12-22 13:15 . 2008-01-20 13:41 <REP> d-------- C:\Nostale(FR)

 .
 ((((((((((((((((((((((((((((((​((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .
 2008-01-21 18:41 --------- dc--a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
 2008-01-21 18:27 1,435,136 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
 2008-01-21 18:13 --------- dc----w C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Application Data\uTorrent
 2008-01-21 18:04 --------- d-----w C:\Program Files\UI Central
 2008-01-21 12:47 --------- dc----w C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Application Data\OpenOffice.org2
 2008-01-21 11:39 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
 2008-01-20 14:32 --------- d-----w C:\Program Files\Goto Software
 2008-01-20 12:01 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\VadeRetro
 2008-01-20 10:37 86,094 ----a-w C:\WINDOWS\BPMNT.dll
 2008-01-20 10:37 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
 2008-01-20 10:37 267,845 ----a-w C:\WINDOWS\tsc.exe
 2008-01-20 10:37 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
 2008-01-19 22:52 39,936 ----a-w C:\WINDOWS\system32\NTSpool.ex​e
 2008-01-18 16:57 --------- dc----w C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Application Data\AdobeUM
 2008-01-18 07:12 --------- d-----w C:\Program Files\Winamp
 2008-01-17 10:22 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
 2008-01-17 09:41 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
 2008-01-17 09:39 12,632 ----a-w C:\WINDOWS\system32\lsdelete.e​xe
 2008-01-16 22:18 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
 2008-01-11 21:51 --------- dc----w C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Application Data\Adobe
 2008-01-09 09:59 --------- d-----w C:\Program Files\World of Warcraft
 2008-01-04 11:59 --------- d-----w C:\Program Files\DivX
 2008-01-04 10:17 --------- d-----w C:\Program Files\wgm
 2007-12-29 13:45 --------- dc----w C:\Documents and Settings\Cédric\Application Data\uTorrent
 2007-12-29 13:45 --------- d-----w C:\Program Files\uTorrent
 2007-12-17 12:55 --------- d-----w C:\Program Files\IKEA HomePlanner
 2007-12-13 18:27 75,248 ----a-w C:\WINDOWS\zllsputility.exe
 2007-12-13 18:27 54,672 ----a-w C:\WINDOWS\system32\vsutil_loc​040c.dll
 2007-12-13 18:27 42,384 ----a-w C:\WINDOWS\zllsputility_loc040​c.dll
 2007-12-13 18:27 21,904 ----a-w C:\WINDOWS\system32\imsinstall​_loc040c.dll
 2007-12-13 18:27 17,808 ----a-w C:\WINDOWS\system32\imslsp_ins​tall_loc040c.dll
 2007-12-13 18:27 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dl​l
 2007-12-11 19:46 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
 2007-12-11 19:46 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.d​ll
 2007-12-11 19:45 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dl​l
 2007-12-11 19:45 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dl​l
 2007-12-11 19:44 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.​dll
 2007-12-11 19:44 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.​dll
 2007-12-11 19:44 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
 2007-12-11 19:44 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.​dll
 2007-12-11 19:44 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
 2007-12-11 19:44 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.d​ll
 2007-12-11 19:44 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
 2007-12-11 19:44 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.d​ll
 2007-12-11 19:44 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
 2007-12-11 19:44 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
 2007-12-11 19:44 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
 2007-12-11 19:44 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
 2007-12-11 19:44 156,992 ----a-w C:\WINDOWS\system32\DivXCodecV​ersionChecker.exe
 2007-12-11 19:43 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExt​Type.dll
 2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\as​wmon.sys
 2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\as​wmon2.sys
 2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\as​wRdr.sys
 2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\as​wTdi.sys
 2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aa​vmker4.sys
 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.ex​e
 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.sc​r
 2007-11-30 15:23 97,216 ----a-w C:\WINDOWS\system32\drivers\An​yDVD.sys
 2007-11-23 17:48 --------- d-----w C:\Program Files\WowCartographe
 2007-11-21 15:25 --------- d-----w C:\Program Files\Analog Devices
 2007-11-18 01:03 112,959 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_11_17_21_1​6_48_small.dmp.zip
 2007-11-08 13:06 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
 2007-11-08 13:06 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
 2007-11-08 13:06 286,720 ----a-w C:\WINDOWS\PATCH.EXE
 2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
 2007-11-05 06:41 113,572 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_11_04_12_4​5_32_small.dmp.zip
 2007-11-04 05:22 110,274 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_11_03_20_3​4_40_small.dmp.zip
 2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
 2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
 2007-10-24 14:55 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
 2007-10-22 17:49 64,980 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_10_22_1​9_46_04_small.dmp.zip
 2007-10-22 17:49 62,076 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_10_22_1​9_46_01_small.dmp.zip
 2007-10-20 11:23 65 ----a-w C:\Program Files\Fichiers communs\appop.log
 2007-10-07 14:42 4,512 -c--a-w C:\Documents and Settings\Cédric\Application Data\wklnhst.dat
 2007-06-10 07:56 47,360 -c--a-w C:\Documents and Settings\Cédric\Application Data\pcouffin.sys
 2007-06-10 07:50 87,608 -c--a-w C:\Documents and Settings\Cédric\Application Data\ezpinst.exe
 .

 ((((((((((((((((((((((((((((((​(((   Point de chargement Reg   ))))))))))))))))))))))))))))))​)))))))))))))))))))
 .
 .
 REGEDIT4
 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
 2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Internet Explorer\Toolbar]
 {EF99BD32-C1FB-11D2-892F-00902​71D4F88}
 {EBF2BA02-9094-4C5A-858B-BB198​F3D8DE2}

 [HKEY_CLASSES_ROOT\clsid\{ebf2b​a02-9094-4c5a-858b-bb198f3d8de​2}]
 [HKEY_CLASSES_ROOT\WINAMPTB.AOL​ToolBand.1]
 [HKEY_CLASSES_ROOT\TypeLib\{538​CD77C-BFDD-49b0-9562-77419CAB8​9D1}]
 [HKEY_CLASSES_ROOT\WINAMPTB.AOL​ToolBand]

 [HKEY_CURRENT_USER\Software\Mic​rosoft\Internet Explorer\Toolbar\WebBrowser]
 "{EBF2BA02-9094-4C5A-858B-BB19​8F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]

 [HKEY_CLASSES_ROOT\clsid\{ebf2b​a02-9094-4c5a-858b-bb198f3d8de​2}]
 [HKEY_CLASSES_ROOT\WINAMPTB.AOL​ToolBand.1]
 [HKEY_CLASSES_ROOT\TypeLib\{538​CD77C-BFDD-49b0-9562-77419CAB8​9D1}]
 [HKEY_CLASSES_ROOT\WINAMPTB.AOL​ToolBand]

 [HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Run]
 "CTFMON.EXE"="C:\WINDOWS\syste​m32\ctfmon.exe" [2004-08-20 00:09 15360]
 "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
 "AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.ex​e" [2007-12-23 00:46 1637312]
 "TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" [2007-12-21 15:39 197888]
 "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Run]
 "JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE​.exe" [2006-10-30 13:44 36864]
 "36X Raid Configurer"="C:\WINDOWS\System​32\JMRaidSetup.exe" [2006-11-16 10:05 1953792]
 "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe​" [2007-01-22 16:22 81920]
 "avast!"="C:\PROGRA~1\ALWILS~1​\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
 "SunJavaUpdateSched"="C:\Progr​am Files\Java\jre1.6.0_03\bin\jus​ched.exe" [2007-09-25 00:11 132496]
 "Ai Gear Help"="C:\Program Files\ASUS\AI Gear\GearHelp.exe" [2006-07-27 19:39 415744]
 "WINCINEMAMGR"="C:\Program Files\InterVideo\Common\Bin\Wi​nCinemaMgr.exe" [2005-01-21 01:47 270336]
 "EPSON Stylus Photo RX620 Series"="C:\WINDOWS\System32\s​pool\DRIVERS\W32X86\3\E_FATI9H​E.exe" [2004-05-20 04:00 98304]
 "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Stat​ic\CLIStart.exe" [2006-11-10 11:35 90112]
 "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 23:54 37376]
 "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
 "NeroFilterCheck"="C:\WINDOWS\​system32\NeroCheck.exe" [2006-01-12 14:40 155648]
 "SoundMax"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 07:12 729088]
 "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 21:34 868352]
 "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDT​ray.exe" [2006-09-28 20:21 57344]
 "VirtualDrive"="C:\Program Files\FarStone\VirtualDrive\VD​Task.exe" [2006-12-07 15:35 155648]
 "RAMDrive"="C:\Program Files\FarStone\VirtualDrive\VH​D\RDTask.exe" [2006-12-04 15:51 135168]
 "TrustInstaller"="F:\SETUP.EXE​" [ ]
 "LWBMOUSE"="C:\Program Files\Trust\AMI MOUSE 250S WIRELESS OPTICAL\1.0\lwbwheel.exe" [2001-04-20 12:42 429568]
 "DownloadAccelerator"="C:\Prog​ram Files\DAP\DAP.exe" [2008-01-17 13:53 4576768]
 "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]
 "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-02-20 13:06 741376]
 "MSConfig"="C:\WINDOWS\PCHealt​h\HelpCtr\Binaries\MSConfig.ex​e" [2004-08-20 00:09 160768]

 [HKEY_USERS\.DEFAULT\Software\M​icrosoft\Windows\CurrentVersio​n\Run]
 "CTFMON.EXE"="C:\WINDOWS\Syste​m32\CTFMON.EXE" [2004-08-20 00:09 15360]
 "DWQueuedReporting"="C:\PROGRA​~1\FICHIE~1\MICROS~1\DW\dwtrig​20.exe" [2007-03-13 15:38 39264]

 C:\Documents and Settings\C‚dric\Menu D‚marrer\Programmes\D‚marrage\
 OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]

 [HKEY_CURRENT_USER\software\mic​rosoft\windows\currentversion\​policies\explorer\run]
 "NTSecurity"= NTSecurity.exe

 R0 ivicd;Ivi CDVD Filter Driver;C:\WINDOWS\system32\dri​vers\ivicd.sys [2005-01-12 05:29]
 S2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svch​ost.exe [2004-08-20 00:10]
 S3 iviudf;iviudf;C:\WINDOWS\syste​m32\drivers\IviUdf.sys [2005-06-23 01:09]
 S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\Tu​neUpDefragService.exe [2008-01-16 23:17]
 S3 wlags51b;Wireless LAN USB Driver;C:\WINDOWS\system32\DRI​VERS\wlags51b.sys [2002-04-30 10:34]

 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
 UxTuneUp

 [HKEY_CURRENT_USER\software\mic​rosoft\windows\currentversion\​explorer\mountpoints2\{9b5e3dd​d-bb5b-11dc-8399-0010c626b8c0}​]
 \Shell\AutoRun\command - I:\LaunchU3.exe

 .
 Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
 "2008-01-16 22:18:03 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
 - C:\Program Files\TuneUp Utilities 2008\OneClick.exe
 "2008-01-21 18:48:37 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
 - C:\Program Files\Windows Defender\MpCmdRun.exe
 .
 ******************************​******************************​**************

 catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
 Rootkit scan 2008-01-21 19:49:56
 Windows 5.1.2600 Service Pack 2 NTFS

 scanning hidden processes ...

 scanning hidden autostart entries ...

 scanning hidden files ...

 scan completed successfully
 hidden files: 0

 ******************************​******************************​**************
 .
 Completion time: 2008-01-21 19:50:24
 ComboFix-quarantined-files.txt  2008-01-21 18:50:11
 .
 2008-01-11 03:22:19 --- E O F ---  


 Logfile of Trend Micro HijackThis v2.0.2
 Scan saved at 19:51:44, on 21/01/2008
 Platform: Windows XP SP2 (WinNT 5.01.2600)
 MSIE: Internet Explorer v7.00 (7.00.6000.16574)
 Boot mode: Safe mode

 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\SYSTEM32\winlogon.e​xe
 C:\WINDOWS\system32\services.e​xe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\svchost.ex​e
 C:\Program Files\Windows Defender\MsMpEng.exe
 C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\explorer.exe
 C:\Program Files\HijackThis\HijackThis.ex​e

 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Main,Start Page = http://www.aliceadsl.fr/
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Default_Search_U​RL = http://go.microsoft.com/fwlink/?LinkId=54896
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
 R0 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Toolbar,LinksFolderNa​me = Liens
 R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-00902​71D4F88} - C:\Program Files\Yahoo!\Companion\Install​s\cpn1\yt.dll
 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695E​CA05670} - C:\Program Files\Yahoo!\Companion\Install​s\cpn1\yt.dll
 O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC​8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7​942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.​dll
 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF​1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv​.dll
 O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-00902​71D4F88} - C:\Program Files\Yahoo!\Companion\Install​s\cpn1\yt.dll
 O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198​F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
 O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
 O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\System32\JMRaidSetu​p.exe boot
 O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe​" clear
 O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\as​hDisp.exe
 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jus​ched.exe"
 O4 - HKLM\..\Run: [Ai Gear Help] "C:\Program Files\ASUS\AI Gear\GearHelp.exe"
 O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\Wi​nCinemaMgr.exe"
 O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIV​ERS\W32X86\3\E_FATI9HE.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"
 O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Stat​ic\CLIStart.exe"
 O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
 O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.​exe
 O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
 O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
 O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDT​ray.exe" /s
 O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\VirtualDrive\VD​Task.exe" /AutoRestore
 O4 - HKLM\..\Run: [RAMDrive] "C:\Program Files\FarStone\VirtualDrive\VH​D\RDTask.exe"
 O4 - HKLM\..\Run: [TrustInstaller] F:\SETUP.EXE
 O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Trust\AMI MOUSE 250S WIRELESS OPTICAL\1.0\lwbwheel.exe
 O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
 O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
 O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
 O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Bi​naries\MSConfig.exe /auto
 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
 O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.ex​e
 O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
 O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
 O4 - HKCU\..\Policies\Explorer\Run: [NTSecurity] NTSecurity.exe
 O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
 O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
 O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
 O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\Wi​nCinemaMgr.exe
 O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
 O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
 O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
 O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users.WINDOWS\Application Data\Winamp Toolbar\ieToolbar\resources\en​-US\local\search.html
 O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv​.dll
 O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv​.dll
 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-08002​00c9a66} - C:\WINDOWS\bdoscandel.exe
 O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-08002​00c9a66} - C:\WINDOWS\bdoscandel.exe
 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB​36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.​dll
 O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB​36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.​dll
 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba3​8496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba3​8496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O15 - Trusted Zone: http://www.secuser.com
 O16 - DPF: {2C7B74DE-3A9E-4CD3-A8DB-47411​E9680A8} (VirginMega.DML.Interface) - http://alice.vm-wl.com/Telecha [...] nLight.cab
 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4​f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelpe​r.dll
 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730​F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.co [...] oscan8.cab
 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF​33E833C} (WUWebControl Class) - http://www.update.microsoft.co [...] 2877152411
 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA​91D2FC3} (MUWebControl Class) - http://www.update.microsoft.co [...] 2889516078
 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04​F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840 [...] scan53.cab
 O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE5​9B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr [...] Helper.cab
 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.e​xe
 O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.e​xe
 O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
 O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
 O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
 O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService​.exe
 O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefr​agService.exe
 O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\v​smon.exe

 --
 End of file - 9133 bytes

(Publicité)
merillym
Habitué (de 5 000 à 9 999 messages postés)
  1. Posté le 21/01/2008 à 20:05:41  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Avast! est loin de ce que l'on a fait de mieux en matière de protection, voir ce lien pour plus d'informations : http://forum.malekal.com/ftopic3123.php

 Clairement, Antivir est beaucoup plus performant et réactif , il reconnait plus de 1 000 000 de malwares.
 Il n'a rien à envier aux ténors du genre (kaspersky , nod32..).
 C'est pourquoi, je te conseille TRES VIVEMENT de désinstaller Avast! et installer Antivir à la place : http://www.malekal.com/tutorial_antivir.php - Après l'installation, mets le à jour - si ton firewall fait une alerte.. accepte la connexion.
 - Assure toi qu'Antivir est bien à jour, vérifie la date d'update.

 -- Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.

 - Ouvre Antivir par le menu Démarrer / Programmes
 - Cliquez sur l'onglet Scanner.
 - Sélectionne Manual Selection
 - Sélectionne tous les disques.
 - Lance le scan - Mets en quarantaine tous les éléments détectés.
 - Une fois le scan terminé Enregistre le rapport.

 Redémarre en mode normal.

 Poste le rapport ici.

rasorbak
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 22/01/2008 à 10:26:41  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 


 AntiVir PersonalEdition Classic
 Report file date: mardi 22 janvier 2008  09:06

 Scanning for 1060579 virus strains and unwanted programs.

 Licensed to:      Avira AntiVir PersonalEdition Classic
 Serial number:    0000149996-ADJIE-0001
 Platform:         Windows XP
 Windows version:  (Service Pack 2)  [5.1.2600]
 Username:         Cédric
 Computer name:    CWIKLINS-BUTMY1

 Version information:
 BUILD.DAT    : 270           15603 Bytes  19/09/2007 13:32:00
 AVSCAN.EXE   : 7.0.6.1      290856 Bytes  23/08/2007 13:16:29
 AVSCAN.DLL   : 7.0.6.0       49192 Bytes  16/08/2007 12:23:51
 LUKE.DLL     : 7.0.5.3      147496 Bytes  14/08/2007 15:32:47
 LUKERES.DLL  : 7.0.6.1       10280 Bytes  21/08/2007 12:35:20
 ANTIVIR0.VDF : 6.40.0.0    11030528 Bytes  18/07/2007 14:27:15
 ANTIVIR1.VDF : 7.0.1.95    3367424 Bytes  14/12/2007 00:15:44
 ANTIVIR2.VDF : 7.0.2.0      948736 Bytes  15/01/2008 00:15:44
 ANTIVIR3.VDF : 7.0.2.25     271360 Bytes  21/01/2008 00:15:44
 AVEWIN32.DLL : 7.6.0.48    3080704 Bytes  22/01/2008 00:15:45
 AVWINLL.DLL  : 1.0.0.7       14376 Bytes  26/02/2007 10:36:26
 AVPREF.DLL   : 7.0.2.2       25640 Bytes  18/07/2007 07:39:17
 AVREP.DLL    : 7.0.0.1      155688 Bytes  16/04/2007 13:16:24
 AVPACK32.DLL : 7.6.0.3      360488 Bytes  22/01/2008 00:15:45
 AVREG.DLL    : 7.0.1.6       30760 Bytes  18/07/2007 07:17:06
 AVARKT.DLL   : 1.0.0.20     278568 Bytes  28/08/2007 12:26:33
 AVEVTLOG.DLL : 7.0.0.20      86056 Bytes  18/07/2007 07:10:18
 NETNT.DLL    : 7.0.0.0        7720 Bytes  08/03/2007 11:09:42
 RCIMAGE.DLL  : 7.0.1.30    2342952 Bytes  07/08/2007 12:38:13
 RCTEXT.DLL   : 7.0.62.0      86056 Bytes  21/08/2007 12:50:37
 SQLITE3.DLL  : 3.3.17.1     339968 Bytes  23/07/2007 09:37:21

 Configuration settings for the scan:
 Jobname.......................​...: Manual Selection
 Configuration file...............: C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
 Logging.......................​...: low
 Primary action...................: interactive
 Secondary action.................: ignore
 Scan master boot sector..........: off
 Scan boot sector.................: on
 Boot sectors.....................: M:,
 Scan memory......................: on
 Process scan.....................: on
 Scan registry....................: on
 Search for rootkits..............: off
 Scan all files...................: Intelligent file selection
 Scan archives....................: on
 Recursion depth..................: 20
 Smart extensions.................: on
 Macro heuristic..................: on
 File heuristic...................: medium

 Start of the scan: mardi 22 janvier 2008  09:06

 The scan of running processes will be started
 Scan process 'avscan.exe' - '1' Module(s) have been scanned
 Scan process 'avcenter.exe' - '1' Module(s) have been scanned
 Scan process 'explorer.exe' - '1' Module(s) have been scanned
 Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
 Scan process 'svchost.exe' - '1' Module(s) have been scanned
 Scan process 'aawservice.exe' - '1' Module(s) have been scanned
 Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
 Scan process 'svchost.exe' - '1' Module(s) have been scanned
 Scan process 'svchost.exe' - '1' Module(s) have been scanned
 Scan process 'lsass.exe' - '1' Module(s) have been scanned
 Scan process 'services.exe' - '1' Module(s) have been scanned
 Scan process 'winlogon.exe' - '1' Module(s) have been scanned
 Scan process 'csrss.exe' - '1' Module(s) have been scanned
 Scan process 'smss.exe' - '1' Module(s) have been scanned
 14 processes with 14 modules were scanned

 Start scanning boot sectors:
 Boot sector 'A:\'

[NOTE]      In the drive 'A:\' no data medium is inserted!
 Boot sector 'C:\'

[NOTE]      No virus was found!
 Boot sector 'D:\'

[NOTE]      No virus was found!
 Boot sector 'E:\'

[NOTE]      No virus was found!
 Boot sector 'G:\'

[NOTE]      No virus was found!
 Boot sector 'I:\'

[NOTE]      In the drive 'I:\' no data medium is inserted!
 Boot sector 'J:\'

[NOTE]      In the drive 'J:\' no data medium is inserted!
 Boot sector 'K:\'

[NOTE]      In the drive 'K:\' no data medium is inserted!
 Boot sector 'L:\'

[NOTE]      In the drive 'L:\' no data medium is inserted!
 Boot sector 'M:\'

[NOTE]      In the drive 'M:\' no data medium is inserted!

 Starting to scan the registry.
 The registry was scanned ( '40' files ).


 Starting the file scan:

 Begin scan in 'A:\'
 Search path A:\ could not be opened!
 Le périphérique n'est pas prêt.

 Begin scan in 'C:\' <BOOT>
 C:\pagefile.sys

[WARNING]   The file could not be opened!
 C:\SmitfraudFix\SmiUpdate.exe

[DETECTION] Is the Trojan horse TR/VB.20480

[INFO]      The file was moved to '47fea82d.qua'!
 Begin scan in 'D:\' <BACKUP>
 Begin scan in 'E:\' <RECOVER>
 Begin scan in 'F:\'
 Search path F:\ could not be opened!
 Le périphérique n'est pas prêt.

 Begin scan in 'G:\' <Divers>
 G:\WINDOWS\$NtUninstallKB82693​9$\itss.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82693​9$\locator.exe

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82693​9$\magnify.exe

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82693​9$\migwiz.exe

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82693​9$\mrxsmb.sys

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82693​9$\msconv97.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82693​9$\narrator.exe

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82693​9$\newdev.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82693​9$\ntdll.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82693​9$\ntkrnlpa.exe

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82693​9$\ntoskrnl.exe

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82693​9$\osk.exe

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82693​9$\pchshell.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82693​9$\raspptp.sys

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82693​9$\shell32.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82693​9$\shmedia.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82693​9$\srrstr.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82693​9$\srv.sys

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82693​9$\user32.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82693​9$\win32k.sys

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82693​9$\winsrv.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82693​9$\zipfldr.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82694​2$\dhcpcsvc.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82694​2$\ndis.sys

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82694​2$\ndisuio.sys

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82694​2$\netshell.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82694​2$\wzcdlg.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82694​2$\wzcsapi.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82694​2$\wzcsvc.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82803​5$\msgsvc.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82803​5$\wkssvc.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82874​1$\catsrv.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82874​1$\catsrvut.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82874​1$\clbcatex.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82874​1$\clbcatq.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82874​1$\colbact.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82874​1$\comadmin.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82874​1$\comrepl.exe

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82874​1$\comsvcs.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82874​1$\comuid.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82874​1$\es.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82874​1$\migregdb.exe

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82874​1$\msdtcprx.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82874​1$\msdtctm.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82874​1$\msdtcuiu.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82874​1$\mtxclu.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82874​1$\mtxoci.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82874​1$\ole32.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82874​1$\rpcrt4.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82874​1$\rpcss.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB82874​1$\txflog.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB83399​8$\shell32.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB83399​8$\sxs.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB83573​2$\callcont.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB83573​2$\gdi32.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB83573​2$\h323msp.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB83573​2$\helpctr.exe

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB83573​2$\ipnathlp.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB83573​2$\lsasrv.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB83573​2$\mf3216.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB83573​2$\msasn1.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB83573​2$\msgina.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB83573​2$\mst120.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB83573​2$\netapi32.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB83573​2$\nmcom.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB83573​2$\rtcdll.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB83573​2$\schannel.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB83964​5$\fldrclnr.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB83964​5$\shell32.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB83964​5$\sxs.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallKB83964​5$\xpsp2res.dll

[WARNING]   The file could not be opened!
 G:\WINDOWS\$NtUninstallQ828026​$\wmp.dll

[WARNING]   The file could not be opened!
 Begin scan in 'I:\'
 Search path I:\ could not be opened!
 Le périphérique n'est pas prêt.

 Begin scan in 'J:\'
 Search path J:\ could not be opened!
 Le périphérique n'est pas prêt.

 Begin scan in 'K:\'
 Search path K:\ could not be opened!
 Le périphérique n'est pas prêt.

 Begin scan in 'L:\'
 Search path L:\ could not be opened!
 Le périphérique n'est pas prêt.

 Begin scan in 'M:\'
 Search path M:\ could not be opened!
 Le périphérique n'est pas prêt.



 End of the scan: mardi 22 janvier 2008  09:37
 Used time: 31:29 min

 The scan has been done completely.

  11095 Scanning directories
 356966 Files were scanned

1 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

1 files were moved to quarantine

0 files were renamed

73 Files cannot be scanned
 356965 Files not concerned

3558 Archives were scanned

73 Warnings

52 Notes

merillym
Habitué (de 5 000 à 9 999 messages postés)
  1. Posté le 22/01/2008 à 16:51:24  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Télécharge sur ton bureau : http://www.malekal.com/download/clean.zip

 Aide pour clean : http://mickael.barroux.free.fr/securite/clean.php

 Une fois sur le bureau, tu fais un clic droit sur ton fichier clean.zip et dans le menu déroulant, tu clics sur extrait tout ou extraire ici.
 Cela va créer un dossier clean.
 Double-clic sur ce dossier clean, tu y trouveras dedans plusieurs fichiers.
 Double-clic sur clean. Cela va ouvrir une fenêtre noire.
 Un menu va apparaître, choisis l'option 1 en appuyant sur la touche 1 de ton clavier.
 Clean va travailler.
 Un rapport Va etre généré, colle le contenu entier ici (si tu ne trouves pas le rapport, il est ici : C:\rapport_clean.txt)

(Publicité)
rasorbak
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 22/01/2008 à 20:44:21  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
22/01/2008 a 20:43:12,37
 
 *** Recherche des fichiers dans C:
 
 *** Recherche des fichiers dans C:\WINDOWS\
 
 *** Recherche des fichiers dans C:\WINDOWS\system32
 C:\WINDOWS\system32\bdod.bin FOUND

merillym
Habitué (de 5 000 à 9 999 messages postés)
  1. Posté le 22/01/2008 à 21:16:39  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
1)
 Redémarre ton PC en mode sans échec :
 Aide :   http://forum.telecharger.01net [...] ges-1.html

 Aide pour clean : http://mickael.barroux.free.fr/securite/clean.php

 Double-clic sur clean. Cela va ouvrir une fenêtre noire.
 Un menu va apparaître, choisis l'option 2 en appuyant sur la touche 2 de ton clavier.
 Clean va travailler.
 Un rapport Va etre généré, envoie le moi dans ta prochaine réponse !

 Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci:
 http://www.malekal.com/tuto_upload_fichiers.php

 2) Télécharge Deckard's System Scanner (DSS) (ou DSS) sur ton Bureau.
 Execute.. laisse le scan se faire.

 Poste le ou les rapports ici.

 ;)

rasorbak
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 22/01/2008 à 23:22:42  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Script execute en mode sans echec
 Rapport clean par Malekal_morte - http://www.malekal.com
 Script execute en mode sans echec 22/01/2008 a 23:13:47,28

 Microsoft Windows XP [version 5.1.2600]
 
 *** Suppression des fichiers dans C:
 
 *** Suppression des fichiers dans C:\WINDOWS\
 
 *** Suppression des fichiers dans C:\WINDOWS\system32
 tentative de suppression de C:\WINDOWS\system32\bdod.bin


 Deckard's System Scanner v20071014.68
 Run by Cédric on 2008-01-22 23:18:42
 Computer is in Normal Mode.
 ------------------------------​------------------------------​--------------------

 -- System Restore ------------------------------​------------------------------​--

 Successfully created a Deckard's System Scanner Restore Point.


 -- Last 3 Restore Point(s) --
 3: 2008-01-22 22:18:46 UTC - RP3 - Deckard's System Scanner Restore Point
 2: 2008-01-22 00:12:56 UTC - RP2 - AntiVir PersonalEdition Classic - 22/01/2008 01:12
 1: 2007-01-21 18:54:05 UTC - RP1 - Point de vérification système


 Backed up registry hives.
 Performed disk cleanup.



 -- HijackThis (run as Cédric.exe) ------------------------------​----------------

 Logfile of Trend Micro HijackThis v2.0.2
 Scan saved at 23:19:32, on 22/01/2008
 Platform: Windows XP SP2 (WinNT 5.01.2600)
 MSIE: Internet Explorer v7.00 (7.00.6000.16574)
 Boot mode: Normal

 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\winlogon.e​xe
 C:\WINDOWS\system32\services.e​xe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\Ati2evxx.e​xe
 C:\WINDOWS\system32\svchost.ex​e
 C:\Program Files\Windows Defender\MsMpEng.exe
 C:\WINDOWS\System32\svchost.ex​e
 C:\WINDOWS\system32\Ati2evxx.e​xe
 C:\WINDOWS\system32\ZoneLabs\v​smon.exe
 C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
 C:\WINDOWS\Explorer.EXE
 C:\WINDOWS\system32\spoolsv.ex​e
 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
 C:\Program Files\Java\jre1.6.0_03\bin\jus​ched.exe
 C:\Program Files\ASUS\AI Gear\GearHelp.exe
 C:\Program Files\InterVideo\Common\Bin\Wi​nCinemaMgr.exe
 C:\WINDOWS\System32\spool\DRIV​ERS\W32X86\3\E_FATI9HE.EXE
 C:\Program Files\Winamp\winampa.exe
 C:\Program Files\Windows Defender\MSASCui.exe
 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
 C:\Program Files\Analog Devices\Core\smax4pnp.exe
 C:\Program Files\FarStone\VirtualDrive\VD​Task.exe
 C:\Program Files\FarStone\VirtualDrive\VH​D\RDTask.exe
 C:\Program Files\ATI Technologies\ATI.ACE\Core-Stat​ic\MOM.EXE
 C:\Program Files\Trust\AMI MOUSE 250S WIRELESS OPTICAL\1.0\lwbwheel.exe
 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
 C:\WINDOWS\system32\ctfmon.exe
 C:\Program Files\Messenger\msmsgs.exe
 C:\Program Files\FarStone\VirtualDrive\Ch​eckVersion.exe
 C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
 C:\Program Files\SlySoft\AnyDVD\AnyDVD.ex​e
 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
 C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
 C:\Program Files\NVIDIA Corporation\nTune\nTuneService​.exe
 C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
 C:\WINDOWS\System32\svchost.ex​e
 C:\Program Files\ATI Technologies\ATI.ACE\Core-Stat​ic\ccc.exe
 C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
 C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
 C:\WINDOWS\system32\wuauclt.ex​e
 C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Bureau\dss.exe
 C:\WINDOWS\system32\wuauclt.ex​e
 C:\PROGRA~1\HIJACK~1\Cédric.ex​e

 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Main,Start Page = http://www.aliceadsl.fr/
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Default_Search_U​RL = http://go.microsoft.com/fwlink/?LinkId=54896
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
 R0 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Toolbar,LinksFolderNa​me = Liens
 R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-00902​71D4F88} - C:\Program Files\Yahoo!\Companion\Install​s\cpn1\yt.dll
 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695E​CA05670} - C:\Program Files\Yahoo!\Companion\Install​s\cpn1\yt.dll
 O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC​8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7​942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.​dll
 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF​1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv​.dll
 O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-00902​71D4F88} - C:\Program Files\Yahoo!\Companion\Install​s\cpn1\yt.dll
 O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198​F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
 O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
 O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\System32\JMRaidSetu​p.exe boot
 O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe​" clear
 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jus​ched.exe"
 O4 - HKLM\..\Run: [Ai Gear Help] "C:\Program Files\ASUS\AI Gear\GearHelp.exe"
 O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\Wi​nCinemaMgr.exe"
 O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIV​ERS\W32X86\3\E_FATI9HE.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"
 O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Stat​ic\CLIStart.exe"
 O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
 O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.​exe
 O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
 O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
 O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDT​ray.exe" /s
 O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\VirtualDrive\VD​Task.exe" /AutoRestore
 O4 - HKLM\..\Run: [RAMDrive] "C:\Program Files\FarStone\VirtualDrive\VH​D\RDTask.exe"
 O4 - HKLM\..\Run: [TrustInstaller] F:\SETUP.EXE
 O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Trust\AMI MOUSE 250S WIRELESS OPTICAL\1.0\lwbwheel.exe
 O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
 O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
 O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
 O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.ex​e
 O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
 O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
 O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
 O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
 O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
 O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\Wi​nCinemaMgr.exe
 O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
 O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
 O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
 O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users.WINDOWS\Application Data\Winamp Toolbar\ieToolbar\resources\en​-US\local\search.html
 O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv​.dll
 O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv​.dll
 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-08002​00c9a66} - C:\WINDOWS\bdoscandel.exe
 O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-08002​00c9a66} - C:\WINDOWS\bdoscandel.exe
 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB​36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.​dll
 O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB​36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.​dll
 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba3​8496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba3​8496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O15 - Trusted Zone: http://www.secuser.com
 O16 - DPF: {2C7B74DE-3A9E-4CD3-A8DB-47411​E9680A8} (VirginMega.DML.Interface) - http://alice.vm-wl.com/Telecha [...] nLight.cab
 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4​f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelpe​r.dll
 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730​F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.co [...] oscan8.cab
 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF​33E833C} (WUWebControl Class) - http://www.update.microsoft.co [...] 2877152411
 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA​91D2FC3} (MUWebControl Class) - http://www.update.microsoft.co [...] 2889516078
 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04​F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840 [...] scan53.cab
 O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE5​9B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr [...] Helper.cab
 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
 O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
 O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.e​xe
 O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.e​xe
 O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService​.exe
 O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefr​agService.exe
 O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\v​smon.exe

 --
 End of file - 10763 bytes

 -- File Associations ------------------------------​-----------------------------

 All associations okay.


 -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

 R0 ivicd (Ivi CDVD Filter Driver) - c:\windows\system32\drivers\iv​icd.sys <Not Verified; InterVideo; InterVideo C/DVD Filter Driver>
 R3 fsRamDsk (RamDisk Drive Service) - c:\windows\system32\drivers\fs​ramdsk.sys
 R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iv​iaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
 R3 NVR0Dev - c:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>
 R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pf​c.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

 S3 Ad-Watch Connect Filter (Ad-Watch Connect Kernel Filter) - c:\windows\system32\drivers\ns​driver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>
 S3 AMDPCI - c:\docume~1\cdric~1.cwi\locals​~1\temp\safe to delete 3_0_5_2\amdpci.sys (file missing)
 S3 BDFsDrv - c:\program files\softwin\bitdefender10\bd​fsdrv.sys (file missing)
 S3 BDRsDrv - c:\program files\softwin\bitdefender10\bd​rsdrv.sys (file missing)
 S3 iviudf - c:\windows\system32\drivers\iv​iudf.sys <Not Verified; InterVideo; UDF File System Driver>
 S3 Profos - c:\program files\softwin\bitdefender10\pr​ofos.sys (file missing)
 S3 Trufos - c:\program files\softwin\bitdefender10\tr​ufos.sys (file missing)


 -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

 R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; Scheduler>
 R2 nTuneService (nTune Service) - c:\program files\nvidia corporation\ntune\ntuneservice​.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>


 -- Device Manager: Disabled ------------------------------​----------------------

 Class GUID: {4D36E972-E325-11CE-BFC1-08002​BE10318}
 Description: NVIDIA nForce Networking Controller
 Device ID: {1A3E09BE-1E45-494B-9174-D7385​B45BBF5}\NVNET_DEV0373\4&39414​771&0&00
 Manufacturer: NVIDIA
 Name: NVIDIA nForce Networking Controller
 PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385​B45BBF5}\NVNET_DEV0373\4&39414​771&0&00
 Service: NVENETFD

 Class GUID: {4D36E972-E325-11CE-BFC1-08002​BE10318}
 Description: NVIDIA nForce Networking Controller
 Device ID: {1A3E09BE-1E45-494B-9174-D7385​B45BBF5}\NVNET_DEV0373\4&20F17​3B0&0&00
 Manufacturer: NVIDIA
 Name: NVIDIA nForce Networking Controller #2
 PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385​B45BBF5}\NVNET_DEV0373\4&20F17​3B0&0&00
 Service: NVENETFD


 -- Scheduled Tasks ------------------------------​------------------------------​-

 2008-01-22 23:17:14       330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
 2008-01-16 23:18:03       396 --a------ C:\WINDOWS\Tasks\Maintenance en 1 clic.job


 -- Files created between 2007-12-22 and 2008-01-22 -----------------------------

 2008-01-22 19:57:07         0 d------c- C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Application Data\Turbine
 2008-01-22 19:27:11         0 d-------- C:\Program Files\Turbine
 2008-01-22 14:40:38         0 d------c- C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Application Data\GetRightToGo
 2008-01-22 01:13:58         0 d-------- C:\Program Files\Avira
 2008-01-22 01:13:58         0 d------c- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
 2008-01-21 12:48:39         0 d------c- C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Application Data\Teleca
 2008-01-21 12:38:42         0 d------c- C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Application Data\Sony Ericsson
 2008-01-21 12:38:24         0 d-------- C:\Program Files\Fichiers communs\Sony Ericsson Shared
 2008-01-21 12:38:21         0 d-------- C:\Program Files\Sony Ericsson
 2008-01-21 12:37:28         0 d------c- C:\Documents and Settings\All Users.WINDOWS\Application Data\Teleca
 2008-01-21 12:37:28         0 d------c- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sony Ericsson
 2008-01-20 15:21:04  10399776 --ahs---- C:\WINDOWS\system32\drivers\fi​dbox.dat
 2008-01-20 15:16:30         0 d-------- C:\WINDOWS\system32\ZoneLabs
 2008-01-20 13:04:30         0 d-------- C:\Program Files\AxBx
 2008-01-20 12:05:53         0 dr-h---c- C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Recent
 2008-01-20 11:36:38         0 d-------- C:\WINDOWS\AU_Temp
 2008-01-18 17:59:40         0 d------c- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
 2008-01-18 11:13:01         0 d-------- C:\WINDOWS\system32\VirginMega
 2008-01-17 13:53:40     50688 --a------ C:\WINDOWS\system32\wbhelp2.dl​l <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
 2008-01-17 13:53:40         0 d-------- C:\Program Files\DAP
 2008-01-16 23:17:24         0 d-------- C:\Program Files\TuneUp Utilities 2008
 2008-01-16 22:17:22         0 d------c- C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Application Data\dvdcss
 2008-01-16 14:05:04         0 d------c- C:\Documents and Settings\All Users.WINDOWS\Application Data\Trymedia
 2008-01-16 14:01:34         0 d-------- C:\Program Files\Valusoft
 2008-01-14 14:46:06         0 d-------- C:\Program Files\Trust
 2008-01-09 10:40:02         0 d------c- C:\Documents and Settings\All Users.WINDOWS\Application Data\farstone
 2008-01-09 10:39:13         0 d------c- C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Application Data\FarStone
 2008-01-09 10:36:29     37120 --a------ C:\WINDOWS\system32\drivers\fs​RamDsk.sys
 2008-01-09 10:35:10     81920 --a------ C:\WINDOWS\VPlay801.exe <Not Verified; Far Stone Technology Inc.; CDPLAY Application>
 2008-01-09 10:35:10     14496 --a------ C:\WINDOWS\system32\VDI08X.dat
 2008-01-09 10:34:54         0 d-------- C:\Program Files\FarStone
 2008-01-09 10:30:22     36864 -----n--- C:\WINDOWS\system32\unVHDDrvEx​e.exe
 2008-01-09 10:30:22     53248 -----n--- C:\WINDOWS\system32\RDrvNTInte​rface.dll <Not Verified; ; RDrv2KInterface Dynamic Link Library>
 2008-01-09 10:30:22     28672 -----n--- C:\WINDOWS\system32\RDrvInterf​ace.dll <Not Verified; ; RDrvInterface Dynamic Link Library>
 2008-01-09 10:30:22     32768 -----n--- C:\WINDOWS\system32\RDrv9xInte​rface.dll <Not Verified; ; RDrv9XInterface Dynamic Link Library>
 2008-01-09 10:30:22    102400 -----n--- C:\WINDOWS\system32\RDrv2KInte​rface.dll <Not Verified; ; RDrv2KInterface Dynamic Link Library>
 2008-01-09 10:30:22     36864 -----n--- C:\WINDOWS\system32\inVHDDrvEx​e.exe
 2008-01-09 10:30:22     86016 --a------ C:\WINDOWS\system32\Dversion.d​ll <Not Verified; FarStone; Farstone Dversion>
 2008-01-09 10:30:22    126976 --a------ C:\WINDOWS\system32\DVC.dll <Not Verified; Farstone; Farstone DVC>
 2008-01-09 09:18:46         0 d------c- C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Application Data\LimeWire
 2008-01-06 02:03:13       681 --a------ C:\WINDOWS\mozver.dat
 2008-01-05 12:58:55         0 d------c- C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Application Data\U3
 2007-12-31 13:10:13         0 d------c- C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneUp Software
 2007-12-23 02:06:16         0 d------c- C:\Documents and Settings\All Users.WINDOWS\Application Data\SlySoft
 2007-12-23 02:01:15         0 d-------- C:\Program Files\SlySoft
 2007-12-22 19:06:07         0 d-------- C:\Program Files\Elaborate Bytes
 2007-12-22 13:15:16         0 d-------- C:\Nostale(FR)


 -- Find3M Report ------------------------------​------------------------------​---

 2008-01-22 23:05:09      1724 --a----c- C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Application Data\QuickZip45.ini
 2008-01-22 13:06:32         0 d------c- C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Application Data\uTorrent
 2008-01-22 10:34:44         0 d-------- C:\Program Files\UI Central
 2008-01-21 19:57:59    468072 --a------ C:\WINDOWS\system32\perfh00C.d​at
 2008-01-21 19:57:59     75266 --a------ C:\WINDOWS\system32\perfc00C.d​at
 2008-01-21 19:49:48         0 d-------- C:\Program Files\Fichiers communs
 2008-01-21 13:47:12         0 d------c- C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Application Data\OpenOffice.org2
 2008-01-21 12:39:46         0 d-------- C:\Program Files\Fichiers communs\Teleca Shared
 2008-01-20 15:32:13         0 d-------- C:\Program Files\Goto Software
 2008-01-20 15:19:28      4212 ---h----- C:\WINDOWS\system32\zllictbl.d​at
 2008-01-20 11:37:18   1163344 --a------ C:\WINDOWS\vsapi32.dll <Not Verified; Trend Micro Inc.; VSAPI>
 2008-01-20 11:37:18    267845 --a------ C:\WINDOWS\tsc.exe <Not Verified; Trend Micro Inc.; TrendSystemCleaner>
 2008-01-20 11:37:18     71749 --a------ C:\WINDOWS\hcextoutput.dll
 2008-01-20 11:37:17     86094 --a------ C:\WINDOWS\BPMNT.dll <Not Verified; Trend Micro Inc.; VSAPI>
 2008-01-19 23:52:35     39936 --a------ C:\WINDOWS\system32\NTSpool.ex​e
 2008-01-18 17:57:51         0 d------c- C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Application Data\AdobeUM
 2008-01-18 08:12:57         0 d-------- C:\Program Files\Winamp
 2008-01-16 23:18:40         0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
 2008-01-11 22:51:43         0 d------c- C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Application Data\Adobe
 2008-01-09 10:59:33         0 d-------- C:\Program Files\World of Warcraft
 2008-01-04 12:59:02         0 d-------- C:\Program Files\DivX
 2008-01-04 11:17:48         0 d-------- C:\Program Files\wgm
 2007-12-29 14:45:28         0 d-------- C:\Program Files\uTorrent
 2007-12-17 13:55:25         0 d-------- C:\Program Files\IKEA HomePlanner
 2007-12-11 20:46:02   3596288 --a------ C:\WINDOWS\system32\qt-dx331.d​ll
 2007-12-11 20:44:28    196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
 2007-12-11 20:44:28     81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
 2007-12-11 20:44:18    802816 --a------ C:\WINDOWS\system32\divx_xx11.​dll <Not Verified; DivX, Inc.; DivX?>
 2007-12-11 20:44:18    823296 --a------ C:\WINDOWS\system32\divx_xx0c.​dll <Not Verified; DivX, Inc.; DivX®>
 2007-12-11 20:44:18    823296 --a------ C:\WINDOWS\system32\divx_xx07.​dll <Not Verified; DivX, Inc.; DivX®>
 2007-12-11 20:44:18    682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
 2007-12-11 20:43:44     12288 --a------ C:\WINDOWS\system32\DivXWMPExt​Type.dll
 2007-11-23 18:48:00         0 d-------- C:\Program Files\WowCartographe
 2007-11-08 14:06:58    507904 --a------ C:\WINDOWS\TMUPDATE.DLL <Not Verified; Trend Micro Inc.; ActiveUpdate Module>
 2007-11-08 14:06:57     69689 --a------ C:\WINDOWS\UNZIP.DLL <Not Verified; Trend Micro Inc.; Trend Active Update 1.32>
 2007-11-08 14:06:57    286720 --a------ C:\WINDOWS\PATCH.EXE <Not Verified; Trend Micro Inc.; ActiveUpdate Module>
 2007-10-25 10:26:48     53248 --a------ C:\WINDOWS\bdoscandel.exe


 -- Registry Dump ------------------------------​------------------------------​---

 *Note* empty entries & legit default entries are not shown


 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
 04/10/2007 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

 [HKEY_CURRENT_USER\Software\Mic​rosoft\Internet Explorer\Toolbar\WebBrowser]
 "{EBF2BA02-9094-4C5A-858B-BB19​8F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [04/10/2007 21:06 1135968]

 [-HKEY_CLASSES_ROOT\CLSID\{EBF2​BA02-9094-4C5A-858B-BB198F3D8D​E2}]
 [HKEY_CLASSES_ROOT\WINAMPTB.AOL​ToolBand.1]
 [HKEY_CLASSES_ROOT\TypeLib\{538​CD77C-BFDD-49b0-9562-77419CAB8​9D1}]
 [HKEY_CLASSES_ROOT\WINAMPTB.AOL​ToolBand]

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Run]
 "JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE​.exe" [30/10/2006 13:44]
 "36X Raid Configurer"="C:\WINDOWS\System​32\JMRaidSetup.exe" [16/11/2006 10:05]
 "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe​" [22/01/2007 16:22]
 "SunJavaUpdateSched"="C:\Progr​am Files\Java\jre1.6.0_03\bin\jus​ched.exe" [25/09/2007 00:11]
 "Ai Gear Help"="C:\Program Files\ASUS\AI Gear\GearHelp.exe" [27/07/2006 19:39]
 "WINCINEMAMGR"="C:\Program Files\InterVideo\Common\Bin\Wi​nCinemaMgr.exe" [21/01/2005 01:47]
 "EPSON Stylus Photo RX620 Series"="C:\WINDOWS\System32\s​pool\DRIVERS\W32X86\3\E_FATI9H​E.exe" [20/05/2004 04:00]
 "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Stat​ic\CLIStart.exe" [10/11/2006 11:35]
 "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [15/01/2008 23:54]
 "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 18:20]
 "NeroFilterCheck"="C:\WINDOWS\​system32\NeroCheck.exe" [12/01/2006 14:40]
 "SoundMax"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [13/07/2006 07:12]
 "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [18/12/2006 21:34]
 "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDT​ray.exe" [28/09/2006 20:21]
 "VirtualDrive"="C:\Program Files\FarStone\VirtualDrive\VD​Task.exe" [07/12/2006 15:35]
 "RAMDrive"="C:\Program Files\FarStone\VirtualDrive\VH​D\RDTask.exe" [04/12/2006 15:51]
 "TrustInstaller"="F:\SETUP.EXE​" []
 "LWBMOUSE"="C:\Program Files\Trust\AMI MOUSE 250S WIRELESS OPTICAL\1.0\lwbwheel.exe" [20/04/2001 12:42]
 "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [13/12/2007 19:27]
 "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [20/02/2007 13:06]
 "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [22/01/2008 01:15]

 [HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Run]
 "CTFMON.EXE"="C:\WINDOWS\syste​m32\ctfmon.exe" [20/08/2004 00:09]
 "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 17:24]
 "AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.ex​e" [23/12/2007 00:46]
 "TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" [21/12/2007 15:39]
 "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [31/08/2007 16:46]

 [HKEY_USERS\.default\software\m​icrosoft\windows\currentversio​n\run]
 "DWQueuedReporting"="C:\PROGRA​~1\FICHIE~1\MICROS~1\DW\dwtrig​20.exe" -t

 C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
 InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\Wi​nCinemaMgr.exe [20/10/2007 12:22:50]
 Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 22:05:26]

 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Control\SafeBoot​\Minimal\aawservice]
 @="Service"

 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Control\SafeBoot​\Minimal\vds]
 @="Service"

 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Control\SafeBoot​\Minimal\{533C5B84-EC70-11D2-9​505-00C04F79DEAF}]
 @="Volume shadow copy"

 HKEY_LOCAL_MACHINE\Software\Mi​crosoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
 UxTuneUp


 [HKEY_CURRENT_USER\software\mic​rosoft\windows\currentversion\​explorer\mountpoints2\{9b5e3dd​d-bb5b-11dc-8399-0010c626b8c0}​]
 AutoRun\command- I:\LaunchU3.exe




 -- Hosts ------------------------------​------------------------------​-----------

 127.0.0.1 007guard.com
 127.0.0.1 www.007guard.com
 127.0.0.1 008i.com
 127.0.0.1 008k.com
 127.0.0.1 www.008k.com
 127.0.0.1 00hq.com
 127.0.0.1 www.00hq.com
 127.0.0.1 010402.com
 127.0.0.1 032439.com
 127.0.0.1 www.032439.com

 7837 more entries in hosts file.


 -- End of Deckard's System Scanner: finished at 2008-01-22 23:20:29 ------------

(Publicité)
merillym
Habitué (de 5 000 à 9 999 messages postés)
  1. Posté le 23/01/2008 à 13:31:08  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
:hello:

 1) Relance HijackThis, clique sur « do a system scan only », coche ces lignes puis clique sur "Fix Checked" et referme HijackThis :

 



O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users.WINDOWS\Application Data\Winamp Toolbar\ieToolbar\resources\en​-US\local\search.html




 2) Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.

 

  • Double-clique sur OTMoveIt.exe pour le lancer.
  • Assure toi que la case "Unregister Dll's and Ocx's" soit bien cochée !!!
  • Copie le texte qui se trouve dans l'encadré ci-dessous, et colle le dans le cadre de gauche de OTMoveIt nommé Paste List of Files/Folders to be moved.

 



C:\WINDOWS\system32\NTSpool.ex​e




 

  • Clique sur MoveIt! pour lancer la suppression.
  • Si OTMoveIt propose de redémarrer ton PC, accepte.
  • Lorsque un résultat apparaît dans le cadre Results, clique sur Exit.

 
  • Dans ta future réponse, envoie le rapport de OTMoveIt situé sur C:\_OTMoveIt\MovedFiles.

 3) Refais-moi un dss scan ;)





 

 

rasorbak
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 23/01/2008 à 13:56:08  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
C:\WINDOWS\system32\NTSpool.ex​e moved successfully.
 
 Created on 01/23/2008 13:51:29



 Deckard's System Scanner v20071014.68
 Run by Cédric on 2008-01-23 13:53:47
 Computer is in Normal Mode.
 ------------------------------​------------------------------​--------------------



 -- HijackThis (run as Cédric.exe) ------------------------------​----------------

 Logfile of Trend Micro HijackThis v2.0.2
 Scan saved at 13:53:49, on 23/01/2008
 Platform: Windows XP SP2 (WinNT 5.01.2600)
 MSIE: Internet Explorer v7.00 (7.00.6000.16574)
 Boot mode: Normal

 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\winlogon.e​xe
 C:\WINDOWS\system32\services.e​xe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\Ati2evxx.e​xe
 C:\WINDOWS\system32\svchost.ex​e
 C:\Program Files\Windows Defender\MsMpEng.exe
 C:\WINDOWS\System32\svchost.ex​e
 C:\WINDOWS\system32\Ati2evxx.e​xe
 C:\WINDOWS\system32\ZoneLabs\v​smon.exe
 C:\WINDOWS\Explorer.EXE
 C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
 C:\WINDOWS\system32\spoolsv.ex​e
 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
 C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
 C:\Program Files\NVIDIA Corporation\nTune\nTuneService​.exe
 C:\WINDOWS\System32\svchost.ex​e
 C:\Program Files\Java\jre1.6.0_03\bin\jus​ched.exe
 C:\Program Files\ASUS\AI Gear\GearHelp.exe
 C:\Program Files\InterVideo\Common\Bin\Wi​nCinemaMgr.exe
 C:\Program Files\Winamp\winampa.exe
 C:\Program Files\Windows Defender\MSASCui.exe
 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
 C:\Program Files\Analog Devices\Core\smax4pnp.exe
 C:\Program Files\ATI Technologies\ATI.ACE\Core-Stat​ic\MOM.EXE
 C:\Program Files\FarStone\VirtualDrive\VD​Task.exe
 C:\Program Files\FarStone\VirtualDrive\VH​D\RDTask.exe
 C:\Program Files\Trust\AMI MOUSE 250S WIRELESS OPTICAL\1.0\lwbwheel.exe
 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
 C:\WINDOWS\system32\ctfmon.exe
 C:\Program Files\Messenger\msmsgs.exe
 C:\Program Files\SlySoft\AnyDVD\AnyDVD.ex​e
 C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
 C:\Program Files\ATI Technologies\ATI.ACE\Core-Stat​ic\ccc.exe
 C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
 C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
 C:\Program Files\DAP\DAP.EXE
 C:\Program Files\Internet Explorer\iexplore.exe
 C:\Program Files\TuneUp Utilities 2008\OneClick.exe
 C:\Program Files\TuneUp Utilities 2008\RegistryCleaner.exe
 C:\WINDOWS\System32\TuneUpDefr​agService.exe
 C:\Program Files\Mozilla Firefox\firefox.exe
 C:\WINDOWS\system32\NOTEPAD.EX​E
 C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Bureau\dss.exe
 C:\PROGRA~1\HIJACK~1\CDRIC~1.E​XE

 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Main,Start Page = http://www.aliceadsl.fr/
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Default_Search_U​RL = http://go.microsoft.com/fwlink/?LinkId=54896
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
 R0 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Toolbar,LinksFolderNa​me = Liens
 R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-00902​71D4F88} - C:\Program Files\Yahoo!\Companion\Install​s\cpn1\yt.dll
 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695E​CA05670} - C:\Program Files\Yahoo!\Companion\Install​s\cpn1\yt.dll
 O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC​8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7​942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.​dll
 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF​1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv​.dll
 O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-00902​71D4F88} - C:\Program Files\Yahoo!\Companion\Install​s\cpn1\yt.dll
 O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198​F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
 O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
 O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\System32\JMRaidSetu​p.exe boot
 O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe​" clear
 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jus​ched.exe"
 O4 - HKLM\..\Run: [Ai Gear Help] "C:\Program Files\ASUS\AI Gear\GearHelp.exe"
 O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\Wi​nCinemaMgr.exe"
 O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIV​ERS\W32X86\3\E_FATI9HE.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"
 O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Stat​ic\CLIStart.exe"
 O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
 O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.​exe
 O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
 O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
 O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDT​ray.exe" /s
 O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\VirtualDrive\VD​Task.exe" /AutoRestore
 O4 - HKLM\..\Run: [RAMDrive] "C:\Program Files\FarStone\VirtualDrive\VH​D\RDTask.exe"
 O4 - HKLM\..\Run: [TrustInstaller] F:\SETUP.EXE
 O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Trust\AMI MOUSE 250S WIRELESS OPTICAL\1.0\lwbwheel.exe
 O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
 O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
 O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
 O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.ex​e
 O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
 O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
 O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
 O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
 O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
 O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\Wi​nCinemaMgr.exe
 O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
 O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
 O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
 O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv​.dll
 O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv​.dll
 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-08002​00c9a66} - C:\WINDOWS\bdoscandel.exe
 O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-08002​00c9a66} - C:\WINDOWS\bdoscandel.exe
 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB​36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.​dll
 O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB​36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.​dll
 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba3​8496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba3​8496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O15 - Trusted Zone: http://www.secuser.com
 O16 - DPF: {2C7B74DE-3A9E-4CD3-A8DB-47411​E9680A8} (VirginMega.DML.Interface) - http://alice.vm-wl.com/Telecha [...] nLight.cab
 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4​f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelpe​r.dll
 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730​F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.co [...] oscan8.cab
 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF​33E833C} (WUWebControl Class) - http://www.update.microsoft.co [...] 2877152411
 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA​91D2FC3} (MUWebControl Class) - http://www.update.microsoft.co [...] 2889516078
 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04​F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840 [...] scan53.cab
 O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE5​9B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr [...] Helper.cab
 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
 O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
 O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.e​xe
 O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.e​xe
 O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService​.exe
 O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefr​agService.exe
 O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\v​smon.exe

 --
 End of file - 10666 bytes

 -- Files created between 2007-12-23 and 2008-01-23 -----------------------------

 2008-01-22 19:57:07         0 d------c- C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Application Data\Turbine
 2008-01-22 19:27:11         0 d-------- C:\Program Files\Turbine
 2008-01-22 14:40:38         0 d------c- C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Application Data\GetRightToGo
 2008-01-22 01:13:58         0 d-------- C:\Program Files\Avira
 2008-01-22 01:13:58         0 d------c- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
 2008-01-21 12:48:39         0 d------c- C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Application Data\Teleca
 2008-01-21 12:38:42         0 d------c- C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Application Data\Sony Ericsson
 2008-01-21 12:38:24         0 d-------- C:\Program Files\Fichiers communs\Sony Ericsson Shared
 2008-01-21 12:38:21         0 d-------- C:\Program Files\Sony Ericsson
 2008-01-21 12:37:28         0 d------c- C:\Documents and Settings\All Users.WINDOWS\Application Data\Teleca
 2008-01-21 12:37:28         0 d------c- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sony Ericsson
 2008-01-20 15:21:04  10569760 --ahs---- C:\WINDOWS\system32\drivers\fi​dbox.dat
 2008-01-20 15:16:30         0 d-------- C:\WINDOWS\system32\ZoneLabs
 2008-01-20 13:04:30         0 d-------- C:\Program Files\AxBx
 2008-01-20 12:05:53         0 dr-h---c- C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Recent
 2008-01-20 11:36:38         0 d-------- C:\WINDOWS\AU_Temp
 2008-01-18 17:59:40         0 d------c- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
 2008-01-18 11:13:01         0 d-------- C:\WINDOWS\system32\VirginMega
 2008-01-17 13:53:40     50688 --a------ C:\WINDOWS\system32\wbhelp2.dl​l <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
 2008-01-17 13:53:40         0 d-------- C:\Program Files\DAP
 2008-01-16 23:17:24         0 d-------- C:\Program Files\TuneUp Utilities 2008
 2008-01-16 22:17:22         0 d------c- C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Application Data\dvdcss
 2008-01-16 14:05:04         0 d------c- C:\Documents and Settings\All Users.WINDOWS\Application Data\Trymedia
 2008-01-16 14:01:34         0 d-------- C:\Program Files\Valusoft
 2008-01-14 14:46:06         0 d-------- C:\Program Files\Trust
 2008-01-09 10:40:02         0 d------c- C:\Documents and Settings\All Users.WINDOWS\Application Data\farstone
 2008-01-09 10:39:13         0 d------c- C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Application Data\FarStone
 2008-01-09 10:36:29     37120 --a------ C:\WINDOWS\system32\drivers\fs​RamDsk.sys
 2008-01-09 10:35:10     81920 --a------ C:\WINDOWS\VPlay801.exe <Not Verified; Far Stone Technology Inc.; CDPLAY Application>
 2008-01-09 10:35:10     14496 --a------ C:\WINDOWS\system32\VDI08X.dat
 2008-01-09 10:34:54         0 d-------- C:\Program Files\FarStone
 2008-01-09 10:30:22     36864 -----n--- C:\WINDOWS\system32\unVHDDrvEx​e.exe
 2008-01-09 10:30:22     53248 -----n--- C:\WINDOWS\system32\RDrvNTInte​rface.dll <Not Verified; ; RDrv2KInterface Dynamic Link Library>
 2008-01-09 10:30:22     28672 -----n--- C:\WINDOWS\system32\RDrvInterf​ace.dll <Not Verified; ; RDrvInterface Dynamic Link Library>
 2008-01-09 10:30:22     32768 -----n--- C:\WINDOWS\system32\RDrv9xInte​rface.dll <Not Verified; ; RDrv9XInterface Dynamic Link Library>
 2008-01-09 10:30:22    102400 -----n--- C:\WINDOWS\system32\RDrv2KInte​rface.dll <Not Verified; ; RDrv2KInterface Dynamic Link Library>
 2008-01-09 10:30:22     36864 -----n--- C:\WINDOWS\system32\inVHDDrvEx​e.exe
 2008-01-09 10:30:22     86016 --a------ C:\WINDOWS\system32\Dversion.d​ll <Not Verified; FarStone; Farstone Dversion>
 2008-01-09 10:30:22    126976 --a------ C:\WINDOWS\system32\DVC.dll <Not Verified; Farstone; Farstone DVC>
 2008-01-09 09:18:46         0 d------c- C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Application Data\LimeWire
 2008-01-06 02:03:13       681 --a------ C:\WINDOWS\mozver.dat
 2008-01-05 12:58:55         0 d------c- C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Application Data\U3
 2007-12-31 13:10:13         0 d------c- C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneUp Software
 2007-12-23 02:06:16         0 d------c- C:\Documents and Settings\All Users.WINDOWS\Application Data\SlySoft
 2007-12-23 02:01:15         0 d-------- C:\Program Files\SlySoft


 -- Find3M Report ------------------------------​------------------------------​---

 2008-01-23 13:48:30      1732 --a----c- C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Application Data\QuickZip45.ini
 2008-01-23 13:03:57         0 d-------- C:\Program Files\UI Central
 2008-01-23 12:38:56         0 d-------- C:\Program Files\World of Warcraft
 2008-01-22 13:06:32         0 d------c- C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Application Data\uTorrent
 2008-01-21 19:57:59    468072 --a------ C:\WINDOWS\system32\perfh00C.d​at
 2008-01-21 19:57:59     75266 --a------ C:\WINDOWS\system32\perfc00C.d​at
 2008-01-21 19:49:48         0 d-------- C:\Program Files\Fichiers communs
 2008-01-21 13:47:12         0 d------c- C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Application Data\OpenOffice.org2
 2008-01-21 12:39:46         0 d-------- C:\Program Files\Fichiers communs\Teleca Shared
 2008-01-20 15:32:13         0 d-------- C:\Program Files\Goto Software
 2008-01-20 15:19:28      4212 ---h----- C:\WINDOWS\system32\zllictbl.d​at
 2008-01-20 11:37:18   1163344 --a------ C:\WINDOWS\vsapi32.dll <Not Verified; Trend Micro Inc.; VSAPI>
 2008-01-20 11:37:18    267845 --a------ C:\WINDOWS\tsc.exe <Not Verified; Trend Micro Inc.; TrendSystemCleaner>
 2008-01-20 11:37:18     71749 --a------ C:\WINDOWS\hcextoutput.dll
 2008-01-20 11:37:17     86094 --a------ C:\WINDOWS\BPMNT.dll <Not Verified; Trend Micro Inc.; VSAPI>
 2008-01-18 17:57:51         0 d------c- C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Application Data\AdobeUM
 2008-01-18 08:12:57         0 d-------- C:\Program Files\Winamp
 2008-01-16 23:18:40         0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
 2008-01-11 22:51:43         0 d------c- C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Application Data\Adobe
 2008-01-04 12:59:02         0 d-------- C:\Program Files\DivX
 2008-01-04 11:17:48         0 d-------- C:\Program Files\wgm
 2007-12-29 14:45:28         0 d-------- C:\Program Files\uTorrent
 2007-12-22 19:06:07         0 d-------- C:\Program Files\Elaborate Bytes
 2007-12-17 13:55:25         0 d-------- C:\Program Files\IKEA HomePlanner
 2007-12-11 20:46:02   3596288 --a------ C:\WINDOWS\system32\qt-dx331.d​ll
 2007-12-11 20:44:28    196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
 2007-12-11 20:44:28     81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
 2007-12-11 20:44:18    802816 --a------ C:\WINDOWS\system32\divx_xx11.​dll <Not Verified; DivX, Inc.; DivX?>
 2007-12-11 20:44:18    823296 --a------ C:\WINDOWS\system32\divx_xx0c.​dll <Not Verified; DivX, Inc.; DivX®>
 2007-12-11 20:44:18    823296 --a------ C:\WINDOWS\system32\divx_xx07.​dll <Not Verified; DivX, Inc.; DivX®>
 2007-12-11 20:44:18    682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
 2007-12-11 20:43:44     12288 --a------ C:\WINDOWS\system32\DivXWMPExt​Type.dll
 2007-11-23 18:48:00         0 d-------- C:\Program Files\WowCartographe
 2007-11-08 14:06:58    507904 --a------ C:\WINDOWS\TMUPDATE.DLL <Not Verified; Trend Micro Inc.; ActiveUpdate Module>
 2007-11-08 14:06:57     69689 --a------ C:\WINDOWS\UNZIP.DLL <Not Verified; Trend Micro Inc.; Trend Active Update 1.32>
 2007-11-08 14:06:57    286720 --a------ C:\WINDOWS\PATCH.EXE <Not Verified; Trend Micro Inc.; ActiveUpdate Module>
 2007-10-25 10:26:48     53248 --a------ C:\WINDOWS\bdoscandel.exe


 -- Registry Dump ------------------------------​------------------------------​---

 *Note* empty entries & legit default entries are not shown


 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
 04/10/2007 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

 [HKEY_CURRENT_USER\Software\Mic​rosoft\Internet Explorer\Toolbar\WebBrowser]
 "{EBF2BA02-9094-4C5A-858B-BB19​8F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [04/10/2007 21:06 1135968]

 [-HKEY_CLASSES_ROOT\CLSID\{EBF2​BA02-9094-4C5A-858B-BB198F3D8D​E2}]
 [HKEY_CLASSES_ROOT\WINAMPTB.AOL​ToolBand.1]
 [HKEY_CLASSES_ROOT\TypeLib\{538​CD77C-BFDD-49b0-9562-77419CAB8​9D1}]
 [HKEY_CLASSES_ROOT\WINAMPTB.AOL​ToolBand]

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Run]
 "JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE​.exe" [30/10/2006 13:44]
 "36X Raid Configurer"="C:\WINDOWS\System​32\JMRaidSetup.exe" [16/11/2006 10:05]
 "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe​" [22/01/2007 16:22]
 "SunJavaUpdateSched"="C:\Progr​am Files\Java\jre1.6.0_03\bin\jus​ched.exe" [25/09/2007 00:11]
 "Ai Gear Help"="C:\Program Files\ASUS\AI Gear\GearHelp.exe" [27/07/2006 19:39]
 "WINCINEMAMGR"="C:\Program Files\InterVideo\Common\Bin\Wi​nCinemaMgr.exe" [21/01/2005 01:47]
 "EPSON Stylus Photo RX620 Series"="C:\WINDOWS\System32\s​pool\DRIVERS\W32X86\3\E_FATI9H​E.exe" [20/05/2004 04:00]
 "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Stat​ic\CLIStart.exe" [10/11/2006 11:35]
 "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [15/01/2008 23:54]
 "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 18:20]
 "NeroFilterCheck"="C:\WINDOWS\​system32\NeroCheck.exe" [12/01/2006 14:40]
 "SoundMax"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [13/07/2006 07:12]
 "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [18/12/2006 21:34]
 "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDT​ray.exe" [28/09/2006 20:21]
 "VirtualDrive"="C:\Program Files\FarStone\VirtualDrive\VD​Task.exe" [07/12/2006 15:35]
 "RAMDrive"="C:\Program Files\FarStone\VirtualDrive\VH​D\RDTask.exe" [04/12/2006 15:51]
 "TrustInstaller"="F:\SETUP.EXE​" []
 "LWBMOUSE"="C:\Program Files\Trust\AMI MOUSE 250S WIRELESS OPTICAL\1.0\lwbwheel.exe" [20/04/2001 12:42]
 "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [13/12/2007 19:27]
 "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [20/02/2007 13:06]
 "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [22/01/2008 01:15]

 [HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Run]
 "CTFMON.EXE"="C:\WINDOWS\syste​m32\ctfmon.exe" [20/08/2004 00:09]
 "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 17:24]
 "AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.ex​e" [23/12/2007 00:46]
 "TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" [21/12/2007 15:39]
 "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [31/08/2007 16:46]

 [HKEY_USERS\.default\software\m​icrosoft\windows\currentversio​n\run]
 "DWQueuedReporting"="C:\PROGRA​~1\FICHIE~1\MICROS~1\DW\dwtrig​20.exe" -t

 C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
 InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\Wi​nCinemaMgr.exe [20/10/2007 12:22:50]
 Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 22:05:26]

 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Control\SafeBoot​\Minimal\aawservice]
 @="Service"

 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Control\SafeBoot​\Minimal\vds]
 @="Service"

 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Control\SafeBoot​\Minimal\{533C5B84-EC70-11D2-9​505-00C04F79DEAF}]
 @="Volume shadow copy"

 HKEY_LOCAL_MACHINE\Software\Mi​crosoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
 UxTuneUp


 [HKEY_CURRENT_USER\software\mic​rosoft\windows\currentversion\​explorer\mountpoints2\{9b5e3dd​d-bb5b-11dc-8399-0010c626b8c0}​]
 AutoRun\command- I:\LaunchU3.exe




 -- End of Deckard's System Scanner: finished at 2008-01-23 13:54:19 ------------


merillym
Habitué (de 5 000 à 9 999 messages postés)
  1. Posté le 23/01/2008 à 14:02:41  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
C'est OK tu n'es plus infecté, fais les manipulations suivantes pour finaliser proprement la désinfection ;)

 1)Télécharge ToolsCleaner sur ton bureau.
 http://www.commentcamarche.net [...] nions.php3

 # Clique sur Recherche et laisse le scan agir ...
 # Clique sur Suppression pour finaliser.
 # Tu peux, si tu le souhaites, te servir des Options facultatives.
 # Clique sur Quitter pour obtenir le rapport.
 # Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

 ------------------------------​------

 2) Télécharge et installe Ccleaner :
 http://www.01net.com/telecharg [...] leurs(...)
 -> Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Clique sur l'onglet "Nettoyeur" puis sur "Lancer le Nettoyage".
 -> Ensuite clique sur l'onglet Registre, clique sur "Chercher des erreurs" puis sur "Réparer les erreurs sélectionnées". Il est inutile de faire des sauvegardes des clés. Répète l'opération autant de fois qu'il le faut jusqu'à qu'il ne trouve plus d'erreurs.

 ------------------------------​--------

 3) Désactives ta restauration systeme

 Réactives ta restauration systeme

 Tuto/aide: http://www.libellules.ch/desac [...] ration.php

 ******************************​******************************​********************

 4) Edite ton premier message avec http://forum.telecharger.com/d​ata/units/telecharger/skins/01​net/icon/button_edit.gif et mets [resolu] devant le titre de ton sujet.

 5) Rapporte ton infection pour faire condamner les auteurs sur Malware-Complaints. http://mickael.barroux.free.fr/securite/img/reagir_miniban.g​if
 Pour faire entendre notre voix, nous devons être le plus nombreux possibles, alors rapport ton infection :
 - Voir les règles de Malware-Complaints
 - Enregistre sur le forum à partir du bouton register en haut :
 Si tu as plus de 13 ans, choisir : I Agree to these terms and am over or exactly 13 years of age
 Si tu as moins, clic sur : I Agree to these terms and am under 13 years of age

 Après t'être enregistré, tu as sous forme de liste les types d'infection (Look2Me, Smitfraud, SpywareQuake etc..) : http://www.malwarecomplaints.i [...] 5873f(...)

 Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas quelle infection tu as eu, créé un message dans le sujet "Autres infections" conforme au règle du forum (age, ville, département etc..) : http://www.malwarecomplaints.i [...] m.php?f=10

 a+ et bon surf  :hello:


 Quelques liens intéressants ;)

 http://bibou0007.forumpro.fr/a [...] e-t223.htm
 http://mickael.barroux.free.fr/securite/
 http://mickael.barroux.free.fr [...] ection.php
 http://www.malekal.com/
 http://bibou0007.forumpro.fr/portal.htm

(Publicité)
rasorbak
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 23/01/2008 à 16:02:04  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
-->- Recherche:

 C:\Combofix: trouvé !
 C:\!Killbox: trouvé !
 C:\Vundofix backups: trouvé !
 C:\SmitFraudfix: trouvé !
 C:\Qoobox: trouvé !
 C:\_OtMoveIt: trouvé !
 C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\HijackThis​: trouvé !
 C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\HijackThis​\HijackThis.lnk: trouvé !
 C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Bureau\Dss.exe: trouvé !
 C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Bureau\HijackThis.lnk: trouvé !
 C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Bureau\OtMoveIt.exe: trouvé !
 C:\fixwareout\SUB\Bfu.exe: trouvé !
 C:\Program Files\HijackThis: trouvé !
 C:\Program Files\HijackThis\HijackThis.ex​e: trouvé !
 C:\QooBox\Quarantine\C\Combofi​x: trouvé !
 C:\RECYCLER\S-1-5-21-164552223​9-115176313-839522115-1004\Dc1​\tar.exe: trouvé !
 C:\RECYCLER\S-1-5-21-164552223​9-115176313-839522115-1004\Dc1​\remove.reg: trouvé !
 C:\RECYCLER\S-1-5-21-164552223​9-115176313-839522115-1004\Dc1​\pskill.exe: trouvé !
 C:\RECYCLER\S-1-5-21-164552223​9-115176313-839522115-1004\Dc1​\LFiles.exe: trouvé !
 C:\RECYCLER\S-1-5-21-164552223​9-115176313-839522115-1004\Dc1​\gzip.exe: trouvé !
 C:\RECYCLER\S-1-5-21-164552223​9-115176313-839522115-1004\Dc1​\delsiri.cmd: trouvé !
 C:\RECYCLER\S-1-5-21-164552223​9-115176313-839522115-1004\Dc1​\delr.cmd: trouvé !
 C:\RECYCLER\S-1-5-21-164552223​9-115176313-839522115-1004\Dc1​\del3.cmd: trouvé !
 C:\RECYCLER\S-1-5-21-164552223​9-115176313-839522115-1004\Dc1​\del2.cmd: trouvé !
 C:\RECYCLER\S-1-5-21-164552223​9-115176313-839522115-1004\Dc1​\clean.cmd: trouvé !
 C:\RECYCLER\S-1-5-21-164552223​9-115176313-839522115-1004\Dc1​\cherche.cmd: trouvé !
 C:\RECYCLER\S-1-5-21-164552223​9-115176313-839522115-1004\Dc1​\clean\tar.exe: trouvé !
 C:\RECYCLER\S-1-5-21-164552223​9-115176313-839522115-1004\Dc1​\clean\remove.reg: trouvé !
 C:\RECYCLER\S-1-5-21-164552223​9-115176313-839522115-1004\Dc1​\clean\pskill.exe: trouvé !
 C:\RECYCLER\S-1-5-21-164552223​9-115176313-839522115-1004\Dc1​\clean\LFiles.exe: trouvé !
 C:\RECYCLER\S-1-5-21-164552223​9-115176313-839522115-1004\Dc1​\clean\gzip.exe: trouvé !
 C:\RECYCLER\S-1-5-21-164552223​9-115176313-839522115-1004\Dc1​\clean\delsiri.cmd: trouvé !
 C:\RECYCLER\S-1-5-21-164552223​9-115176313-839522115-1004\Dc1​\clean\delr.cmd: trouvé !
 C:\RECYCLER\S-1-5-21-164552223​9-115176313-839522115-1004\Dc1​\clean\del3.cmd: trouvé !
 C:\RECYCLER\S-1-5-21-164552223​9-115176313-839522115-1004\Dc1​\clean\del2.cmd: trouvé !
 C:\RECYCLER\S-1-5-21-164552223​9-115176313-839522115-1004\Dc1​\clean\clean.cmd: trouvé !
 C:\RECYCLER\S-1-5-21-164552223​9-115176313-839522115-1004\Dc1​\clean\cherche.cmd: trouvé !

 ------------------------------​---
 -->- Suppression:

 C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\HijackThis​\HijackThis.lnk: supprimé !
 C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Bureau\Dss.exe: supprimé !
 C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Bureau\HijackThis.lnk: supprimé !
 C:\Documents and Settings\Cédric.CWIKLINS-BUTMY​1\Bureau\OtMoveIt.exe: supprimé !
 C:\fixwareout\SUB\Bfu.exe: supprimé !
 C:\Program Files\HijackThis\HijackThis.ex​e: supprimé !
 C:\RECYCLER\S-1-5-21-164552223​9-115176313-839522115-1004\Dc1​\tar.exe: supprimé !
 C:\RECYCLER\S-1-5-21-164552223​9-115176313-839522115-1004\Dc1​\remove.reg: supprimé !
 C:\RECYCLER\S-1-5-21-164552223​9-115176313-839522115-1004\Dc1​\pskill.exe: supprimé !
 C:\RECYCLER\S-1-5-21-164552223​9-115176313-839522115-1004\Dc1​\LFiles.exe: supprimé !
 C:\RECYCLER\S-1-5-21-164552223​9-115176313-839522115-1004\Dc1​\gzip.exe: supprimé !
 C:\RECYCLER\S-1-5-21-164552223​9-115176313-839522115-1004\Dc1​\delsiri.cmd: supprimé !
 C:\RECYCLER\S-1-5-21-164552223​9-115176313-839522115-1004\Dc1​\delr.cmd: supprimé !
 C:\RECYCLER\S-1-5-21-164552223​9-115176313-839522115-1004\Dc1​\del3.cmd: supprimé !
 C:\RECYCLER\S-1-5-21-164552223​9-115176313-839522115-1004\Dc1​\del2.cmd: supprimé !
 C:\RECYCLER\S-1-5-21-164552223​9-115176313-839522115-1004\Dc1​\clean.cmd: supprimé !
 C:\RECYCLER\S-1-5-21-164552223​9-115176313-839522115-1004\Dc1​\cherche.cmd: supprimé !
 C:\RECYCLER\S-1-5-21-164552223​9-115176313-839522115-1004\Dc1​\clean\tar.exe: supprimé !
 C:\RECYCLER\S-1-5-21-164552223​9-115176313-839522115-1004\Dc1​\clean\remove.reg: supprimé !
 C:\RECYCLER\S-1-5-21-164552223​9-115176313-839522115-1004\Dc1​\clean\pskill.exe: supprimé !
 C:\RECYCLER\S-1-5-21-164552223​9-115176313-839522115-1004\Dc1​\clean\LFiles.exe: supprimé !
 C:\RECYCLER\S-1-5-21-164552223​9-115176313-839522115-1004\Dc1​\clean\gzip.exe: supprimé !
 C:\RECYCLER\S-1-5-21-164552223​9-115176313-839522115-1004\Dc1​\clean\delsiri.cmd: supprimé !
 C:\RECYCLER\S-1-5-21-164552223​9-115176313-839522115-1004\Dc1​\clean\delr.cmd: supprimé !
 C:\RECYCLER\S-1-5-21-164552223​9-115176313-839522115-1004\Dc1​\clean\del3.cmd: supprimé !
 C:\RECYCLER\S-1-5-21-164552223​9-115176313-839522115-1004\Dc1​\clean\del2.cmd: supprimé !
 C:\RECYCLER\S-1-5-21-164552223​9-115176313-839522115-1004\Dc1​\clean\clean.cmd: supprimé !
 C:\RECYCLER\S-1-5-21-164552223​9-115176313-839522115-1004\Dc1​\clean\cherche.cmd: supprimé !
 C:\Combofix: supprimé !
 C:\!Killbox: supprimé !
 C:\Vundofix backups: supprimé !
 C:\SmitFraudfix: supprimé !
 C:\Qoobox: supprimé !
 C:\_OtMoveIt: supprimé !
 C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\HijackThis​: supprimé !
 C:\Program Files\HijackThis: supprimé !

 Corbeille vidée!
 Fichiers temporaires nettoyés !

 Page :
1

Aller à :
 

Sujets relatifs
Infecté par TratBHO [Trj] [résolu]trojan dans win32 album photo 2007
Infection par Win32:Zlob-ZD[Trj] [ résolu ] probléme avec virus my album 2007
galere redémarage (résolu) virus détecté par ad-aware?
[Résolu] Virus par Hotmail ??? [résolu] Origine des mails ?
je dois couper le courant pour eteindre mon pc [resolu] Virus - pub disk cleaner + accés à 89.188.16.10 [résolu]
Plus de sujets relatifs à : [résolu] Win32:TratBHO [Trj] détécté par AVAST

Les 5 sujets de discussion précédents Nombre de réponses Dernier message
rapport Hijackthis, virus msn 1
Supprimer seekmo 0
critical system error 2
Virus MSN "C'est pas toi ?" 6
(résolu)problème de redirection avec google, envoie daytotal 12