Aller au contenu

Delf

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    69

  • Inscription

  • Dernière visite

Tout ce qui a été posté par Delf

  1. Delf
    Pour ma version de XP effectivement c'est une "illégale", j'ai appelé le collègue qui m'a vendu l'ordi. Comment je peux faire? Voici le rapport demandé : SystemLook 04.09.10 by jpshortstuff Log created at 19:12 on 05/01/2011 by Administrateur Administrator - Elevation successful ========== filefind ========== Searching for "*tcpip.sys* " C:\WINDOWS\system32\drivers\tcpip.sys ------- 360576 bytes [10:10 11/02/2007] [10:10 11/02/2007] C7BE59B07C6EB74BEA6FD67C1B164015 Searching for "*usp10.dll* " C:\Program Files\Microsoft Office\Office12\USP10.DLL --a---- 503296 bytes [17:51 13/10/2006] [17:51 13/10/2006] CD75EF76BEE2A96599E51F1D4DEFEB09 C:\WINDOWS\system32\usp10.dll ------- 502784 bytes [10:03 11/02/2007] [10:03 11/02/2007] 456FB859236C9074ACF6C3B6243D8B46 Searching for "*wscntfy.exe*" No files found. -= EOF =-
  2. Delf
    Bonjour, Merci vraiment pour ton aide Peux-tu m'expliquer ce qu'est un rogue? Concernant les MàJ de mon XP, je n'ai pas le CD d'installation, j'ai racheté la machine d'un collègue et je crains que... voici le rapport combo : ComboFix 11-01-04.04 - Administrateur 05/01/2011 12:56:33.1.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2047.1584 [GMT 1:00] Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe . ADS - WINDOWS: deleted 72 bytes in 1 streams. ((((((((((((((((((((((((((((( Fichiers créés du 2010-12-05 au 2011-01-05 )))))))))))))))))))))))))))))))))))) . 2011-01-04 07:57 . 2011-01-04 18:30 -------- d-----w- c:\documents and settings\Administrateur\Application Data\39805 2010-12-29 18:21 . 2009-11-12 16:49 415072 ----a-w- c:\windows\system32\Leadtools.Windows.Media.Effects.dll 2010-12-29 18:19 . 2011-01-01 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\albumphoto 2010-12-28 20:22 . 2010-12-28 20:22 -------- d-----w- c:\program files\Fujifilm 2010-12-22 19:36 . 1994-09-21 00:00 12800 ----a-w- c:\windows\system32\WING32.DLL 2010-12-22 19:34 . 1996-10-15 17:01 298496 ----a-w- c:\windows\uninst.exe 2010-12-22 19:34 . 2010-12-22 19:34 -------- d-----w- c:\documents and settings\Administrateur\WINDOWS 2010-12-22 05:05 . 2010-12-22 05:05 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Temp 2010-12-20 08:05 . 2010-12-20 08:05 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2010-12-20 08:00 . 2010-12-20 08:00 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2010-12-20 07:59 . 2010-12-21 08:05 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Google 2010-12-20 07:59 . 2010-12-20 07:59 -------- d-----w- c:\program files\Google . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-20 17:09 . 2009-02-17 20:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-20 17:08 . 2009-02-17 20:16 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-05-17 16:00 . 2009-02-17 17:10 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2009-05-17 16:00 . 2009-02-17 17:10 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2009-05-17 16:00 . 2009-02-17 17:10 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2009-05-17 16:00 . 2009-02-17 17:10 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2009-05-17 16:00 . 2009-02-17 17:10 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll . ------- Sigcheck ------- [-] 2007-02-11 . C7BE59B07C6EB74BEA6FD67C1B164015 . 360576 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys [-] 2007-02-11 . 456FB859236C9074ACF6C3B6243D8B46 . 502784 . . [1.0626.6000.16386] . . c:\windows\system32\usp10.dll c:\windows\System32\wscntfy.exe ... manque !! . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-06-24 247144] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-20 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools"="%ProgramFiles%\DAEMON Tools\daemon.exe -lang 1033" [X] "NokiaMServer"="c:\program files\Fichiers communs\Nokia\MPlatform\NokiaMServer" [X] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-09-08 277296] "VX1000"="c:\windows\vVX1000.exe" [2006-07-26 700416] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-02-21 1800464] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2010-09-08 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-17 421160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2007-02-11 123904] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] Nokia Ovi Suite.lnk - e:\program files\Nokia\Ovi\Suite\RunLauncher.exe [2008-7-25 951600] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\guard32.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "e:\\Program Files\\EMULE\\eMule\\emule.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "e:\\jeux dede\\the settlers batisseurs d empire\\base\\bin\\Settlers6.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [17/02/2009 18:49 16640] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17/02/2009 17:58 646392] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [19/02/2009 18:38 134344] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [09/12/2009 19:43 108289] R2 EFUploadSrv;ExtraFilm upload service;e:\logiciel\Extrafilm\Extrafilm Designer FR\EFUploadSrv.exe [09/07/2009 13:27 1716224] R2 nxsIO32;NextSensor Kernel I/O Driver;c:\windows\system32\drivers\nxsIO32.sys [26/01/2010 12:20 2208] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24/06/2010 15:41 92008] S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20/12/2010 09:00 136176] . Contenu du dossier 'Tâches planifiées' 2010-12-31 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2011-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-20 07:59] 2011-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-20 07:59] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html DPF: {3CA45906-EF10-4E4E-9BE4-B444D220FCB0} - hxxp://ua.foto.com/ImageUploader6.cab DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.leaderphoto.com/uploaders/aurigma_6_5_1_0/ImageUploader6.cab FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe HKCU-Run-AntiVirus System 2011 - c:\documents and settings\Administrateur\Application Data\AntiVirus System 2011\AntiVirus_System_2011.exe HKLM-Run-Easy PDF Creator - e:\logiciel\PDF CREATOR\Easy PDF Creator\EasyPDFCreator.exe HKLM-Run-PDFPrint - e:\logiciel\PDF Creator\pdf24\pdf24.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-01-05 13:00 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwClose, ZwOpenFile Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(740) c:\windows\system32\guard32.dll - - - - - - - > 'lsass.exe'(796) c:\windows\system32\guard32.dll - - - - - - - > 'explorer.exe'(2972) c:\windows\system32\msi.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . Heure de fin: 2011-01-05 13:01:45 ComboFix-quarantined-files.txt 2011-01-05 12:01 Avant-CF: 45 682 053 120 octets libres Après-CF: 50 564 358 144 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect - - End Of File - - C288B934CEE36D9676312126FF9D42D0 Que dois-je faire maintenant? Delphine
  3. Delf
    Bonsoir Lance, Tout d'abord merci beaucoup pour ton aide, ça me "sauve" et me rassure car je n'y comprends rien (comme la majorité des gens). Voilà les 2 rapports : Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Version de la base de données: 5458 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.11 04/01/2011 19:30:14 mbam-log-2011-01-04 (19-30-14).txt Type d'examen: Examen rapide Elément(s) analysé(s): 148788 Temps écoulé: 10 minute(s), 39 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 4 Valeur(s) du Registre infectée(s): 5 Elément(s) de données du Registre infecté(s): 3 Dossier(s) infecté(s): 4 Fichier(s) infecté(s): 19 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Not selected for removal. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiVirus System 2011 (Rogue.AntivirusSystem2011) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\ANTIVIRUS SYSTEM 2011 (Rogue.AntivirusSystem2011) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\chh9ggurde85 (Trojan.FakeAlert) -> Value: chh9ggurde85 -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Value: ForceClassicControlPanel -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mscjm.exe (Trojan.Downloader) -> Value: mscjm.exe -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\AntiVirus System 2011\BackgroundScan (Rogue.AntivirusSystem2011) -> Value: BackgroundScan -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Update (Backdoor.Bot) -> Value: Microsoft Update -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): c:\documents and settings\administrateur\application data\antivirus system 2011 (Rogue.AntivirusSystem2011) -> Quarantined and deleted successfully. c:\documents and settings\administrateur\menu démarrer\programmes\antivirus system 2011 (Rogue.AntivirusSystem2011) -> Quarantined and deleted successfully. c:\documents and settings\administrateur\local settings\temporary internet files\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully. c:\documents and settings\administrateur\local settings\temporary internet files\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2}\Data (Adware.DoubleD) -> Quarantined and deleted successfully. Fichier(s) infecté(s): c:\documents and settings\administrateur\application data\39805\bbzzkzz17.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\documents and settings\administrateur\local settings\Temp\exe.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\documents and settings\administrateur\local settings\temporary internet files\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2}\productinfo.dll (Adware.DoubleD) -> Quarantined and deleted successfully. c:\documents and settings\administrateur\local settings\temporary internet files\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2}\tdf.dat (Adware.BHO) -> Quarantined and deleted successfully. c:\documents and settings\administrateur\application data\antivirus system 2011\securityhelper.exe (Rogue.AntivirusSystem2011) -> Quarantined and deleted successfully. c:\documents and settings\administrateur\application data\antivirus system 2011\icoactivate.ico (Rogue.AntivirusSystem2011) -> Quarantined and deleted successfully. c:\documents and settings\administrateur\application data\antivirus system 2011\IcoHelp.ico (Rogue.AntivirusSystem2011) -> Quarantined and deleted successfully. c:\documents and settings\administrateur\application data\antivirus system 2011\icouninstall.ico (Rogue.AntivirusSystem2011) -> Quarantined and deleted successfully. c:\documents and settings\administrateur\application data\microsoft\internet explorer\quick launch\antivirus system 2011.lnk (Rogue.AntivirusSystem2011) -> Quarantined and deleted successfully. c:\documents and settings\administrateur\menu démarrer\programmes\antivirus system 2011\antivirus system 2011.lnk (Rogue.AntivirusSystem2011) -> Quarantined and deleted successfully. c:\documents and settings\administrateur\menu démarrer\programmes\antivirus system 2011\activate antivirus system 2011.lnk (Rogue.AntivirusSystem2011) -> Quarantined and deleted successfully. c:\documents and settings\administrateur\menu démarrer\programmes\antivirus system 2011\help antivirus system 2011.lnk (Rogue.AntivirusSystem2011) -> Quarantined and deleted successfully. c:\documents and settings\administrateur\menu démarrer\programmes\antivirus system 2011\how to activate antivirus system 2011.lnk (Rogue.AntivirusSystem2011) -> Quarantined and deleted successfully. c:\documents and settings\administrateur\menu démarrer\programmes\antivirus system 2011.lnk (Rogue.AntivirusSystem2011) -> Quarantined and deleted successfully. c:\documents and settings\administrateur\local settings\temporary internet files\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2}\bg.jpg (Adware.DoubleD) -> Quarantined and deleted successfully. c:\documents and settings\administrateur\local settings\temporary internet files\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2}\currentversion.xml (Adware.DoubleD) -> Quarantined and deleted successfully. c:\documents and settings\administrateur\local settings\temporary internet files\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2}\icon.ico (Adware.DoubleD) -> Quarantined and deleted successfully. c:\documents and settings\administrateur\local settings\temporary internet files\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2}\tdf.zip (Adware.DoubleD) -> Quarantined and deleted successfully. c:\documents and settings\administrateur\local settings\temporary internet files\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2}\Data\productinfo.mx (Adware.DoubleD) -> Quarantined and deleted successfully. et : Results of screen317's Security Check version 0.99.8 Windows XP Service Pack 2 Out of date service pack!! Internet Explorer 7 Out of date! `````````````````````````````` Antivirus/Firewall Check: Windows Security Center service is not running! This report may not be accurate! Avira AntiVir Personal - Free Antivirus WMI entry may not exist for antivirus; attempting automatic update. Avira successfully updated! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Adobe Flash Player 10.0.22.87 Adobe Reader 9.4.1 - Français Out of date Adobe Reader installed! Mozilla Firefox (2.0.0) Firefox Out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent Avira Antivir avgnt.exe Avira Antivir avguard.exe Comodo Firewall cmdagent.exe Comodo Firewall cfp.exe ``````````End of Log```````````` J'attends ta réponse pour savoir ce qu'il faut faire. J'ai 2 disques dur dont 1 en esclave, est-ce qu'il faut que je le débranche? Delphine
  4. Delf
    Bonjour à tous, Je cherche de l'aide car j'ai un message au démarrage de mon PC qui me trouve des virus et cheval de troie. Même en cliquant sur supprimer ça plante toujours. J'ai également Antivirus security 2011 qui s'est installé et que je ne peux pas désinstaller. J'ai aussi un message d'erreur qui me bloque Sft.dez.Wien mais je ne peux rien faire, la fenêtre reste ouverte en permanence, je la déplace sur l'écran pour arrvier à vous écrire. J'ai Windows XP, comodo et antivir. Je fais un Hijackthis en rentrant du travail ce soir vers 18h. Merci d'avance pour votre aide à une néophyte totale !!! Delphine
  5. Delf
    Cher Falkra, Je viens de finaliser les instructions que tu m'as données. J'ai fini d'installer javara. Tout paraît OK. J'ai lu avec attention les conseils pour éviter une réinfection. Je l'ai même gardé dans mes favoris. En cas de souci (je ne l'espère pas mais sait-on jamais) je reviendrais sur ce forum sans hésitation et en toute confiance. Merci beaucoup pour l'existence de ce site et pour le professionalisme de tous ceux qui nous viennent en aide. Delf
  6. Delf

    Quelle patience, quelle disponibilité !!!

    Merci 1 000 fois !!!

    Sans toi j'étais perdue et là tout est nikel, comme avant.

    un professionalisme incroyable !!!

    Merci Merci Mrci et MERCI

    En savoir plus  
  7. Delf
    Je ne sais pas comment te remercier encore une fois pour ta patience et ton efficacité !!!! J'ai effacé ce que tu m'as dit. J'ai installé comodo et psi. Pour Java c'est un peu compliqué et la fatigue aidant je m'y mettrais demain matin reposée. Encore merci Bonne soirée Delf
  8. Delf
    Ne jamais remettre au lendemain ce qu'on peut faire le jour même... Si pour toi c'est OK, je finirais ce soir. Voici le rapport : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:33:35, on 03/11/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\IR4K6L2S\HiJackThis[1].exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [TomTomHOME.exe] "D:\logiciels & drivers\tomtom GO\TomTomHOME.exe" -s O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU) O15 - Trusted Zone: http://*.secuser.com O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp03.photoprintit.de/microsite/121...IPSUploader.cab O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NBService - Nero AG - D:\logiciels & drivers\nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NeroNET - Unknown owner - C:\Program Files\Ahead\NeroNET\NeroNET.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 6217 bytes
  9. Delf
    Avira AntiVir Personal Report file date: lundi 3 novembre 2008 23:05 Scanning for 1005296 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: PC-DELPH Version information: BUILD.DAT : 8.2.0.334 16933 Bytes 16/10/2008 14:55:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 09:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 22:01:03 ANTIVIR1.VDF : 7.1.0.21 130560 Bytes 31/10/2008 22:01:04 ANTIVIR2.VDF : 7.1.0.22 2048 Bytes 31/10/2008 22:01:04 ANTIVIR3.VDF : 7.1.0.30 69120 Bytes 03/11/2008 22:01:05 Engineversion : 8.2.0.10 AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 11:05:56 AESCRIPT.DLL : 8.1.1.9 319867 Bytes 03/11/2008 22:01:09 AESCN.DLL : 8.1.1.3 123252 Bytes 14/10/2008 11:05:56 AERDL.DLL : 8.1.1.2 438644 Bytes 12/09/2008 07:06:02 AEPACK.DLL : 8.1.2.4 369014 Bytes 14/10/2008 11:05:56 AEOFFICE.DLL : 8.1.0.29 196988 Bytes 03/11/2008 22:01:08 AEHEUR.DLL : 8.1.0.63 1479032 Bytes 03/11/2008 22:01:08 AEHELP.DLL : 8.1.1.2 115062 Bytes 14/10/2008 11:05:56 AEGEN.DLL : 8.1.0.42 319861 Bytes 03/11/2008 22:01:06 AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 11:05:56 AECORE.DLL : 8.1.2.9 172407 Bytes 03/11/2008 22:01:06 AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 11:05:56 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 03/11/2008 22:01:05 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, E:, F:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: lundi 3 novembre 2008 23:05 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'iexplore.exe' - '1' Module(s) have been scanned Scan process 'usnsvc.exe' - '1' Module(s) have been scanned Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned Scan process 'COCIManager.exe' - '1' Module(s) have been scanned Scan process 'NclRSSrv.exe' - '1' Module(s) have been scanned Scan process 'LVComSer.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'ServiceLayer.exe' - '1' Module(s) have been scanned Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'LVComSer.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'Quickcam.exe' - '1' Module(s) have been scanned Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned Scan process 'iTouch.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 36 processes with 36 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Boot sector 'E:\' [iNFO] No virus was found! Boot sector 'F:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '0' files ). End of the scan: lundi 3 novembre 2008 23:05 Used time: 00:08 Minute(s) The scan has been canceled! 0 Scanning directories 36 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 0 Files cannot be scanned 36 Files not concerned 0 Archives were scanned 0 Warnings 0 Notes
  10. Delf
    10 000 merci pour ton aide !!!! Sans toi je serais toujours en train de criser devant l'ordi ou je l'aurais passer par dessus le balcon et il aurait chuté sur les 3 étages !!! j'ai désinstallé avast et installé antivir. Il m'a demandé de faire un scan dont voici le rapport : 03.11.2008 23:00:19 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ 03.11.2008 23:00:19 - Backup Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\ 03.11.2008 23:00:19 - Temp Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\ 03.11.2008 23:00:19 - Using System's global Proxy settings 03.11.2008 23:00:19 - Launching GUI... display mode: 0 03.11.2008 23:00:19 - selftest successful: C:\Program Files\Avira\AntiVir PersonalEdition Classic\updlib.dll 03.11.2008 23:00:19 - selftest successful: C:\Program Files\Avira\AntiVir PersonalEdition Classic\updlibrc.dll 03.11.2008 23:00:19 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ 03.11.2008 23:00:19 - Backup Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\ 03.11.2008 23:00:19 - Temp Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\ 03.11.2008 23:00:19 - Using System's global Proxy settings 03.11.2008 23:00:19 - Launching GUI... display mode: 0 03.11.2008 23:00:19 - selftest successful: C:\Program Files\Avira\AntiVir PersonalEdition Classic\updlib.dll 03.11.2008 23:00:19 - selftest successful: C:\Program Files\Avira\AntiVir PersonalEdition Classic\updlibrc.dll 03.11.2008 23:00:19 - Avira AntiVir Personal - Free Antivirus 03.11.2008 23:00:25 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\idx/master.idx to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\IDX\master.idx 03.11.2008 23:00:25 - Master IDX file has changed 03.11.2008 23:00:26 - Downloading the product.info file from http://dl10.freeav.net/upd/idx/classic-nt-en.info.gz 03.11.2008 23:00:27 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\classic-nt-en.info to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\IDX\classic-nt-en.info 03.11.2008 23:00:27 - Downloading the product.info file from http://dl10.freeav.net/upd/idx/vdf.info.gz 03.11.2008 23:00:27 - Downloading the product.info file from http://dl10.freeav.net/upd/idx/specvir-nt.info.gz 03.11.2008 23:00:28 - Downloading the product.info file from http://dl10.freeav.net/upd/idx/ave2.info.gz 03.11.2008 23:00:28 - Downloading the product.info file from http://dl10.freeav.net/upd/idx/info-wks-cl...c-nt-en.info.gz 03.11.2008 23:00:29 - Module: SELFUPDATE Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 15 03.11.2008 23:00:29 - Module: MAIN Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 83 03.11.2008 23:00:30 - Module: COMMAPPDATA_AV Source: winwks\en\ Destination: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\ Files: 1 03.11.2008 23:00:30 - Module: COMMAPP Source: winwks\en\ Destination: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\JOBS\ Files: 4 03.11.2008 23:00:30 - Module: COMMAPDATA_AV_PROFILES Source: winwks\en\ Destination: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\ Files: 2 03.11.2008 23:00:30 - Module: TEXT Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 3 03.11.2008 23:00:30 - Module: VDF Source: vdf\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 4 03.11.2008 23:00:30 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir0.vdf 6.40.0.0 < 7.1.0.0 03.11.2008 23:00:30 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir1.vdf 7.0.5.1 < 7.1.0.21 03.11.2008 23:00:30 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir2.vdf 7.0.5.20 < 7.1.0.22 03.11.2008 23:00:30 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir3.vdf 7.0.5.23 < 7.1.0.30 03.11.2008 23:00:30 - Module: AVREP_NT Source: engine\nt\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 1 03.11.2008 23:00:30 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avrep.dll 7.0.0.1 < 8.0.0.2 03.11.2008 23:00:30 - Module: AVE2 Source: ave2\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 14 03.11.2008 23:00:30 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\aecore.dll 8.1.2.6 < 8.1.2.9 03.11.2008 23:00:30 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\aegen.dll 8.1.0.41 < 8.1.0.42 03.11.2008 23:00:30 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeheur.dll 8.1.0.59 < 8.1.0.63 03.11.2008 23:00:30 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeoffice.dll 8.1.0.28 < 8.1.0.29 03.11.2008 23:00:30 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\aescript.dll 8.1.1.8 < 8.1.1.9 03.11.2008 23:00:30 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeset.dat 8.2.0.4 < 8.2.0.10 03.11.2008 23:00:30 - Module: DRV Source: winwks\en\ Destination: C:\WINDOWS\SYSTEM32\drivers\ Files: 4 03.11.2008 23:00:30 - Module: PRODINFO Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 1 03.11.2008 23:00:30 - Minifilter is installed 03.11.2008 23:00:30 - Minifilter is possible 03.11.2008 23:00:30 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | FilterType 03.11.2008 23:00:30 - Initialize avnotify.exe 03.11.2008 23:00:30 - Starting avnotify.exe successful 03.11.2008 23:00:30 - Preparing to download files 03.11.2008 23:00:30 - 13 files need to be downloaded / copied from http://dl10.freeav.net/upd/ 03.11.2008 23:00:30 - #1: Downloading and extracting http://dl10.freeav.net/upd/winwks/en/class...filelist.ini.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\winwks\en\classic-nt/filelist.ini 03.11.2008 23:00:31 - #2: Downloading and extracting http://dl10.freeav.net/upd/winwks/en/class.../product.ini.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\winwks\en\classic-nt/product.ini 03.11.2008 23:00:37 - #3: Downloading and extracting http://dl10.freeav.net/upd/vdf/antivir0.vdf.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\vdf\antivir0.vdf 03.11.2008 23:01:03 - #4: Downloading and extracting http://dl10.freeav.net/upd/vdf/antivir1.vdf.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\vdf\antivir1.vdf 03.11.2008 23:01:04 - #5: Downloading and extracting http://dl10.freeav.net/upd/vdf/antivir2.vdf.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\vdf\antivir2.vdf 03.11.2008 23:01:04 - #6: Downloading and extracting http://dl10.freeav.net/upd/vdf/antivir3.vdf.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\vdf\antivir3.vdf 03.11.2008 23:01:05 - #7: Downloading and extracting http://dl10.freeav.net/upd/engine/nt/avrep.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\engine\nt\avrep.dll 03.11.2008 23:01:05 - #8: Downloading and extracting http://dl10.freeav.net/upd/ave2/aecore.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\ave2\aecore.dll 03.11.2008 23:01:06 - #9: Downloading and extracting http://dl10.freeav.net/upd/ave2/aegen.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\ave2\aegen.dll 03.11.2008 23:01:06 - #10: Downloading and extracting http://dl10.freeav.net/upd/ave2/aeheur.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\ave2\aeheur.dll 03.11.2008 23:01:08 - #11: Downloading and extracting http://dl10.freeav.net/upd/ave2/aeoffice.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\ave2\aeoffice.dll 03.11.2008 23:01:08 - #12: Downloading and extracting http://dl10.freeav.net/upd/ave2/aescript.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\ave2\aescript.dll 03.11.2008 23:01:09 - #13: Downloading and extracting http://dl10.freeav.net/upd/ave2/aeset.dat.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\ave2\aeset.dat 03.11.2008 23:01:16 - Keyfile: OK [FULL Mode] 03.11.2008 23:01:16 - Status of service AntiVirService is running 03.11.2008 23:01:16 - Initialize avscan.exe 03.11.2008 23:01:16 - Initialize avcenter.exe 03.11.2008 23:01:16 - Initialize avgnt.exe 03.11.2008 23:01:16 - avscan.exe closed. 03.11.2008 23:01:17 - avgnt.exe closed. 03.11.2008 23:01:17 - Starting to install 03.11.2008 23:01:17 - File C:\Program Files\Avira\AntiVir PersonalEdition Classic\filelist.ini will not be backed up because it doesn't exist 03.11.2008 23:01:17 - File C:\Program Files\Avira\AntiVir PersonalEdition Classic\product.ini will not be backed up because it doesn't exist 03.11.2008 23:01:17 - Processing module MAIN Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ 03.11.2008 23:01:17 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\winwks\en\classic-nt/filelist.ini to C:\Program Files\Avira\AntiVir PersonalEdition Classic\filelist.ini 03.11.2008 23:01:17 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\winwks\en\classic-nt/product.ini to C:\Program Files\Avira\AntiVir PersonalEdition Classic\product.ini 03.11.2008 23:01:18 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir0.vdf to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\antivir0.vdf 03.11.2008 23:01:18 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir1.vdf to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\antivir1.vdf 03.11.2008 23:01:18 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir2.vdf to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\antivir2.vdf 03.11.2008 23:01:18 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir3.vdf to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\antivir3.vdf 03.11.2008 23:01:18 - Processing module VDF Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\vdf\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ 03.11.2008 23:01:19 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\vdf\antivir0.vdf to C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir0.vdf 03.11.2008 23:01:19 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\vdf\antivir1.vdf to C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir1.vdf 03.11.2008 23:01:19 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\vdf\antivir2.vdf to C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir2.vdf 03.11.2008 23:01:19 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\vdf\antivir3.vdf to C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir3.vdf 03.11.2008 23:01:19 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\avrep.dll to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\avrep.dll 03.11.2008 23:01:19 - Processing module AVREP_NT Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\engine\nt\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ 03.11.2008 23:01:19 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\engine\nt\avrep.dll to C:\Program Files\Avira\AntiVir PersonalEdition Classic\avrep.dll 03.11.2008 23:01:19 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aecore.dll to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\aecore.dll 03.11.2008 23:01:20 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aegen.dll to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\aegen.dll 03.11.2008 23:01:20 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeheur.dll to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\aeheur.dll 03.11.2008 23:01:20 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeoffice.dll to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\aeoffice.dll 03.11.2008 23:01:20 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aescript.dll to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\aescript.dll 03.11.2008 23:01:20 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeset.dat to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\aeset.dat 03.11.2008 23:01:20 - Processing module AVE2 Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\ave2\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ 03.11.2008 23:01:21 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\ave2\aecore.dll to C:\Program Files\Avira\AntiVir PersonalEdition Classic\aecore.dll 03.11.2008 23:01:22 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\ave2\aegen.dll to C:\Program Files\Avira\AntiVir PersonalEdition Classic\aegen.dll 03.11.2008 23:01:23 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\ave2\aeheur.dll to C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeheur.dll 03.11.2008 23:01:24 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\ave2\aeoffice.dll to C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeoffice.dll 03.11.2008 23:01:25 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\ave2\aescript.dll to C:\Program Files\Avira\AntiVir PersonalEdition Classic\aescript.dll 03.11.2008 23:01:25 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\ave2\aeset.dat to C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeset.dat 03.11.2008 23:01:25 - A total of 13 files were updated 03.11.2008 23:01:25 - Initialize AVWSC.EXE 03.11.2008 23:01:25 - Registry entry created successfully: Software\Avira\AntiVir PersonalEdition Classic |UpdateInProgress 03.11.2008 23:01:25 - Status of service AntiVirService is running 03.11.2008 23:01:27 - Reinitialization of AntiVirService carried out successfully. 03.11.2008 23:01:28 - Starting avgnt.exe successful 03.11.2008 23:01:28 - Dialup: 0 03.11.2008 23:01:28 - Downloaded bytes: 16936032 03.11.2008 23:01:28 - Downloaded file(s): 13 03.11.2008 23:01:28 - Downloaded file(s): filelist.ini; product.ini; antivir0.vdf; antivir1.vdf; antivir2.vdf; antivir3.vdf; avrep.dll; aecore.dll; aegen.dll; aeheur.dll 03.11.2008 23:01:28 - Downloaded file(s): aeoffice.dll; aescript.dll; aeset.dat 03.11.2008 23:01:28 - Required time: 01:09 03.11.2008 23:01:28 - Registry entry created successfully: Software\Avira\AntiVir PersonalEdition Classic |LastUpdate 03.11.2008 23:01:28 - Update finished successfully J'espère que tout est normal. Que dois-je faire à l'avenir pour que ceci ne se reproduise plus? J'ai un pote qui utilise Fsecurity comme antivirus? C'est bien ou pas?
  11. Delf
    Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:48:15, on 03/11/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\IR4K6L2S\HiJackThis[1].exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [TomTomHOME.exe] "D:\logiciels & drivers\tomtom GO\TomTomHOME.exe" -s O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU) O15 - Trusted Zone: http://*.secuser.com O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp03.photoprintit.de/microsite/121...IPSUploader.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NBService - Nero AG - D:\logiciels & drivers\nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NeroNET - Unknown owner - C:\Program Files\Ahead\NeroNET\NeroNET.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 6132 bytes
  12. Delf
    ComboFix 08-11-02.05 - Administrateur 2008-11-03 21:29:02.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.585 [GMT 1:00] Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe * Un nouveau point de restauration a été créé . Les fichiers ci-dessous ont été désactivés pendant l'exécution: c:\program files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\ieupdates.exe.tmp . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_BOONTY_GAMES -------\Service_Boonty Games ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-03 au 2008-11-03 )))))))))))))))))))))))))))))))))))) . 2008-11-03 18:50 . 2008-11-03 18:50 <REP> d-------- C:\rsit 2008-11-03 15:24 . 2008-11-03 16:37 <REP> d-------- C:\ToolBar SD 2008-11-03 09:22 . 2008-11-03 09:22 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-03 09:22 . 2008-11-03 09:22 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-03 09:22 . 2008-11-03 09:22 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes 2008-11-03 09:22 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-03 09:22 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-10-24 15:17 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2008-10-22 12:42 . 2008-10-22 12:42 <REP> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy) 2008-10-22 12:42 . 2008-10-22 12:42 <REP> d-------- c:\program files\SDHelper (Spybot - Search & Destroy) 2008-10-21 11:53 . 2008-10-21 11:53 <REP> d-------- c:\windows\system32\fr 2008-10-21 11:53 . 2008-10-21 11:53 <REP> d-------- c:\windows\system32\bits 2008-10-21 11:53 . 2008-10-21 11:53 <REP> d-------- c:\windows\l2schemas 2008-10-21 05:10 . 2008-04-14 03:33 1,306,624 --------- c:\windows\system32\msxml6.dll 2008-10-21 05:09 . 2008-04-14 03:33 651,264 --------- c:\windows\system32\dot3ui.dll 2008-10-16 11:02 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-10-16 11:02 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-10-16 11:02 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-10-16 11:02 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-10-16 11:02 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys 2008-10-16 11:02 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-03 19:40 --------- d-----w c:\program files\eMule 2008-11-03 10:23 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-11-03 10:22 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-10-29 14:03 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2008-10-21 11:08 --------- d-----w c:\program files\MSN Messenger 2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys 2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys 2008-09-03 16:34 --------- d-----w c:\documents and settings\Administrateur\Application Data\Petroglyph 2008-09-03 16:32 107,888 ----a-w c:\windows\system32\CmdLineExt.dll 2008-09-03 16:22 --------- d--h--w c:\program files\InstallShield Installation Information 2008-09-03 15:33 --------- d-----w c:\program files\Microsoft Works 2008-09-03 15:32 --------- d-----w c:\program files\MSBuild 2008-08-26 08:11 826,368 ----a-w c:\windows\system32\wininet.dll 2008-08-14 13:23 2,191,232 ----a-w c:\windows\system32\ntoskrnl.exe 2008-08-14 13:23 2,068,096 ----a-w c:\windows\system32\ntkrnlpa.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-03-27 173368] [HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2008-03-27 13:12 1164600 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 1164600] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 1164600] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-03-28 1079296] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784] "TomTomHOME.exe"="d:\logiciels & drivers\tomtom GO\TomTomHOME.exe" [2007-05-15 3975848] "SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-03-27 111928] "zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928] "LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832] "nwiz"="nwiz.exe" [2007-06-28 c:\windows\system32\nwiz.exe] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 14:40 155648 c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService] --a------ 2004-06-11 10:15 83968 c:\windows\system32\nvraidservice.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2005-05-17 17:48 77824 c:\windows\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "c:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "d:\\mes documents\\jeux dede\\star wars\\GameData\\sweaw.exe"= "d:\\mes documents\\jeux dede\\star wars\\swfoc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416] R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [2008-03-21 78848] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] S2 NeroNET;NeroNET;c:\program files\Ahead\NeroNET\NeroNET.exe [ ] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a4b0def-f9fb-11dc-964f-00138fe7a43b}] \Shell\AutoRun\command - J:\InstallTomTomHOME.exe . - - - - ORPHELINS SUPPRIMES - - - - WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file) HKCU-Run-msnmsgr - ~c:\progra~1\MSNMES~1\msnmsgr.exe HKU-Default-Run-Nokia.PCSync - d:\logiciels & drivers\Nokia\Nokia PC Suite 6\PcSync2.exe SharedTaskScheduler-IPC Configuration Utility - (no file) Notify-WgaLogon - (no file) MSConfigStartUp-MsnMsgr - ~c:\program files\MSN Messenger\MsnMsgr.Exe . ------- Examen supplémentaire ------- . R0 -: HKLM-Main,Window Title = O8 -: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 O16 -: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab c:\windows\Downloaded Program Files\OSDED4D.OSD c:\windows\Downloaded Program Files\InstallerControl.dll O16 -: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://asp03.photoprintit.de/microsite/12188/defaults/activex/IPSUploader.cab c:\windows\Downloaded Program Files\IPSUploader.inf c:\windows\system32\unicows.dll c:\windows\Downloaded Program Files\IPSUploader.ocx . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-03 21:31:44 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\wdfmgr.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe c:\windows\system32\rundll32.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe c:\program files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe c:\program files\Alwil Software\Avast4\Setup\avast.setup c:\program files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe . ************************************************************************** . Heure de fin: 2008-11-03 21:39:48 - La machine a redémarré ComboFix-quarantined-files.txt 2008-11-03 20:39:09 Avant-CF: 3 560 730 624 octets libres Après-CF: 3,519,574,016 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn 186 --- E O F --- 2008-10-25 01:00:32
  13. Delf
    Je désespère, Malgré la manipulation que j'ai suivi à la lettre, mon desktop n'est toujours pas changeable. La seulle chose que j'ai réussi à faire c'est d'ouvrir une photo et en faisant un clic droit ça me l'a mise en fond d'écran. sinon la zone où habituellement on change le fond d'écran est grisée et on ne peut rien faire. Désolée de t'embêter. Delf
  14. Delf
    Logfile of random's system information tool 1.04 (written by random/random) Run by Administrateur at 2008-11-03 18:53:56 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 4 GB (30%) free of 12 GB Total RAM: 1023 MB (60% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:54:00, on 03/11/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\SweetIM\Messenger\SweetIM.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\PROGRA~1\MSNMES~1\msnmsgr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Administrateur\Bureau\RSIT.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX01.500\Administrateur.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [TomTomHOME.exe] "D:\logiciels & drivers\tomtom GO\TomTomHOME.exe" -s O4 - HKLM\..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [msnmsgr] ~"C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "D:\logiciels & drivers\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "D:\logiciels & drivers\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user') O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU) O15 - Trusted Zone: http://*.secuser.com O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp03.photoprintit.de/microsite/121...IPSUploader.cab O22 - SharedTaskScheduler: IPC Configuration Utility - IPC Configuration Utility - (no file) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NBService - Nero AG - D:\logiciels & drivers\nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NeroNET - Unknown owner - C:\Program Files\Ahead\NeroNET\NeroNET.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 7677 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-03-27 1164600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-03-27 1164600] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-06-28 8466432] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-06-28 81920] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784] "TomTomHOME.exe"=D:\logiciels & drivers\tomtom GO\TomTomHOME.exe [2007-05-15 3975848] "SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2008-03-27 111928] "zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe [2004-03-18 892928] "LogitechCommunicationsManager"=C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984] "LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-10-25 2178832] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\HOMERunner.exe [2008-05-06 202088] "PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe [2008-03-28 1079296] "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe [2008-03-26 1232896] "msnmsgr"=~C:\PROGRA~1\MSNMES~1\msnmsgr.exe /background [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] ~C:\Program Files\MSN Messenger\MsnMsgr.Exe /background [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2006-01-12 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService] C:\WINDOWS\system32\nvraidservice.exe [2004-06-11 83968] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] C:\WINDOWS\SOUNDMAN.EXE [2005-05-17 77824] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk] C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2004-12-14 29696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler] IPC Configuration Utility - IPC Configuration Utility [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "DisableTaskMgr"=1 "DisableRegistryTools"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=91000000 "NoSetActiveDesktop"=1 "NoActiveDesktopChanges"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoSetActiveDesktop"= "NoActiveDesktopChanges"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater" "C:\Program Files\Fichiers communs\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Fichiers communs\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process " "D:\mes documents\jeux dede\Sacred\Gameserver.exe"="D:\mes documents\jeux dede\Sacred\Gameserver.exe:*:Enabled:Sacred Gameserver" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "D:\mes documents\jeux dede\star wars\GameData\sweaw.exe"="D:\mes documents\jeux dede\star wars\GameData\sweaw.exe:*:Enabled:Star Wars: Empire at War" "D:\mes documents\jeux dede\star wars\swfoc.exe"="D:\mes documents\jeux dede\star wars\swfoc.exe:*:Enabled:Star Wars: Empire at War: Forces of Corruption" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a4b0def-f9fb-11dc-964f-00138fe7a43b}] shell\AutoRun\command - J:\InstallTomTomHOME.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a37af66a-8c6b-11dc-b9b4-00138fe7a43b}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs ======List of files/folders created in the last 1 months====== 2008-11-03 18:50:16 ----D---- C:\rsit 2008-11-03 15:25:21 ----A---- C:\TB.txt 2008-11-03 15:24:49 ----D---- C:\ToolBar SD 2008-11-03 09:22:13 ----D---- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes 2008-11-03 09:22:08 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-11-03 09:22:07 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-11-03 07:14:13 ----A---- C:\WINDOWS\system32\ieupdates.exe.tmp 2008-10-25 02:00:24 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2008-10-22 12:42:08 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy) 2008-10-22 12:42:06 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy) 2008-10-22 02:00:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$ 2008-10-21 12:08:47 ----SHD---- C:\Config.Msi 2008-10-21 12:06:41 ----D---- C:\WINDOWS\Prefetch 2008-10-21 11:59:21 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$ 2008-10-21 11:59:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$ 2008-10-21 11:59:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2008-10-21 11:58:53 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$ 2008-10-21 11:58:43 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2008-10-21 11:58:36 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2008-10-21 11:58:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2008-10-21 11:58:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$ 2008-10-21 11:58:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2008-10-21 11:58:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$ 2008-10-21 11:57:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2008-10-21 11:57:46 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2008-10-21 11:57:38 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2008-10-21 11:57:29 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2008-10-21 11:57:22 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$ 2008-10-21 11:53:56 ----D---- C:\Program Files\msn 2008-10-21 11:53:55 ----D---- C:\WINDOWS\system32\fr 2008-10-21 11:53:55 ----D---- C:\WINDOWS\system32\bits 2008-10-21 11:53:55 ----D---- C:\WINDOWS\l2schemas 2008-10-21 11:50:33 ----D---- C:\WINDOWS\network diagnostic 2008-10-21 05:11:03 ----N---- C:\WINDOWS\system32\wmphoto.dll 2008-10-21 05:11:00 ----N---- C:\WINDOWS\system32\wlanapi.dll 2008-10-21 05:10:58 ----N---- C:\WINDOWS\system32\windowscodecsext.dll 2008-10-21 05:10:58 ----N---- C:\WINDOWS\system32\windowscodecs.dll 2008-10-21 05:10:51 ----N---- C:\WINDOWS\system32\tspkg.dll 2008-10-21 05:10:51 ----N---- C:\WINDOWS\system32\tsgqec.dll 2008-10-21 05:10:41 ----N---- C:\WINDOWS\system32\setupn.exe 2008-10-21 05:10:38 ----N---- C:\WINDOWS\system32\rhttpaa.dll 2008-10-21 05:10:37 ----N---- C:\WINDOWS\system32\rasqec.dll 2008-10-21 05:10:36 ----N---- C:\WINDOWS\system32\qutil.dll 2008-10-21 05:10:35 ----N---- C:\WINDOWS\system32\qcliprov.dll 2008-10-21 05:10:35 ----N---- C:\WINDOWS\system32\qagentrt.dll 2008-10-21 05:10:35 ----N---- C:\WINDOWS\system32\qagent.dll 2008-10-21 05:10:33 ----N---- C:\WINDOWS\system32\photometadatahandler.dll 2008-10-21 05:10:31 ----N---- C:\WINDOWS\system32\onex.dll 2008-10-21 05:10:23 ----N---- C:\WINDOWS\system32\napstat.exe 2008-10-21 05:10:23 ----N---- C:\WINDOWS\system32\napmontr.dll 2008-10-21 05:10:23 ----N---- C:\WINDOWS\system32\napipsec.dll 2008-10-21 05:10:22 ----N---- C:\WINDOWS\system32\msxml6r.dll 2008-10-21 05:10:22 ----N---- C:\WINDOWS\system32\msxml6.dll 2008-10-21 05:10:20 ----N---- C:\WINDOWS\system32\msshavmsg.dll 2008-10-21 05:10:20 ----N---- C:\WINDOWS\system32\mssha.dll 2008-10-21 05:10:09 ----N---- C:\WINDOWS\system32\mmcperf.exe 2008-10-21 05:10:09 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll 2008-10-21 05:10:09 ----N---- C:\WINDOWS\system32\mmcex.dll 2008-10-21 05:10:09 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll 2008-10-21 05:10:01 ----N---- C:\WINDOWS\system32\l2gpstore.dll 2008-10-21 05:10:01 ----N---- C:\WINDOWS\system32\kmsvc.dll 2008-10-21 05:10:01 ----N---- C:\WINDOWS\system32\kbdpash.dll 2008-10-21 05:10:01 ----N---- C:\WINDOWS\system32\kbdnepr.dll 2008-10-21 05:10:01 ----N---- C:\WINDOWS\system32\kbdiultn.dll 2008-10-21 05:10:01 ----N---- C:\WINDOWS\system32\kbdbhc.dll 2008-10-21 05:09:58 ----N---- C:\WINDOWS\system32\smtpapi.dll 2008-10-21 05:09:57 ----N---- C:\WINDOWS\system32\rwnh.dll 2008-10-21 05:09:49 ----A---- C:\WINDOWS\005531_.tmp 2008-10-21 05:09:48 ----N---- C:\WINDOWS\system32\eapsvc.dll 2008-10-21 05:09:48 ----N---- C:\WINDOWS\system32\eapqec.dll 2008-10-21 05:09:48 ----N---- C:\WINDOWS\system32\eappprxy.dll 2008-10-21 05:09:48 ----N---- C:\WINDOWS\system32\eapphost.dll 2008-10-21 05:09:48 ----N---- C:\WINDOWS\system32\eappgnui.dll 2008-10-21 05:09:48 ----N---- C:\WINDOWS\system32\eappcfg.dll 2008-10-21 05:09:48 ----N---- C:\WINDOWS\system32\eapp3hst.dll 2008-10-21 05:09:48 ----N---- C:\WINDOWS\system32\eapolqec.dll 2008-10-21 05:09:46 ----N---- C:\WINDOWS\system32\dot3ui.dll 2008-10-21 05:09:46 ----N---- C:\WINDOWS\system32\dot3svc.dll 2008-10-21 05:09:46 ----N---- C:\WINDOWS\system32\dot3msm.dll 2008-10-21 05:09:46 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll 2008-10-21 05:09:46 ----N---- C:\WINDOWS\system32\dot3dlg.dll 2008-10-21 05:09:46 ----N---- C:\WINDOWS\system32\dot3cfg.dll 2008-10-21 05:09:46 ----N---- C:\WINDOWS\system32\dot3api.dll 2008-10-21 05:09:45 ----N---- C:\WINDOWS\system32\dimsroam.dll 2008-10-21 05:09:45 ----N---- C:\WINDOWS\system32\dimsntfy.dll 2008-10-21 05:09:45 ----N---- C:\WINDOWS\system32\dhcpqec.dll 2008-10-21 05:09:43 ----N---- C:\WINDOWS\system32\credssp.dll 2008-10-21 05:09:40 ----N---- C:\WINDOWS\system32\bitsprx4.dll 2008-10-21 05:09:40 ----N---- C:\WINDOWS\system32\azroles.dll 2008-10-21 05:09:34 ----N---- C:\WINDOWS\system32\aaclient.dll 2008-10-17 02:03:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$ 2008-10-17 02:03:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$ 2008-10-17 02:03:00 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$ 2008-10-17 02:02:31 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$ 2008-10-17 02:02:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$ ======List of files/folders modified in the last 1 months====== 2008-11-03 16:37:10 ----D---- C:\WINDOWS\Temp 2008-11-03 16:36:04 ----RD---- C:\Program Files 2008-11-03 16:35:58 ----D---- C:\WINDOWS 2008-11-03 15:44:53 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-11-03 11:23:53 ----D---- C:\Program Files\Spybot - Search & Destroy 2008-11-03 11:22:58 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-03 09:48:06 ----D---- C:\WINDOWS\system32\drivers 2008-11-03 09:48:06 ----D---- C:\WINDOWS\system32\config 2008-11-03 07:18:54 ----SHD---- C:\WINDOWS\CSC 2008-11-03 07:14:13 ----D---- C:\WINDOWS\system32 2008-11-03 07:11:30 ----D---- C:\WINDOWS\system32\CatRoot2 2008-11-03 06:12:24 ----D---- C:\Program Files\eMule 2008-10-30 09:51:16 ----A---- C:\WINDOWS\NeroDigital.ini 2008-10-29 15:03:40 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-10-26 18:29:58 ----HD---- C:\WINDOWS\inf 2008-10-26 17:47:05 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-10-25 07:35:23 ----D---- C:\WINDOWS\Debug 2008-10-25 02:00:27 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-10-25 02:00:19 ----HD---- C:\WINDOWS\$hf_mig$ 2008-10-21 12:08:54 ----SHD---- C:\WINDOWS\Installer 2008-10-21 12:08:48 ----D---- C:\Program Files\MSN Messenger 2008-10-21 12:06:16 ----RSD---- C:\WINDOWS\Fonts 2008-10-21 12:06:16 ----D---- C:\WINDOWS\system32\wbem 2008-10-21 12:06:16 ----D---- C:\WINDOWS\system32\Setup 2008-10-21 12:06:16 ----D---- C:\WINDOWS\AppPatch 2008-10-21 12:06:16 ----D---- C:\Program Files\Outlook Express 2008-10-21 12:03:11 ----D---- C:\WINDOWS\security 2008-10-21 12:00:33 ----D---- C:\WINDOWS\system32\CatRoot 2008-10-21 11:57:31 ----D---- C:\Program Files\Messenger 2008-10-21 11:54:31 ----D---- C:\WINDOWS\WinSxS 2008-10-21 11:54:26 ----D---- C:\WINDOWS\ServicePackFiles 2008-10-21 11:54:23 ----D---- C:\Program Files\Windows Media Player 2008-10-21 11:54:22 ----D---- C:\WINDOWS\Help 2008-10-21 11:54:14 ----D---- C:\WINDOWS\EHome 2008-10-21 11:54:13 ----D---- C:\WINDOWS\system32\inetsrv 2008-10-21 11:54:13 ----D---- C:\WINDOWS\ime 2008-10-21 11:54:01 ----D---- C:\WINDOWS\system32\usmt 2008-10-21 11:54:01 ----D---- C:\WINDOWS\system32\fr-fr 2008-10-21 11:53:55 ----D---- C:\WINDOWS\peernet 2008-10-21 11:53:55 ----D---- C:\Program Files\Movie Maker 2008-10-21 11:51:49 ----D---- C:\WINDOWS\system32\Restore 2008-10-21 11:51:49 ----D---- C:\WINDOWS\system32\npp 2008-10-21 11:51:48 ----D---- C:\WINDOWS\msagent 2008-10-21 11:51:47 ----D---- C:\WINDOWS\srchasst 2008-10-21 11:51:47 ----D---- C:\Program Files\NetMeeting 2008-10-21 11:51:46 ----D---- C:\WINDOWS\system32\Com 2008-10-21 11:51:44 ----D---- C:\Program Files\Windows NT 2008-10-21 11:51:42 ----D---- C:\Program Files\Fichiers communs\System 2008-10-21 11:51:28 ----D---- C:\WINDOWS\system32\oobe 2008-10-21 11:51:26 ----D---- C:\WINDOWS\system 2008-10-21 11:49:40 ----D---- C:\WINDOWS\system32\ReinstallBackups 2008-10-21 11:49:31 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ 2008-10-17 02:02:50 ----D---- C:\Program Files\Internet Explorer 2008-10-17 02:02:43 ----D---- C:\WINDOWS\ie7updates 2008-10-15 17:35:43 ----A---- C:\WINDOWS\system32\netapi32.dll 2008-10-07 20:19:40 ----A---- C:\WINDOWS\system32\MRT.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944] R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912] R1 SSHDRV85;SSHDRV85; \??\C:\WINDOWS\system32\drivers\SSHDRV85.sys [] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-05-18 2319680] R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152] R3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\system32\DRIVERS\itchfltr.sys [2004-03-10 12953] R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624] R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-10-12 41752] R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2007-06-28 6807328] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-05-17 33280] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-05-17 12928] R3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2007-10-12 490776] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568] S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976] S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488] S3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-28 12288] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-14 73600] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640] R2 LVCOMSer;LVCOMSer; C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904] R2 LVPrcSrv;Process Monitor; C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-06-28 155716] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344] R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592] R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848] S2 NeroNET;NeroNET; C:\Program Files\Ahead\NeroNET\NeroNET.exe -w [] S3 Boonty Games;Boonty Games; C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2007-11-13 69120] S3 NBService;NBService; D:\logiciels & drivers\nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] -----------------EOF-------------- info.txt logfile of random's system information tool 1.04 2008-11-03 18:50:26 ======Uninstall list====== -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL -->C:\WINDOWS\UNRecode.exe /UNINSTALL -->D:\logiciels & drivers\nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000} Archiveur WinRAR-->D:\logiciels & drivers\winrar\uninstall.exe Ask Toolbar-->rundll32 C:\PROGRA~1\AskTBar\bar\1.bin\AskTBar.dll,O avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup CCleaner (remove only)-->"D:\logiciels & drivers\ccleaner\uninst.exe" CEP - Color Enable Package-->"d:\PROGRA~1\EAGAME~1\zCEP_Uninstaller\unins000.exe" Coffret de pilotes Logitech QuickCam-->"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Program Files\Fichiers communs\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Easy CD-DA Extractor 6-->C:\WINDOWS\iun6002.exe "D:\logiciels & drivers\Easy CD-DA Extractor 6.0\irunin.ini" eMule-->"C:\Program Files\eMule\Uninstall.exe" HijackThis 2.0.2-->"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX01.500\HijackThis.exe" /uninstall Java 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Java 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040} Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Les Sims 2 Fun en Famille Kit-->d:\Program Files\EA GAMES\Les Sims 2 Fun en Famille Kit\EAUninstall.exe Les Sims 2 : La bonne affaire-->d:\Program Files\EA GAMES\Les Sims 2 La bonne affaire\EAUninstall.exe Les Sims 2-->d:\Program Files\EA GAMES\Les Sims 2\EAUninstall.exe Les Sims™ 2 Kit Glamour-->D:\Program Files\EA GAMES\EAUninstall.exe Logiciel iTouch de Logitech-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\Setup.exe" -l0x40c UNINSTALL Logitech QuickCam-->MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE} Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} Nero 7 Ultra Edition-->MsiExec.exe /I{235BBFC6-D863-4066-A01A-3BD504C31036} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} Nokia Connectivity Cable Driver-->MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1} Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{0FC76B71-2534-4354-B255-3468578E3F47}\Nokia_PC_Suite_rel_6_86_9_0_fre.exe Nokia PC Suite-->MsiExec.exe /I{0FC76B71-2534-4354-B255-3468578E3F47} Nokia Software Updater-->MsiExec.exe /X{3741689E-584D-40C9-B011-373A0371846D} NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI Package de pilotes Windows - Nokia Modem (03/05/2008 3.7)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_635B28EFCFA9395123BB1C251595CB16129E2560\nokia_bluetooth.inf Package de pilotes Windows - Nokia Modem (03/13/2008 6.86.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_28F2EAC406838DA65AFF6C6886FE9FE96AEF5186\nokbtmdm.inf Package de pilotes Windows - Nokia Modem (08/03/2007 6.84.0.2)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_1EB5F2E6F54A6BEDE9F436D1BA5D830FC71739BE\nokbtmdm.inf Package de pilotes Windows - Nokia Modem (10/12/2007 3.6)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_0A5D98F754C6588B2E3DDE89DDEF097075ADFFB7\nokia_bluetooth.inf Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf PC Connectivity Solution-->MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930} Perimeter-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A3D5D8C4-122F-41C3-BB03-B738601615EE}\Setup.exe" -l0x40c PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall Quick Zip 4.60.018-->"D:\logiciels & drivers\QuickZip4\unins000.exe" Sacred-->"D:\mes documents\jeux dede\Sacred\Sacred\unins000.exe" SC Ver 2.58-->"D:\logiciels & drivers\ds\SC\unins000.exe" Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7} Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028} Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E} Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77} Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85} Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00} Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F} Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9} Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41} Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" Star Wars Empire at War Forces of Corruption-->C:\Program Files\InstallShield Installation Information\{6592FDEC-2C1A-413A-9985-25FEC2F0848D}\setup.exe -runfromtemp -l0x040c -removeonly Star Wars Empire at War-->C:\Program Files\InstallShield Installation Information\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}\Setup.exe -runfromtemp -l0x040c -removeonly SweetIM for Messenger 2.5-->MsiExec.exe /X{EC6BD2CC-2DCF-4AD8-A8DD-DF89D29EEF3F} SweetIM Toolbar for Internet Explorer 3.1-->MsiExec.exe /X{59971D79-8111-42C2-9E40-883A0C277E78} TomTom HOME-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe Total Annihilation-->D:\MES DOCUMENTS\JEUX DEDE\TOTAL\CAVEDOG\TOTALA\setup.exe -u Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756} Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278} Update for Outlook 2007 Junk Email Filter (kb957258)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {E070CDA4-A8DD-47FA-89A0-F5DA5D5DDFF9} VC_MergeModuleToMSI-->MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971} VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027} VideoLAN VLC media player 0.8.6c-->D:\logiciels & drivers\vlc\uninstall.exe Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411} Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" Zuma Deluxe RA-->D:\PROGRA~1\Zuma\ZUMADE~1\UNWISE.EXE D:\PROGRA~1\Zuma\ZUMADE~1\INSTALL.LOG ======Security center information====== AV: avast! antivirus 4.8.1229 [VPS 081102-0] ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=2c02 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO -----------------EOF-----------------
  15. Delf
    Re-Bonjour et merci de l'aide pour MBAM j'avais refais la manipulation en supprimant à la fin? Comme je suis un peu blonde je m'en suis rendue compte qu'après. Du coup je n'ai plus de rapport à envoyer (en tout cas ça ne m'en propose pas). Pour Toolbar S&D voici le rapport : -----------\\ ToolBar S&D 1.2.4 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : AMD Sempron Processor 3000+ ) BIOS : Default System BIOS USER : Administrateur ( Administrator ) BOOT : Normal boot Antivirus : avast! antivirus 4.8.1229 [VPS 081102-0] 4.8.1229 (Activated) C:\ (Local Disk) - NTFS - Total:11 Go (Free:3 Go) D:\ (Local Disk) - NTFS - Total:137 Go (Free:114 Go) E:\ (Local Disk) - NTFS - Total:117 Go (Free:73 Go) F:\ (Local Disk) - NTFS - Total:115 Go (Free:68 Go) G:\ (CD or DVD) "C:\ToolBar SD" ( MAJ : 27-10-2008|09:25 ) Option : [2] ( 03/11/2008|16:35 ) -----------\\ SUPPRESSION Supprime! - C:\Program Files\AskTBar\bar Supprime! - C:\Program Files\AskTBar\PopSwatr Supprime! - C:\Program Files\AskTBar\SrchAstt Supprime! - C:\WINDOWS\iun6002.exe Supprime! - C:\Program Files\AskTBar -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://fr.msn.com/"'>http://fr.msn.com/" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://fr.msn.com/" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.msn.com/" --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! 1 - "C:\ToolBar SD\TB_1.txt" - 03/11/2008|15:26 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 03/11/2008|16:37 - Option : [2] -----------\\ Fin du rapport a 16:37:00,07 enfin, j'ai fait la manipulation pour le bureau et toujours rien... Je suis désespérée.
  16. Delf
    Malwarebytes' Anti-Malware 1.30 Version de la base de données: 1358 Windows 5.1.2600 Service Pack 3 03/11/2008 15:30:56 mbam-log-2008-11-03 (15-30-51).txt Type de recherche: Examen rapide Eléments examinés: 52590 Temps écoulé: 3 minute(s), 21 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\asc3550p (Rootkit.Agent) -> No action taken. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)
  17. Delf
    -----------\\ ToolBar S&D 1.2.4 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : AMD Sempron Processor 3000+ ) BIOS : Default System BIOS USER : Administrateur ( Administrator ) BOOT : Normal boot Antivirus : avast! antivirus 4.8.1229 [VPS 081102-0] 4.8.1229 (Activated) C:\ (Local Disk) - NTFS - Total:11 Go (Free:3 Go) D:\ (Local Disk) - NTFS - Total:137 Go (Free:114 Go) E:\ (Local Disk) - NTFS - Total:117 Go (Free:73 Go) F:\ (Local Disk) - NTFS - Total:115 Go (Free:68 Go) G:\ (CD or DVD) "C:\ToolBar SD" ( MAJ : 27-10-2008|09:25 ) Option : [1] ( 03/11/2008|15:25 ) -----------\\ Recherche de Fichiers / Dossiers ... C:\Program Files\AskTBar C:\Program Files\AskTBar\bar C:\Program Files\AskTBar\PopSwatr C:\Program Files\AskTBar\SrchAstt C:\WINDOWS\iun6002.exe -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://fr.msn.com/"'>http://fr.msn.com/"'>http://fr.msn.com/" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://fr.msn.com/" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://fr.msn.com/" --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! 1 - "C:\ToolBar SD\TB_1.txt" - 03/11/2008|15:26 - Option : [1] -----------\\ Fin du rapport a 15:26:15,18
  18. Delf
    Bonjour, J'ai un souci avec mon pc qui doit être infesté. J'ai fait un scan avec hijackthis dont voici le rapport : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:48:16, on 03/11/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\SweetIM\Messenger\SweetIM.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\MSNMES~1\msnmsgr.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Internet Explorer\iexplore.exe D:\logiciels & drivers\winrar\WinRAR.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX01.500\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [TomTomHOME.exe] "D:\logiciels & drivers\tomtom GO\TomTomHOME.exe" -s O4 - HKLM\..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [msnmsgr] ~"C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "D:\logiciels & drivers\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "D:\logiciels & drivers\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user') O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.secuser.com O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp03.photoprintit.de/microsite/121...IPSUploader.cab O22 - SharedTaskScheduler: IPC Configuration Utility - IPC Configuration Utility - (no file) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NBService - Nero AG - D:\logiciels & drivers\nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NeroNET - Unknown owner - C:\Program Files\Ahead\NeroNET\NeroNET.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 8170 bytes Que dois-je faire ? L'arrière plan de mon bureau est bloqué, c'est trop laid et ça fait mal aux yeux. J'utilise avast mais apparemment ça ne protège pas... Merci d'une réponse rapide
×
×
  • Créer...