|
|
Auteur
|
Message
|
1
2
3
4
|
|
|
|
C:\Lop SD\Backup-Lop\Reg moved successfully.
C:\Lop SD\Backup-Lop\Hosts moved successfully.
C:\Lop SD\Backup-Lop\F moved successfully.
C:\Lop SD\Backup-Lop\D moved successfully.
C:\Lop SD\Backup-Lop moved successfully.
C:\Lop SD moved successfully.
C:\Documents and Settings\All Users\Application Data\Dupe 4 tick each moved successfully.
C:\WINDOWS\system32\mpvkfuil.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\vgjfqiar.dll
C:\WINDOWS\system32\vgjfqiar.dll NOT unregistered.
C:\WINDOWS\system32\vgjfqiar.dll moved successfully.
File move failed. C:\WINDOWS\system32\hixanwhf.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\bamflatr.exe scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\nsedqbhb.dll
C:\WINDOWS\system32\nsedqbhb.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\nsedqbhb.dll scheduled to be moved on reboot.
File/Folder C:\WINDOWS\system32\vhsqtaso.dll not found.
C:\WINDOWS\tzjxiel.exe moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05102008_180902
Files moved on Reboot...
File move failed. C:\WINDOWS\system32\hixanwhf.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\bamflatr.exe scheduled to be moved on reboot.
LoadLibrary failed for C:\WINDOWS\system32\nsedqbhb.dll
C:\WINDOWS\system32\nsedqbhb.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\nsedqbhb.dll scheduled to be moved on reboot.
|
|
Blablabla !
|
|
|
5 min
|
|
Blablabla !
|
|
|
=> Désactive toutes protections résidentes (UAC, antivirus, parefeu, antispyware, tea timer, etc) N'oublie pas de les réactiver à la fin.
Télécharge ComboFix (de sUBs)
>>> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
=> Sauvegarde le sur ton Bureau.
=> Double-clique sur Combofix.exe et suis les instructions.
=> Tape sur la touche 1 (Yes) pour démarrer le scan.
=> Lorsqu'il aura terminé, un rapport apparaîtra à l'écran (fichier texte).
=> Copie/colle le contenu du rapport dans ta prochaine réponse.
Le rapport est également sauvegardé ici : C:\ComboFix.txt
**Note : Ne clique surtout pas dans la fenêtre de Combofix durant l'analyse, ceci provoquerait le gel du programme.
|
|
|
|
|
Dans mon centre de sécurité,en dessous gérer les parametres de sécurité je n'es plus rien d'indiquer donc je ne peux pas désactiver mon pare feu ect...
Désolée
|
|
Blablabla !
|
|
|
Le bordel ...
Lance Combofix (tant pis pour le pare feu)
|
|
|
|
|
ComboFix 08-05-09.1 - HP_Propriétaire 2008-05-11 20:27:19.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.220 [GMT 2:00]
Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\osatqshv.ini
C:\WINDOWS\system32\ovaxnbnl.ini
C:\WINDOWS\system32\real.txt
C:\WINDOWS\system32\spedrojn.ini
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-11 to 2008-05-11 ))))))))))))))))))))))))))))))))))))
.
2008-05-10 17:46 . 2008-05-10 17:46 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\Nero
2008-05-10 10:28 . 2008-05-10 10:31 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-05-10 10:28 . 2008-05-10 10:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-05-09 21:42 . 2008-05-09 21:51 <REP> d-------- C:\Program Files\AskTBar
2008-05-09 00:18 . 2008-05-09 00:18 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-08 23:57 . 2008-05-08 23:57 <REP> d-------- C:\_OTMoveIt
2008-05-08 23:34 . 2008-05-08 23:34 <REP> d-------- C:\Deckard
2008-05-08 23:12 . 2008-05-08 23:12 <REP> d-------- C:\Program Files\ERUNT
2008-05-08 23:12 . 2008-05-08 23:12 791,393 --a------ C:\erunt-setup.exe
2008-05-08 00:02 . 2005-01-01 17:58 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-05-08 00:02 . 2004-11-24 03:37 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-05-08 00:02 . 2004-11-24 03:37 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-05-08 00:02 . 2005-02-01 10:21 <REP> d-------- C:\Documents and Settings\Administrateur\Modèles
2008-05-08 00:02 . 2004-11-25 05:26 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-05-08 00:02 . 2004-11-25 05:26 <REP> d-------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-05-08 00:02 . 2004-11-25 05:26 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-05-08 00:02 . 2005-01-01 18:03 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-05-08 00:02 . 2005-01-01 18:12 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-05-08 00:02 . 2005-01-01 18:02 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SampleView
2008-05-08 00:02 . 2005-01-01 17:55 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Intervideo
2008-05-08 00:02 . 2005-01-01 17:58 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Apple Computer
2008-05-08 00:02 . 2008-05-08 11:26 <REP> d-------- C:\Documents and Settings\Administrateur
2008-05-08 00:02 . 2008-05-11 20:08 1,024 --ah----- C:\Documents and Settings\Administrateur\ntuser.dat.LOG
2008-05-07 23:53 . 2008-05-07 23:53 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\Malwarebytes
2008-05-07 23:52 . 2008-05-08 22:46 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-07 23:52 . 2008-05-07 23:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-07 23:52 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-07 23:52 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-07 23:39 . 2008-05-07 23:39 <REP> d-------- C:\Program Files\CCleaner
2008-05-07 22:31 . 2008-05-07 22:31 4,392 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-07 22:29 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-07 22:29 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-07 22:29 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-07 22:29 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-07 22:29 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-07 22:29 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-07 22:29 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-07 22:29 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-07 22:14 . 2008-05-07 22:14 <REP> d-------- C:\Program Files\Trend Micro
2008-05-07 21:11 . 2008-05-07 21:11 2,112 --a------ C:\WINDOWS\system32\hixanwhf.exe
2008-05-06 20:35 . 2008-05-06 20:35 2,112 --a------ C:\WINDOWS\system32\bamflatr.exe
2008-05-06 20:26 . 2008-05-07 22:12 109,863 --a------ C:\WINDOWS\BM3b22a86d.xml
2008-05-06 20:26 . 2008-05-06 20:26 104,512 --a------ C:\WINDOWS\system32\nsedqbhb.dll
2008-04-27 15:40 . 2008-04-27 15:40 <REP> d-------- C:\Program Files\LucasArts
2008-04-15 15:08 . 2008-04-27 15:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-15 15:08 . 2008-04-15 15:08 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-10 08:28 --------- d-----w C:\Program Files\Nero
2008-05-05 11:10 --------- d-----w C:\Program Files\TvAnts
2008-05-05 11:10 --------- d-----w C:\Program Files\SopCast
2008-05-05 11:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-05 11:08 --------- d-----w C:\Program Files\LimeWire
2008-04-23 13:50 --------- d-----w C:\Program Files\Steam
2008-04-19 14:01 --------- d-----w C:\Program Files\TrackMania Nations ESWC
2008-04-02 18:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\muvee Technologies
2008-03-29 12:13 --------- d-----w C:\Program Files\Cyanide
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-18 15:37 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-16 09:32 670,208 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-16 09:32 670,208 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2008-02-16 09:32 620,544 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2008-02-16 09:32 474,624 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2008-02-16 09:32 1,499,648 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-02-15 09:07 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2006-10-31 12:45 0 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\wklnhst.dat
.
------- Sigcheck -------
2004-08-05 20:00 14336 1bd6c2f707a275cb7c16fd99fe0f31ca C:\WINDOWS\system32\svchost.exe
2004-08-05 20:00 14336 1bd6c2f707a275cb7c16fd99fe0f31ca C:\WINDOWS\system32\dllcache\svchost.exe
2004-08-05 20:00 82944 bc41f51a39d3b255805fdb759b7814ae C:\WINDOWS\system32\ws2_32.dll
2004-08-05 20:00 82944 bc41f51a39d3b255805fdb759b7814ae C:\WINDOWS\system32\dllcache\ws2_32.dll
2004-08-05 20:00 506368 d2de785aeab0bb8ca4c14a8a199dbe4e C:\WINDOWS\system32\winlogon.exe
2004-08-05 20:00 506368 d2de785aeab0bb8ca4c14a8a199dbe4e C:\WINDOWS\system32\dllcache\winlogon.exe
2004-08-05 20:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys
2004-08-05 20:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2004-08-05 20:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\dllcache\ip6fw.sys
2004-08-05 20:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
2007-06-13 15:22 1078482 351e24552dd6b9d5a04fdd1d3c6a47e8 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-05 20:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:22 1078482 351e24552dd6b9d5a04fdd1d3c6a47e8 C:\WINDOWS\system32\dllcache\explorer.exe
2004-08-05 20:00 108544 732e0b1abaace15d80ec19056b0a2af9 C:\WINDOWS\system32\services.exe
2004-08-05 20:00 108544 732e0b1abaace15d80ec19056b0a2af9 C:\WINDOWS\system32\dllcache\services.exe
2004-08-05 20:00 13312 9f3744a5c6f49291a7a685040a013399 C:\WINDOWS\system32\lsass.exe
2004-08-05 20:00 13312 9f3744a5c6f49291a7a685040a013399 C:\WINDOWS\system32\dllcache\lsass.exe
2004-08-05 20:00 15360 5584247b568c2e53934873f4b655fe6a C:\WINDOWS\system32\ctfmon.exe
2004-08-05 20:00 15360 5584247b568c2e53934873f4b655fe6a C:\WINDOWS\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-05-11_20.18.30.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 10:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\AutoBackup\2008-05-11\ERDNT.EXE
+ 2008-05-11 18:16:48 3,264,512 ----a-w C:\WINDOWS\ERDNT\AutoBackup\2008-05-11\Users\00000001\NTUSER.DAT
+ 2008-05-11 18:16:49 151,552 ----a-w C:\WINDOWS\ERDNT\AutoBackup\2008-05-11\Users\00000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-15 22:50 67128]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-03 19:08 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 20:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03 36975]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04 52736]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 08:35 49152]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-03 01:44 61440]
"Home Theater SchSvr"="C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe" [2005-07-18 20:12 106496]
"WINREMOTE"="C:\Program Files\InterVideo\Common\Bin\WinRemote.exe" [2005-07-18 19:05 262144]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-05-05 01:21 278528]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 22:43 233472]
"PCDrProfiler"="" []
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 22:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-26 00:17 90112]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-11 02:50 253952]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 02:23 663552]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 07:12 49152]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52 221184]
"vptray"="C:\Program Files\NavNT\vptray.exe" [2001-09-26 18:06 73728]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57 282624]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 13:31 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 13:24 217088]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43 8466432]
"nwiz"="nwiz.exe" [2007-06-29 00:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43 81920]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53 88024]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]
C:\Documents and Settings\HP_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08 38912]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 07:23:26 282624]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 08:05:26 29696]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-15 22:50:45 67128]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2005-10-29 12:42:33 118784]
Sagem - Utilitaire r‚seau pour Cl‚ USB Wi-Fi 802.11g.lnk - C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe [2005-10-28 18:45:26 679936]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\WINDOWS\\system32\\javaw.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"C:\\Program Files\\Steam\\SteamApps\\titans56\\condition zero\\hl.exe"=
"C:\\Program Files\\TvAnts\\Tvants.exe"=
"C:\\Program Files\\Steam\\SteamApps\\titans56\\counter-strike\\hl.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Cyanide\\Pro Cycling Manager 2007\\PCM.exe"=
R0 pe3akt6c;Cycling Manager 2007 Environment Driver (pe3akt6c);C:\WINDOWS\system32\drivers\pe3akt6c.sys [2007-07-05 17:03]
R0 pf2akt6c;Cycling Manager 2007 File System Driver (pf2akt6c);C:\WINDOWS\system32\drivers\pf2akt6c.sys [2007-07-05 17:02]
R0 ps6akt6c;Cycling Manager 2007 Synchronization Driver (ps6akt6c);C:\WINDOWS\system32\drivers\ps6akt6c.sys [2007-08-02 15:26]
R0 ps7akt6c;Cycling Manager 2007 Synchronization Driver (ps7akt6c);C:\WINDOWS\system32\drivers\ps7akt6c.sys [2007-09-28 12:05]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 14:46]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-07-27 23:42]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
R3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-09-02 23:18]
S2 pr2akt6c;Cycling Manager 2007 Drivers Auto Removal (pr2akt6c);C:\WINDOWS\system32\pr2akt6c.exe svc []
S3 ewdmaudn;ewdmaudn;C:\DOCUME~1\RGIS~1\LOCALS~1\Temp\ewdmaudn.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-09 09:46:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2005-12-27 16:43:01 C:\WINDOWS\Tasks\Connexion facile à Internet.job"
- C:\Program Files\Easy Internet signup\HPSdpApp.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-11 20:28:52
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\NavLogon.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
.
Temps d'accomplissement: 2008-05-11 20:29:39
ComboFix-quarantined-files.txt 2008-05-11 18:29:31
Pre-Run: 73,555,701,760 octets libres
Post-Run: 73,543,532,544 octets libres
242 --- E O F --- 2008-04-13 21:21:21
|
|
Blablabla !
|
|
|
J'aimerais vérifier quelque chose
Télécharge ELIBAGLA en bas de cette page >>>http://www.zonavirus.com/datos/descargas/95/elibagla.asp
- Double-clique sur le fichier Elibagla.exe
- Assure-toi que le bouton "Eliminar Ficheros Automaticamente" soit coché.
- Vérifie que C:\ soit sélectionné dans Unidad (ou la partition contenant ton OS).
- Clique sur le bouton Explorar.
Une aide à regarder
>>> http://www.malekal.com/W32.Beagle.KF_Trojan.Tooso.R.php
Poste moi le rapport d'ELIBAGLA (C:\infoSat.txt)
|
|
|
|
|
Mon May 12 11:12:48 2008
EliBagle v11.33 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Mon May 12 11:13:13 2008
EliBagle v11.33 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Nº Total de Directorios: 6949
Nº Total de Ficheros: 95814
Nº de Ficheros Analizados: 11082
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
|
|
Blablabla !
|
|
|
J'ai peut être trouvé le coupable, mais c'est bizarre.
Télécharge SDFix (de AndyManchesta)sur le bureau
>>> http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Redémarre en mode sans échec (méthode F8 de préférence)
>>> http://bibou0007.com/astuces-windows-f80/demarrer-en-mode-sans-echec-avec-xp-(...)
Lance Runthis.bat dans le dossier SDFIX
=> appuie sur Y et valide. Laisse tourner.
=> quand on te le demandera, appuie sur une touche pour redémarrer le pc.
=> le démarrage sera plus long que d'habitude, ne t'inquiète pas
=> poste le rapport dans ta prochaine réponse s'il te plait.
Une aide à l'utilisation
>>> http://bibou0007.com/outils-specifiques-f78/tutorial-sdfix-t1294.htm
|
|
|
|
|
SDFix: Version 1.182
Run by HP_Propri‚taire on 12/05/2008 at 13:33
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 13:42:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:a3,c6,37,6b,de,b7,1f,b0,45,02,c6,be,80,7e,62,57,35,a6,ae,50,29,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,31,9e,28,42,7e,3e,69,ee,11,47,73,4f,6f,40,1b,77,97,..
"khjeh"=hex:3a,02,b0,aa,97,d2,06,97,80,f5,1d,e1,bb,c9,d5,47,db,d0,e1,5d,c2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:89,71,d2,d3,c0,2c,0a,d6,63,5a,4b,9e,dd,c4,c4,f7,8b,35,d5,0c,45,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:a3,c6,37,6b,de,b7,1f,b0,45,02,c6,be,80,7e,62,57,35,a6,ae,50,29,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,31,9e,28,42,7e,3e,69,ee,11,47,73,4f,6f,40,1b,77,97,..
"khjeh"=hex:3a,02,b0,aa,97,d2,06,97,80,f5,1d,e1,bb,c9,d5,47,db,d0,e1,5d,c2,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:89,71,d2,d3,c0,2c,0a,d6,63,5a,4b,9e,dd,c4,c4,f7,8b,35,d5,0c,45,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe:*:Disabled:HP Software Update Client"
"C:\\WINDOWS\\system32\\javaw.exe"="C:\\WINDOWS\\system32\\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"="C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\\Program Files\\Steam\\SteamApps\\titans56\\condition zero\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\titans56\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\TvAnts\\Tvants.exe"="C:\\Program Files\\TvAnts\\Tvants.exe:*:Enabled:Tvants"
"C:\\Program Files\\Steam\\SteamApps\\titans56\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\SteamApps\\titans56\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:Partage de l'application RTC"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Cyanide\\Pro Cycling Manager 2007\\PCM.exe"="C:\\Program Files\\Cyanide\\Pro Cycling Manager 2007\\PCM.exe:*:Enabled:Pro Cycling Manager 2007"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Fri 28 Oct 2005 218 A.SHR --- "C:\BOOT.BAK"
Thu 14 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Sun 13 Jan 2008 6,219,320 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Mon 17 Sep 2007 9 A..H. --- "C:\WINDOWS\system32\wxmmin.dll"
Mon 31 Oct 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 25 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp"
Tue 6 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT3.tmp"
Mon 11 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\336345d1ca53c65c2eed95f3029e3fd2\BIT794.tmp"
Finished!
|
|
Blablabla !
|
|
|
Bon ...
menu démarrer => exécuter... => tape notepad et valide
Le bloc note s'ouvre
Copie ce qui suit dans le bloc note
attrib -a -s -r C:\WINDOWS\system32\nsedqbhb.dll
attrib -a -s -r C:\WINDOWS\system32\hixanwhf.exe
attrib -a -s -r C:\WINDOWS\system32\bamflatr.exe
del C:\WINDOWS\system32\nsedqbhb.dll
del C:\WINDOWS\system32\hixanwhf.exe
del C:\WINDOWS\system32\bamflatr.exe
del C:\WINDOWS\BM3b22a86d.xml
del C:\WINDOWS\QTFont.qfn
del C:\WINDOWS\QTFont.for
Enregistre le bloc note sous le nom fix.bat (sur le bureau).
(L'icône doit ressembler à un mécanisme)
Double clique sur fix.bat
Une fenêtre va apparaitre rapidement puis disparaitre.
Poste moi un nouveau rapport DSS s'il te plait.
-->Message édité par Accass le 12/05/2008 14:18:08<--
|
|
|
|
|
Salut Accass,
Deckard's System Scanner v20071014.68
Run by HP_Propriétaire on 2008-05-12 20:18:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Total Physical Memory: 511 MiB (512 MiB recommended).
-- HijackThis (run as HP_Propriétaire.exe) -------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:18:35, on 12/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_PRO~1.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.1/ServicesAcces.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5DDCC37F-7C6B-48B8-9664-97C537920CA0} (aecviz Class) - http://www.maisonfamiliale.com/AECVIZ/npaecviz.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Cycling Manager 2007 Drivers Auto Removal (pr2akt6c) (pr2akt6c) - Cyanide - C:\WINDOWS\system32\pr2akt6c.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
--
End of file - 13165 bytes
-- Files created between 2008-04-12 and 2008-05-12 -----------------------------
2008-05-12 13:27:35 0 d-------- C:\WINDOWS\ERUNT
2008-05-11 20:07:58 68096 --a------ C:\WINDOWS\zip.exe
2008-05-11 20:07:58 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-11 20:07:58 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-11 20:07:58 98816 --a------ C:\WINDOWS\sed.exe
2008-05-11 20:07:58 80412 --a------ C:\WINDOWS\grep.exe
2008-05-11 20:07:58 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-11 20:07:57 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-11 20:07:57 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-10 17:46:39 0 d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\Nero
2008-05-10 10:28:46 0 d-------- C:\Program Files\Fichiers communs\Nero
2008-05-10 10:28:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-05-09 21:42:45 0 d-------- C:\Program Files\AskTBar
2008-05-09 00:18:02 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-08 23:12:20 791393 --a------ C:\erunt-setup.exe <ERUNT-~1.EXE> <Not Verified; Lars Hederer; >
2008-05-08 00:02:31 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Identities
2008-05-08 00:02:31 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Apple Computer
2008-05-08 00:02:30 0 d-------- C:\Documents and Settings\Administrateur\Favoris
2008-05-08 00:02:30 0 d---s---- C:\Documents and Settings\Administrateur\Cookies
2008-05-08 00:02:30 0 d-------- C:\Documents and Settings\Administrateur\Bureau
2008-05-08 00:02:30 0 d-------- C:\Documents and Settings\Administrateur\Application Data
2008-05-08 00:02:30 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-05-08 00:02:30 0 d-------- C:\Documents and Settings\Administrateur\Application Data\SampleView
2008-05-08 00:02:30 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Microsoft
2008-05-08 00:02:30 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Intervideo
2008-05-08 00:02:29 0 d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-05-08 00:02:29 0 d-------- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-05-08 00:02:29 0 d-------- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-05-08 00:02:29 0 d-------- C:\Documents and Settings\Administrateur\SendTo
2008-05-08 00:02:29 0 d-------- C:\Documents and Settings\Administrateur\Recent
2008-05-08 00:02:29 0 d-------- C:\Documents and Settings\Administrateur\Modèles
2008-05-08 00:02:29 0 d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-05-08 00:02:29 0 d-------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-05-08 00:02:29 0 d--h----- C:\Documents and Settings\Administrateur\Local Settings
2008-05-08 00:02:27 786432 --ah----- C:\Documents and Settings\Administrateur\NTUSER.DAT
2008-05-07 23:53:06 0 d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\Malwarebytes
2008-05-07 23:52:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-07 23:52:53 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-07 23:51:01 0 dr-h----- C:\Documents and Settings\HP_Propriétaire\Recent
2008-05-07 23:39:51 0 d-------- C:\Program Files\CCleaner
2008-05-07 22:31:52 4392 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-07 22:29:40 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-07 22:29:40 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-07 22:29:40 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-07 22:29:40 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-07 22:29:39 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-05-07 22:29:39 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-05-07 22:29:39 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-05-07 22:29:39 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-07 22:14:06 0 d-------- C:\Program Files\Trend Micro
2008-05-07 21:38:59 0 d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\Help
2008-04-27 15:40:31 0 d-------- C:\Program Files\LucasArts
-- Find3M Report ---------------------------------------------------------------
2008-05-10 10:28:46 0 d-------- C:\Program Files\Nero
2008-05-10 10:28:46 0 d-------- C:\Program Files\Fichiers communs
2008-05-05 13:10:42 0 d-------- C:\Program Files\SopCast
2008-05-05 13:10:02 0 d-------- C:\Program Files\TvAnts
2008-05-05 13:08:40 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-05 13:08:11 0 d-------- C:\Program Files\LimeWire
2008-04-23 15:50:57 0 d-------- C:\Program Files\Steam
2008-04-19 16:01:55 0 d-------- C:\Program Files\TrackMania Nations ESWC
2008-04-13 23:20:12 476284 --a------ C:\WINDOWS\system32\perfh00C.dat
2008-04-13 23:20:12 78148 --a------ C:\WINDOWS\system32\perfc00C.dat
2008-03-29 14:13:37 0 d-------- C:\Program Files\Cyanide
2008-03-18 17:37:11 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-03-11 19:33:19 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [10/11/2005 14:03]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [07/05/1998 18:04]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [02/06/2005 08:35]
"KBD"="C:\HP\KBD\KBD.EXE" [03/02/2005 01:44]
"Home Theater SchSvr"="C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe" [18/07/2005 20:12]
"WINREMOTE"="C:\Program Files\InterVideo\Common\Bin\WinRemote.exe" [18/07/2005 19:05]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [05/05/2005 01:21]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [14/04/2004 22:43]
"PCDrProfiler"="" []
"AlcxMonitor"="ALCXMNTR.EXE" [07/09/2004 22:47 C:\WINDOWS\ALCXMNTR.EXE]
"PS2"="C:\WINDOWS\system32\ps2.exe" [26/10/2004 00:17]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [11/05/2005 02:50]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [14/12/2004 02:23]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [12/05/2005 07:12]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [08/10/2004 11:52]
"vptray"="C:\Program Files\NavNT\vptray.exe" [26/09/2001 18:06]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/09/2006 16:57]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [08/10/2004 13:31]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [08/10/2004 13:24]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [29/06/2007 00:43]
"nwiz"="nwiz.exe" [29/06/2007 00:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [29/06/2007 00:43]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [08/08/2007 15:53]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [01/03/2007 15:57]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [20/09/2007 09:51]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [15/02/2007 22:50]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [03/08/2007 19:08]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [05/08/2004 20:00]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 12:34]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
C:\Documents and Settings\HP_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [20/10/2005 12:04:08]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [12/05/2005 07:23:26]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [24/09/2005 08:05:26]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [15/02/2007 22:50:45]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [29/10/2005 12:42:33]
Sagem - Utilitaire r‚seau pour Cl‚ USB Wi-Fi 802.11g.lnk - C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe [28/10/2005 18:45:26]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
-- End of Deckard's System Scanner: finished at 2008-05-12 20:19:08 ------------
|
|
Blablabla !
|
|
|
yes !! à confirmer
Télécharge Clean (de Malekal) sur le bureau.
>>> http://www.malekal.com/download/clean.zip
Tutorial Clean
>>> http://bibou0007.com/outils-specifiques-f78/tutorial-clean-t1007.htm
=> Choisis l'option 1. recherche de fichiers infectieux en appuyant sur la touche 1 de ton clavier, et valide.
/!\ne tape pas 2 sans notre avis/accord/!\.
Copie le contenu du rapport et colle le ici dans ta prochaine réponse.
|
|
|
|
|
12/05/2008 a 21:53:25,39
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
C:\WINDOWS\ALCXMNTR.EXE FOUND
*** Recherche des fichiers dans C:\WINDOWS\system32
*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\AskTBar\" FOUND
*** Fin du rapport !
|
|
Blablabla !
|
|
|
Re 
C'est ici que tu vas te séparer de deux de tes logiciels :
- désinstalle Ad aware 2007. Pourquoi ? parce qu'il est devenu obsolète. Il ne fait que consommer de la mémoire.
- désinstalle Norton. Tu l'as eu gratuitement et il fait désormais partie du trio d'antivirus à éviter (Norton + avast! + McAfee)
Pour désinstaller Norton, utilise ce logiciel :
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/2005041(...)
----------------------
Télécharge et installe Antivir
>>> http://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches(...)
Prends la version gratuite : Antivir Edition Classic
Une aide ici
>>> http://bibou0007.com/antivirus-avec-protection-en-temps-reel-f89/avira-antivi(...)
=> Après installation, mets le à jour (clic droit sur l'icône Antivir dans la barre des tâches en bas à droite de l'écran, sélectionne Start Update).
=> Si le pare-feu lance une alerte, accepte la connexion.
=> Assure toi qu'Antivir est bien à jour (clic droit sur l'icône Antivir dans la barre des tâches en bas à droite de l'écran, => sélectionne Start Antivir et vérifie la date de Last update qui doit correspondre à aujourd'hui).
----------------------
Redémarre l'ordinateur en mode sans échec.Méthode F8 de préférence
>>> http://bibou0007.com/astuces-windows-f80/demarrer-en-mode-sans-echec-avec-xp-(...)
Relance Clean.cmd
=> Dans le menu, choisis l'option 2 et valide.
Laisse toi guider.
Enregistre le rapport (il se trouve aussi à la racine du disque dur C:\rapport_clean.txt)
Poste le dans ta prochaine réponse.
Toujours en mode sans échec :
Lance Antivir
=> Clique sur l'onglet Local Protection.
=> Sélectionne Manual Sélection sur le disque local C:.
=> Lance le scan et mettre en quarantaine tous les éléments détectés
=> Une fois le scan terminé, enregistre le rapport sur le bureau.
----------------------
Redémarre normalement le pc et poste le contenu du rapport Antivir + Clean dans ta prochaine réponse.
Bonne soirée
-->Message édité par Accass le 12/05/2008 22:27:06<--
|
|
|
|
|
C'est un bon antivirus celui que tu me conseilles?
Combien de temps pourrais-je l'avoir?
Merci de tes conseils et de tes réponses clairs et précises.
|
|
Blablabla !
|
|
|
Antivir est actuellement l'antivirus gratuit le plus réactif.
Tu peux si tu le souhaites consulter ces sujets :
http://bibou0007.com/aide-a-la-desinfection-f8/mise-en-garde-actualite-t920.h(...)
http://bibou0007.com/aide-a-la-desinfection-f8/avast-ou-antivir-lequel-et-pou(...)
http://forum.telecharger.01net.com/telecharger/securite_virus_et_assimiles/_a(...)
Le seul truc qu'on pourrait lui reprocher, c'est qu'il est en anglais.
Tu pourras l'avoir jusqu'à ce que tu veuilles en changer
Bonne nuit
|
|
|
|
|
Salut Accass,
Le logiciel de désinstallation de Norton m'indique de le faire manuellement,mais quand je le fais dans Ajout/suppression de programmes norton me dit "Erreur irrécupérable lors de l'installation"
|
|
Blablabla !
|
| |
