Posez votre question Format imprimable Liste des forums Aidez-les Statistiques Rechercher Charte Forum Virus-Sécurité

Alert security =triangle jaune

Dernière réponse le 19 déc 2007 à 19:26:21 marina, le 26 nov 2007 à 18:06:59

Signaler ce message aux modérateurs

Bonjour,
je viens demander votre aide depuis quelque jour ma fille accepter le fameux fichier nokia de msn et puis que des problemes la en se moment un triangle jaune avec un point d exclamation en bas a droite avec plein de message et des pages internet qui s ouvre pour telecharger des antvirus etc... je n accpter rien biensur mais rien y fait sa ne disparer pas , j aie lancer syware doctor rien adware rien ccleaner rien , enfin je ne sais plus quoi faire merci d avance pour votre aide car moi et l informatique sa fait 2 marina

Configuration: Windows XP
Internet Explorer 7.0

Meilleures réponses pour « alert security =triangle jaune » dans :

Triangle jaune avec point d'exclamation (Résolu) Voir

"erreur sur la page" et triangle jaune? Voir

Carte réseau : triangle jaune Voir

[Gestionnaire de périphériques] Point d'exclamation jaune VoirDans le gestionnaire des périphériques de Windows, une ligne apparaît avec un point d'exclamation dans un triangle jaune. Cela signifie qu'un périphérique branché sur l'un des ports USB de l'ordinateur n'est pas reconnu car le pilote approprié n'a...

Triangle jaune avec ! (limitation du reseau) Voir

Triangle jaune avec point d'exclamation Voir

Triangle jaune avec ! quoi faire? (Résolu) Voir

Périphérique VoirNotion de périphérique On appelle « périphérique » un matériel électronique pouvant être raccordé à un ordinateur par l'intermédiaire de l'une de ses interfaces d'entrée-sortie (port série, port parallèle, bus USB, bus firewire, interface SCSI,...

Posez votre question Répondre

jlpjlp, le 26 nov 2007 à 18:15:02

Slt
Télécharge MSNFix de Laurent
http://sosvirus.changelog.fr/MSNFix.zip

Décompresse-le et double clic sur le fichier MSNFix.bat.
- Exécute l'option R.
--Si l'infection est détectée, exécute l'option N
- Sauvegarde ce rapport puis fais un copier/coller de ce rapport sur le forum.

Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.

___________________

colle un rapport hijackthis

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :

http://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."

Répondre à jlpjlp

g!rly, le 26 nov 2007 à 18:15:28

Bonjour,

Téléchargez MSNFix.zip (de !aur3n7) sur votre bureau:
http://sosvirus.changelog.fr/MSNFix.zip
Décompressez-le (clic droit >> Extraire ici) et double cliquer sur le fichier MSNFix.bat.
- Exécutez l'option R.
-- Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage

Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal

- Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt

http://www.infos-du-net.com/telecharger/Clean-LiveKill-Messenger,0305-12188 .html

et

télécharges smitfraudfix :

En image :
http://siri.urz.free.fr/Fix/SmitfraudFix.php

tu doubles cliques sur smitfraudfix.cmd et tu choisi l option 1
cela vas générer un rapport.

Copie/colle le rapport sur le forum stp.

post les deux rapport ici stp

@+
Le meilleur moyen de faire tourner la tête à une femme, c'est de lui dire qu'elle a un joli profil

Répondre à g!rly

marina, le 26 nov 2007 à 20:55:36

Voici le rapport et merci pour votre aide

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:45:35, on 26/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\Program Files\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\ATI Multimedia\main\LaunchPd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\qhrwmgwr.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [fyjenurg] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\fyjenurg.dll"
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [Ptei] "C:\PROGRA~1\SMANTE~1\attrib.exe" -vt yazb
O4 - Startup: PPControl.lnk = ?
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A46CB52-CFA0-4E78-A181-948D5E361BE3} (EpsonObj Class) - http://esupport.epson-europe.com/ePC/activex/EpsonSetup.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4EFE4BE8-8771-4649-B3EF-D97374C8D2C2} (KeybHunterWebInterface Class) - https://particuliers.secure.lcl.fr/v_1.0/img/akl/FormProtect.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://gamekult.metaboli.fr/components/Metaboli.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
End of file - 10575 bytes

Répondre à marina

marina, le 26 nov 2007 à 20:57:09

Et voici celui de msnfix

MSNFix 1.567

C:\Documents and Settings\ANNA\Bureau\MSNFix
Fix exécuté le 26/11/2007 - 20:49:41,76 By ANNA
mode normal

************************ Recherche les fichiers présents

... C:\WINDOWS\cookies.ini

************************ MSNCHK ***** /!\ beta test /!\

************************ Recherche les dossiers présents

Aucun dossier trouvé

************************ Suppression des fichiers

.. OK ... C:\WINDOWS\cookies.ini

************************ Nettoyage du registre

************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\thesims2_update.exe] 4210359A62B1B494013B78A0B3F1CA64

[color=#FF0000][b]==>[/b][/color] SVP merci d'envoyer le fichier [b] C:\DOCUME~1\ANNA\Bureau\Upload_Me.zip [/b] sur http://upload.changelog.fr

Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 26112007_20534773.zip

------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

Répondre à marina

g!rly, le 26 nov 2007 à 21:29:27

Re,

peux tu envoyer ce fichier C:\thesims2_update.exe

par l´intermediaire de ce zip : C:\DOCUME~1\ANNA\Bureau\Upload_Me.zip

a l´adresse suivante stp : http://upload.changelog.fr

puis fais ceci :

fais analyser ce meme fichier (C:\thesims2_update.exe ) sur ce site et post le rapport ici

http://www.virustotal.com/fr/

puis

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
* Double-clique VundoFix.exe afin de le lancer
* Clique sur le bouton Scan for Vundo
* Lorsque le scan est complété, clique sur le bouton Remove Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
* Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

et repost un log hijackthis , avec le rapport de virus total

@´+
Le meilleur moyen de faire tourner la tête à une femme, c'est de lui dire qu'elle a un joli profil

Répondre à g!rly

marina, le 26 nov 2007 à 22:10:43

Le rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:08:28, on 26/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\Program Files\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Multimedia\main\LaunchPd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: {de4192dd-7aa3-c519-af24-b7d799268b22} - {22b86299-7d7b-42fa-915c-3aa7dd2914ed} - C:\WINDOWS\system32\jxcbeynb.dll
O2 - BHO: (no name) - {2C45DAA2-2ABF-4D05-A606-D4A85AE2074E} - C:\WINDOWS\system32\efecd.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7690710C-1A33-4D05-B860-1730FE652B77} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {B83082CA-29DB-4B4D-BA3A-E2BD0902DA7A} - (no file)
O2 - BHO: (no name) - {B98B4120-018E-4C17-9496-7705DE0F1216} - (no file)
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [fyjenurg] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\fyjenurg.dll"
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [Ptei] "C:\PROGRA~1\SMANTE~1\attrib.exe" -vt yazb
O4 - Startup: PPControl.lnk = ?
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A46CB52-CFA0-4E78-A181-948D5E361BE3} (EpsonObj Class) - http://esupport.epson-europe.com/ePC/activex/EpsonSetup.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4EFE4BE8-8771-4649-B3EF-D97374C8D2C2} (KeybHunterWebInterface Class) - https://particuliers.secure.lcl.fr/v_1.0/img/akl/FormProtect.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://gamekult.metaboli.fr/components/Metaboli.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: xxyawvu - xxyawvu.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
End of file - 11644 bytes

voici l autre

VundoFix V6.6.2

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 21:40:37 26/11/2007

Listing files found while scanning....

C:\windows\system32\__c0017A4.dat
C:\windows\system32\dcefe.bak1
C:\windows\system32\dcefe.bak2
C:\windows\system32\dcefe.ini
C:\windows\system32\divungjf.dll
C:\windows\system32\efecd.dll
C:\windows\system32\guscwddl.dllbox
C:\windows\system32\ipqvurfg.dll
C:\windows\system32\jgfgmnql.dll
C:\windows\system32\lacodmct.dll
C:\WINDOWS\system32\qhrwmgwr.dll
C:\windows\system32\qhrwmgwr.dllbox
C:\windows\system32\swlrokjp.dll

Beginning removal...

Attempting to delete C:\windows\system32\__c0017A4.dat
C:\windows\system32\__c0017A4.dat Has been deleted!

Attempting to delete C:\windows\system32\dcefe.bak1
C:\windows\system32\dcefe.bak1 Has been deleted!

Attempting to delete C:\windows\system32\dcefe.bak2
C:\windows\system32\dcefe.bak2 Has been deleted!

Attempting to delete C:\windows\system32\dcefe.ini
C:\windows\system32\dcefe.ini Has been deleted!

Attempting to delete C:\windows\system32\divungjf.dll
C:\windows\system32\divungjf.dll Has been deleted!

Attempting to delete C:\windows\system32\efecd.dll
C:\windows\system32\efecd.dll Has been deleted!

Attempting to delete C:\windows\system32\guscwddl.dllbox
C:\windows\system32\guscwddl.dllbox Has been deleted!

Attempting to delete C:\windows\system32\ipqvurfg.dll
C:\windows\system32\ipqvurfg.dll Has been deleted!

Attempting to delete C:\windows\system32\jgfgmnql.dll
C:\windows\system32\jgfgmnql.dll Has been deleted!

Attempting to delete C:\windows\system32\lacodmct.dll
C:\windows\system32\lacodmct.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qhrwmgwr.dll
C:\WINDOWS\system32\qhrwmgwr.dll Has been deleted!

Attempting to delete C:\windows\system32\qhrwmgwr.dllbox
C:\windows\system32\qhrwmgwr.dllbox Has been deleted!

Attempting to delete C:\windows\system32\swlrokjp.dll
C:\windows\system32\swlrokjp.dll Has been deleted!

Performing Repairs to the registry.
Done!

merci d avance

Répondre à marina

g!rly, le 26 nov 2007 à 22:13:02

On continue,

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

@+
Le meilleur moyen de faire tourner la tête à une femme, c'est de lui dire qu'elle a un joli profil

Répondre à g!rly

marina, le 26 nov 2007 à 23:25:41

Voici le rapport

ComboFix 07-11-19.4 - ANNA 2007-11-26 23:20:27.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.223 [GMT 1:00]
Running from: C:\Documents and Settings\ANNA\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\ANNA\Favoris\Online Security Guide.lnk
C:\Program Files\SecCenter
C:\Program Files\SecCenter\scprot4.exe
C:\Program Files\smante~1
C:\Program Files\smante~1\S?mantec\

.
((((((((((((((((((((((((((((( Fichiers créés 2007-10-26 to 2007-11-26 ))))))))))))))))))))))))))))))))))))
.

2007-11-26 21:40 <REP> d-------- C:\VundoFix Backups
2007-11-26 20:39 <REP> d-------- C:\Program Files\Trend Micro
2007-11-26 17:09 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-11-26 17:09 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-11-26 17:09 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-11-26 17:09 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-11-26 17:08 <REP> d-------- C:\Program Files\Spyware Doctor
2007-11-26 13:06 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-26 11:12 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-26 08:15 80,960 --a------ C:\WINDOWS\system32\jxcbeynb.dll
2007-11-26 08:10 1,168,955 ---hs---- C:\WINDOWS\system32\yehctblc.ini
2007-11-26 08:07 <REP> d-------- C:\WINDOWS\system32\tnrtmwuk
2007-11-24 14:01 1,352,957 ---hs---- C:\WINDOWS\system32\hnhkavvt.ini
2007-11-24 13:58 81,472 --a------ C:\WINDOWS\system32\ilsqvvyi.dll
2007-11-22 17:22 79,936 --a------ C:\WINDOWS\system32\murnqpsp.dll
2007-11-22 17:18 1,004,368 ---hs---- C:\WINDOWS\system32\pgykbnbu.ini
2007-11-22 17:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-18 18:58 79,424 --a------ C:\WINDOWS\system32\ydsrbxvb.dll
2007-11-18 18:55 737,138 ---hs---- C:\WINDOWS\system32\niojyxbp.ini
2007-11-12 18:21 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2007-11-12 18:21 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-11-12 18:21 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2007-11-12 18:21 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2007-11-12 18:21 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2007-11-12 18:21 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2007-11-12 18:21 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2007-11-12 14:51 582,995 ---hs---- C:\WINDOWS\system32\qkbqbdcs.ini
2007-11-12 14:44 81,472 --a------ C:\WINDOWS\system32\soxeqqrx.dll
2007-11-12 13:54 <REP> d-------- C:\Program Files\Runtime Software
2007-11-12 10:56 1,024 --a------ C:\WINDOWS\system32\drivers\DCF1518D-AE04-44E5-A398-2B2579435BD4.cxv
2007-11-12 10:38 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-11-12 10:22 10,240 --a------ C:\WINDOWS\system32\drivers\63C1D9DE-045B-4F3E-A220-8CAB6453DA8F.cxv
2007-11-12 10:18 <REP> d-------- C:\Program Files\STOPzilla!
2007-11-12 10:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2007-11-12 02:34 2,432 --a------ C:\WINDOWS\system32\unpr.sys
2007-11-12 02:34 353 ---hs---- C:\WINDOWS\system32\xxyxx.ini
2007-11-12 02:29 <REP> d-------- C:\WINDOWS\system32\bfeguufo
2007-11-12 02:29 <REP> d-------- C:\Program Files\rexunuxy
2007-11-12 02:21 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-12 01:39 <REP> d-------- C:\Documents and Settings\ANNA\Application Data\PC Tools
2007-11-10 02:36 <REP> d-------- C:\Program Files\RegCleaner
2007-11-10 02:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-11-10 01:22 <REP> d-------- C:\Documents and Settings\ANNA\Application Data\MSNInstaller
2007-11-10 01:14 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-11-10 01:03 <REP> d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-11-10 00:39 <REP> d-------- C:\Program Files\Windows Live
2007-11-10 00:39 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-11-10 00:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-09 01:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-09 00:32 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-11-09 00:32 71,749 --a------ C:\WINDOWS\hcextoutput.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-26 22:18 --------- d-----w C:\Program Files\PestPatrol
2007-11-26 21:07 --------- d-----w C:\Program Files\Wanadoo
2007-11-26 19:31 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-26 16:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-26 16:01 --------- d-----w C:\Program Files\Google
2007-11-26 07:26 --------- d-----w C:\Program Files\Hijackthis Version Française
2007-11-24 23:48 267,845 ----a-w C:\WINDOWS\tsc.exe
2007-11-24 23:48 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
2007-11-22 15:59 --------- d-----w C:\Documents and Settings\ANNA\Application Data\uTorrent
2007-11-22 15:48 --------- d-----w C:\Program Files\LogProtect
2007-11-12 21:35 --------- d-----w C:\Program Files\eMule
2007-11-12 20:56 --------- d-----w C:\Program Files\a-squared Free
2007-11-12 18:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-12 18:26 --------- d-----w C:\Program Files\Ontrack
2007-11-12 12:54 --------- d-----w C:\Program Files\PowerArchiver
2007-11-12 11:06 --------- d-----w C:\Program Files\Ahead
2007-11-12 11:06 --------- d-----w C:\Documents and Settings\ANNA\Application Data\Ahead
2007-11-12 10:10 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-11-11 23:53 46,080 ----a-w C:\WINDOWS\system32\ftp.exe
2007-11-10 00:55 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-11-10 00:43 --------- d-----w C:\Program Files\MSN Messenger
2007-11-09 23:33 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-08 23:31 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2007-11-08 23:31 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2007-11-08 23:31 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2007-11-08 17:00 --------- d-----w C:\Program Files\Macrogaming
2007-11-08 15:09 --------- d-----w C:\Program Files\Fichiers communs\Sandlot Shared
2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-25 17:05 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-25 16:24 815,480 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-10-25 16:14 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-08 20:52 --------- d-----w C:\Program Files\Wizards of the Coast
2007-09-14 08:37 45,192 ----a-w C:\WINDOWS\system32\MsgPlusLoader.dll
2006-04-19 21:41 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22b86299-7d7b-42fa-915c-3aa7dd2914ed}]
2007-11-26 08:16 80960 --a------ C:\WINDOWS\system32\jxcbeynb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C45DAA2-2ABF-4D05-A606-D4A85AE2074E}]
C:\WINDOWS\system32\efecd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7690710C-1A33-4D05-B860-1730FE652B77}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B83082CA-29DB-4B4D-BA3A-E2BD0902DA7A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B98B4120-018E-4C17-9496-7705DE0F1216}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Launchpad"="C:\Program Files\ATI Multimedia\main\LaunchPd.exe" [2002-05-02 09:57]
"EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.exe" [2003-09-11 04:00]
"WOOKIT"="C:\Program Files\Wanadoo\Shell.exe" [2004-08-23 13:50]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:54]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-05 21:41]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
"WINSOS VERIFY"="C:\Program Files\Winsos\WINSOS.exe" []
"Ptei"="C:\PROGRA~1\SMANTE~1\attrib.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 17:20]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-23 17:06]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"C-Media Mixer"="Mixer.exe" [2001-12-07 16:24 C:\WINDOWS\Mixer.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-08-14 17:29]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54]
"EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.exe" [2003-09-11 04:00]
"PPMemCheck"="C:\PROGRA~1\PESTPA~1\PPMemCheck.exe" [2003-08-05 09:11]
"PestPatrol Control Center"="C:\Program Files\PESTPA~1\PPControl.exe" [2003-08-05 09:11]
"CookiePatrol"="C:\PROGRA~1\PESTPA~1\CookiePatrol.exe" [2003-08-05 09:11]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 03:10]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-06-09 01:17]

C:\Documents and Settings\ANNA\Menu D‚marrer\Programmes\D‚marrage\
PPControl.lnk - C:\Documents and Settings\ANNA\Application Data\Microsoft\Installer\{FA1B3B7A-98D0-4F54-B555-7711A6E54544}\IconFA1B3B7A.exe [2005-03-23 00:49:53]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-11-13 01:44:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyawvu]
xxyawvu.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UWA6PV_0001_N91M2107]
C:\DOCUME~1\ANNA\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\O9GJSB8B\WinAntiVirusPro2006FreeInstall_fr
[1].exe -nag

R0 UNPR;UNPR;C:\WINDOWS\system32\unpr.sys
R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS
R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys
S0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys
S2 CINEMSUP;Software Cinemaster NT4.0 Driver;C:\WINDOWS\system32\DRIVERS\CINEMSUP.SYS
S3 AX88172;ASIX AX88172 USB2 to Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\ax88172.sys
S3 oUltraf;oUltraf;\??\C:\DOCUME~1\ANNA\LOCALS~1\Temp\oUltraf.sys
S3 pgfilter;pgfilter;\??\C:\Program Files\PeerGuardian2\pgfilter.sys
S3 RescueDrv;Inventel Access Point USB Rescue Driver;C:\WINDOWS\system32\Drivers\resc_dwb.sys
S3 USBSHGX;SHARP GSM GPRS USB Driver 2.1.0;C:\WINDOWS\system32\DRIVERS\usbgx_2.sys
S3 viafilter;VIA USB Filter;C:\WINDOWS\system32\Drivers\viausb1.sys
S3 wanusb;ECI Telecom USB ADSL WAN Modem;C:\WINDOWS\system32\DRIVERS\gwausb.sys

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-11-26 22:00:00 C:\WINDOWS\Tasks\AF9263E490021B9C.job"
- c:\docume~1\anna\applic~1\inside~1\meow 4 view.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-26 23:23:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
EPSON Stylus Photo R300 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"?????E????????????a?w????????????????p????????????????????b?w????p???????????8???????????h??w????p???????z??wp???????????)??|???????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-26 23:24:42
.
--- E O F ---

Répondre à marina

g!rly, le 26 nov 2007 à 23:32:01

Re,

* Relance Vundofix
* Ne clique pas sur "Scan for a vundo"
* Clique droit au milieu de la fenêtre
* Clique sur Add more files ?
* Copie/colle les fichiers ci-dessous ( un par case) :

C:\WINDOWS\system32\jxcbeynb.dll
C:\WINDOWS\system32\efecd.dll
C:\WINDOWS\system32\xxyawvu.dll

* Clique sur Add files
* Ensuite clique sur Close Windows
* Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
* Si l'outils demande un redémarrage, accepte
* Poste le rapport Vundofix

puis vide tes fichiers temporaires avec ceci :

http://www.infos-du-net.com/telecharger/ATF-Cleaner,0301-10869.html

tutoriel :

http://www.infosecu.fr/atf.html

post le rapport vundofix

Le meilleur moyen de faire tourner la tête à une femme, c'est de lui dire qu'elle a un joli profil

Répondre à g!rly

marina, le 26 nov 2007 à 23:50:36

VundoFix V6.6.2

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 21:40:37 26/11/2007

Listing files found while scanning....

C:\windows\system32\__c0017A4.dat
C:\windows\system32\dcefe.bak1
C:\windows\system32\dcefe.bak2
C:\windows\system32\dcefe.ini
C:\windows\system32\divungjf.dll
C:\windows\system32\efecd.dll
C:\windows\system32\guscwddl.dllbox
C:\windows\system32\ipqvurfg.dll
C:\windows\system32\jgfgmnql.dll
C:\windows\system32\lacodmct.dll
C:\WINDOWS\system32\qhrwmgwr.dll
C:\windows\system32\qhrwmgwr.dllbox
C:\windows\system32\swlrokjp.dll

Beginning removal...

Attempting to delete C:\windows\system32\__c0017A4.dat
C:\windows\system32\__c0017A4.dat Has been deleted!

Attempting to delete C:\windows\system32\dcefe.bak1
C:\windows\system32\dcefe.bak1 Has been deleted!

Attempting to delete C:\windows\system32\dcefe.bak2
C:\windows\system32\dcefe.bak2 Has been deleted!

Attempting to delete C:\windows\system32\dcefe.ini
C:\windows\system32\dcefe.ini Has been deleted!

Attempting to delete C:\windows\system32\divungjf.dll
C:\windows\system32\divungjf.dll Has been deleted!

Attempting to delete C:\windows\system32\efecd.dll
C:\windows\system32\efecd.dll Has been deleted!

Attempting to delete C:\windows\system32\guscwddl.dllbox
C:\windows\system32\guscwddl.dllbox Has been deleted!

Attempting to delete C:\windows\system32\ipqvurfg.dll
C:\windows\system32\ipqvurfg.dll Has been deleted!

Attempting to delete C:\windows\system32\jgfgmnql.dll
C:\windows\system32\jgfgmnql.dll Has been deleted!

Attempting to delete C:\windows\system32\lacodmct.dll
C:\windows\system32\lacodmct.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qhrwmgwr.dll
C:\WINDOWS\system32\qhrwmgwr.dll Has been deleted!

Attempting to delete C:\windows\system32\qhrwmgwr.dllbox
C:\windows\system32\qhrwmgwr.dllbox Has been deleted!

Attempting to delete C:\windows\system32\swlrokjp.dll
C:\windows\system32\swlrokjp.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\jxcbeynb.dll
C:\WINDOWS\system32\jxcbeynb.dll Has been deleted!

Performing Repairs to the registry.
Done!

Répondre à marina

g!rly, le 26 nov 2007 à 23:55:48

Re,

tu as posté le meme rapport qu´auparavant

tu dois en avoir un autre?

C:\vundofix.txt
Le meilleur moyen de faire tourner la tête à une femme, c'est de lui dire qu'elle a un joli profil

Répondre à g!rly

marina, le 26 nov 2007 à 23:59:45

Non je n est rien j aie fait la manip que tu ma dit celle dessous et l outils a demander un redemarage et rien d autre que dois je faire ???

* Clique sur Add files
* Ensuite clique sur Close Windows
* Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
* Si l'outils demande un redémarrage, accepte
* Poste le rapport Vundofix

Répondre à marina

g!rly, le 27 nov 2007 à 00:26:35

Re,

repost un combofix stp

Le meilleur moyen de faire tourner la tête à une femme, c'est de lui dire qu'elle a un joli profil

Répondre à g!rly

marina, le 27 nov 2007 à 00:27:04

Pardon je viens de le voire le voici

Beginning removal...

Performing Repairs to the registry.
Done!

1 = parcontre que dois je faire de tous les programme insteller et dossier qui se sont cree je les laisse ou les supprimes

2 = j aie un autre souci j essaye de restaurer la sauvegarde de mon registres et sa me dit impossible car toutes les donnees non pas ete inscrites correctements dans le registres .Certaines cles sont ouvertes par le systemes ou d autres processus .

voila que dois je faire marci d avance

Répondre à marina

g!rly, le 27 nov 2007 à 00:30:13

1 pour le moment ne supprime rien
2 ne tente surtout une restauration du registre car ca reinjecterais les clefs infectés

repost un combofix stp

Le meilleur moyen de faire tourner la tête à une femme, c'est de lui dire qu'elle a un joli profil

Répondre à g!rly

marina, le 27 nov 2007 à 00:34:52

ComboFix 07-11-19.4 - ANNA 2007-11-27 0:28:51.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.237 [GMT 1:00]
Running from: C:\Documents and Settings\ANNA\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-10-26 to 2007-11-26 ))))))))))))))))))))))))))))))))))))
.

2007-11-26 23:29 467,632 --a------ C:\WINDOWS\system32\perfh040.dat
2007-11-26 23:29 74,326 --a------ C:\WINDOWS\system32\perfc040.dat
2007-11-26 21:40 <REP> d-------- C:\VundoFix Backups
2007-11-26 20:39 <REP> d-------- C:\Program Files\Trend Micro
2007-11-26 17:09 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-11-26 17:09 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-11-26 17:09 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-11-26 17:09 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-11-26 17:08 <REP> d-------- C:\Program Files\Spyware Doctor
2007-11-26 13:06 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-26 11:12 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-26 08:10 1,168,955 ---hs---- C:\WINDOWS\system32\yehctblc.ini
2007-11-26 08:07 <REP> d-------- C:\WINDOWS\system32\tnrtmwuk
2007-11-25 00:47 <REP> d-------- C:\WINDOWS\AU_Temp
2007-11-24 14:01 1,352,957 ---hs---- C:\WINDOWS\system32\hnhkavvt.ini
2007-11-24 13:58 81,472 --a------ C:\WINDOWS\system32\ilsqvvyi.dll
2007-11-22 17:22 79,936 --a------ C:\WINDOWS\system32\murnqpsp.dll
2007-11-22 17:18 1,004,368 ---hs---- C:\WINDOWS\system32\pgykbnbu.ini
2007-11-22 17:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-18 18:58 79,424 --a------ C:\WINDOWS\system32\ydsrbxvb.dll
2007-11-18 18:55 737,138 ---hs---- C:\WINDOWS\system32\niojyxbp.ini
2007-11-12 18:21 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2007-11-12 18:21 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-11-12 18:21 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2007-11-12 18:21 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2007-11-12 18:21 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2007-11-12 18:21 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2007-11-12 18:21 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2007-11-12 14:51 582,995 ---hs---- C:\WINDOWS\system32\qkbqbdcs.ini
2007-11-12 14:44 81,472 --a------ C:\WINDOWS\system32\soxeqqrx.dll
2007-11-12 13:54 <REP> d-------- C:\Program Files\Runtime Software
2007-11-12 10:56 1,024 --a------ C:\WINDOWS\system32\drivers\DCF1518D-AE04-44E5-A398-2B2579435BD4.cxv
2007-11-12 10:38 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-11-12 10:22 10,240 --a------ C:\WINDOWS\system32\drivers\63C1D9DE-045B-4F3E-A220-8CAB6453DA8F.cxv
2007-11-12 10:18 <REP> d-------- C:\Program Files\STOPzilla!
2007-11-12 10:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2007-11-12 02:34 2,432 --a------ C:\WINDOWS\system32\unpr.sys
2007-11-12 02:34 353 ---hs---- C:\WINDOWS\system32\xxyxx.ini
2007-11-12 02:29 <REP> d-------- C:\WINDOWS\system32\bfeguufo
2007-11-12 02:29 <REP> d-------- C:\Program Files\rexunuxy
2007-11-12 02:21 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-12 01:39 <REP> d-------- C:\Documents and Settings\ANNA\Application Data\PC Tools
2007-11-10 02:36 <REP> d-------- C:\Program Files\RegCleaner
2007-11-10 02:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-11-10 01:22 <REP> d-------- C:\Documents and Settings\ANNA\Application Data\MSNInstaller
2007-11-10 01:14 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-11-10 01:03 <REP> d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-11-10 00:39 <REP> d-------- C:\Program Files\Windows Live
2007-11-10 00:39 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-11-10 00:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-09 01:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-09 00:32 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2007-11-09 00:32 267,845 --a------ C:\WINDOWS\tsc.exe
2007-11-09 00:32 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-11-09 00:32 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2007-11-09 00:31 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-11-09 00:31 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-11-09 00:31 69,689 --a------ C:\WINDOWS\UNZIP.DLL

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-26 23:21 --------- d-----w C:\Program Files\PestPatrol
2007-11-26 23:20 --------- d-----w C:\Program Files\Wanadoo
2007-11-26 19:31 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-26 16:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-26 16:01 --------- d-----w C:\Program Files\Google
2007-11-26 07:26 --------- d-----w C:\Program Files\Hijackthis Version Française
2007-11-22 15:59 --------- d-----w C:\Documents and Settings\ANNA\Application Data\uTorrent
2007-11-22 15:48 --------- d-----w C:\Program Files\LogProtect
2007-11-12 21:35 --------- d-----w C:\Program Files\eMule
2007-11-12 20:56 --------- d-----w C:\Program Files\a-squared Free
2007-11-12 18:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-12 18:26 --------- d-----w C:\Program Files\Ontrack
2007-11-12 12:54 --------- d-----w C:\Program Files\PowerArchiver
2007-11-12 11:06 --------- d-----w C:\Program Files\Ahead
2007-11-12 11:06 --------- d-----w C:\Documents and Settings\ANNA\Application Data\Ahead
2007-11-12 10:10 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-11-11 23:53 46,080 ----a-w C:\WINDOWS\system32\ftp.exe
2007-11-10 00:55 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-11-10 00:43 --------- d-----w C:\Program Files\MSN Messenger
2007-11-09 23:33 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-08 17:00 --------- d-----w C:\Program Files\Macrogaming
2007-11-08 15:09 --------- d-----w C:\Program Files\Fichiers communs\Sandlot Shared
2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-25 17:05 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-25 16:24 815,480 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-10-25 16:14 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-08 20:52 --------- d-----w C:\Program Files\Wizards of the Coast
2007-09-14 08:37 45,192 ----a-w C:\WINDOWS\system32\MsgPlusLoader.dll
2006-04-19 21:41 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((( snapshot@2007-11-26_23.23.53,98 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-26 16:10:28 61,476 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-11-26 23:25:12 61,476 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-11-26 16:10:28 401,932 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-11-26 23:25:12 401,932 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-11-26 21:06:07 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_534.dat
+ 2007-11-26 23:19:39 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_534.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22b86299-7d7b-42fa-915c-3aa7dd2914ed}]
C:\WINDOWS\system32\jxcbeynb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C45DAA2-2ABF-4D05-A606-D4A85AE2074E}]
C:\WINDOWS\system32\efecd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7690710C-1A33-4D05-B860-1730FE652B77}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B83082CA-29DB-4B4D-BA3A-E2BD0902DA7A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B98B4120-018E-4C17-9496-7705DE0F1216}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Launchpad"="C:\Program Files\ATI Multimedia\main\LaunchPd.exe" [2002-05-02 09:57]
"EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.exe" [2003-09-11 04:00]
"WOOKIT"="C:\Program Files\Wanadoo\Shell.exe" [2004-08-23 13:50]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:54]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-05 21:41]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
"WINSOS VERIFY"="C:\Program Files\Winsos\WINSOS.exe" []
"Ptei"="C:\PROGRA~1\SMANTE~1\attrib.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 17:20]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-23 17:06]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"C-Media Mixer"="Mixer.exe" [2001-12-07 16:24 C:\WINDOWS\Mixer.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-08-14 17:29]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54]
"EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.exe" [2003-09-11 04:00]
"PPMemCheck"="C:\PROGRA~1\PESTPA~1\PPMemCheck.exe" [2003-08-05 09:11]
"PestPatrol Control Center"="C:\Program Files\PESTPA~1\PPControl.exe" [2003-08-05 09:11]
"CookiePatrol"="C:\PROGRA~1\PESTPA~1\CookiePatrol.exe" [2003-08-05 09:11]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 03:10]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-06-09 01:17]

C:\Documents and Settings\ANNA\Menu D‚marrer\Programmes\D‚marrage\
PPControl.lnk - C:\Documents and Settings\ANNA\Application Data\Microsoft\Installer\{FA1B3B7A-98D0-4F54-B555-7711A6E54544}\IconFA1B3B7A.exe [2005-03-23 00:49:53]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-11-13 01:44:38]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\guscwddl]
guscwddl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qhrwmgwr]
qhrwmgwr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyawvu]
xxyawvu.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UWA6PV_0001_N91M2107]
C:\DOCUME~1\ANNA\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\O9GJSB8B\WinAntiVirusPro2006FreeInstall_fr
[1].exe -nag

R0 UNPR;UNPR;C:\WINDOWS\system32\unpr.sys
R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS
R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys
S0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys
S2 CINEMSUP;Software Cinemaster NT4.0 Driver;C:\WINDOWS\system32\DRIVERS\CINEMSUP.SYS
S3 AX88172;ASIX AX88172 USB2 to Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\ax88172.sys
S3 oUltraf;oUltraf;\??\C:\DOCUME~1\ANNA\LOCALS~1\Temp\oUltraf.sys
S3 pgfilter;pgfilter;\??\C:\Program Files\PeerGuardian2\pgfilter.sys
S3 RescueDrv;Inventel Access Point USB Rescue Driver;C:\WINDOWS\system32\Drivers\resc_dwb.sys
S3 USBSHGX;SHARP GSM GPRS USB Driver 2.1.0;C:\WINDOWS\system32\DRIVERS\usbgx_2.sys
S3 viafilter;VIA USB Filter;C:\WINDOWS\system32\Drivers\viausb1.sys
S3 wanusb;ECI Telecom USB ADSL WAN Modem;C:\WINDOWS\system32\DRIVERS\gwausb.sys

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-11-26 23:00:00 C:\WINDOWS\Tasks\AF9263E490021B9C.job"
- c:\docume~1\anna\applic~1\inside~1\meow 4 view.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-27 00:32:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-27 0:33:44
.
--- E O F ---

Répondre à marina

g!rly, le 27 nov 2007 à 00:50:01

Re,

Fix.reg

Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisie nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait-sans les barres(X)) :

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22b86299-7d7b-42fa-915c-3aa7dd2914ed}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C45DAA2-2ABF-4D05-A606-D4A85AE2074E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7690710C-1A33-4D05-B860-1730FE652B77}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B83082CA-29DB-4B4D-BA3A-E2BD0902DA7A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B98B4120-018E-4C17-9496-7705DE0F1216})
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\guscwddl]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qhrwmgwr]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyawvu]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UWA6PV_0001_N91M2107]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

note : regedit4 doit etre sur la premiere ligne dans le bloc note et a la fin il y a une ligne blanche

Puis click sur "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"

ca doit ressembler a ca une fois enrregistré :

http://img520.imageshack.us/img520/4251/screenshot005ps2.png

quitte internet et double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"

Télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-click sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\WINDOWS\system32\jxcbeynb.dll
C:\WINDOWS\system32\efecd.dll
C:\DOCUME~1\ANNA\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\O9GJSB8B\WinAntiVirusPro2006FreeInstall_fr

Click sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
click sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
Ps : il te sera peut-être demander de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
http://img137.imageshack.us/img137/3558/refaitjk8.th.jpg

Télécharge ComboScan sur ton Bureau en bas de cette pae en clickant sur download file

-> http://www.geekstogo.com/forum/index.php?automodule=downloads&showfile=19

Ferme toutes les applications en cours : antivirus, pare-feu, etc ..
Double-clic sur comboscan.exe, dans la fenêtre qui s'affiche, clic sur OK.
Soit patient...
Le rapport Comboscan.txt s'affichera, copie et colle le contenu de ce fichier ici.

Le rapport peut-être long et en deux morceaux vérifie qu'il soit en entier.

post le rapport de otmove it et de comboscan

ps si tu ne comprends pas la manip avec "fix.reg" demande avant de commencer

@+
Le meilleur moyen de faire tourner la tête à une femme, c'est de lui dire qu'elle a un joli profil

Répondre à g!rly

marina, le 27 nov 2007 à 01:20:53

Voici le rapport

Deckard's System Scanner v20071014.68
Run by ANNA on 2007-11-27 01:13:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
48: 2007-11-27 00:13:25 UTC - RP1220 - Deckard's System Scanner Restore Point
47: 2007-11-26 22:19:58 UTC - RP1219 - ComboFix created restore point
46: 2007-11-26 19:06:22 UTC - RP1218 - Spyware Doctor: Cleaning Threats
45: 2007-11-26 16:36:39 UTC - RP1217 - Spyware Doctor: Cleaning Threats
44: 2007-11-26 16:14:02 UTC - RP1216 - Spyware Doctor: Cleaning Threats

-- First Restore Point --
1: 2007-11-08 23:14:54 UTC - RP1173 - Point de vérification système

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as ANNA.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:15, on 27/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\Program Files\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Multimedia\main\LaunchPd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\ANNA\Bureau\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ANNA.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: {de4192dd-7aa3-c519-af24-b7d799268b22} - {22b86299-7d7b-42fa-915c-3aa7dd2914ed} - C:\WINDOWS\system32\jxcbeynb.dll (file missing)
O2 - BHO: (no name) - {2C45DAA2-2ABF-4D05-A606-D4A85AE2074E} - C:\WINDOWS\system32\efecd.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7690710C-1A33-4D05-B860-1730FE652B77} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {B83082CA-29DB-4B4D-BA3A-E2BD0902DA7A} - (no file)
O2 - BHO: (no name) - {B98B4120-018E-4C17-9496-7705DE0F1216} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [Ptei] "C:\PROGRA~1\SMANTE~1\attrib.exe" -vt yazb
O4 - Startup: PPControl.lnk = ?
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A46CB52-CFA0-4E78-A181-948D5E361BE3} (EpsonObj Class) - http://esupport.epson-europe.com/ePC/activex/EpsonSetup.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4EFE4BE8-8771-4649-B3EF-D97374C8D2C2} (KeybHunterWebInterface Class) - https://particuliers.secure.lcl.fr/v_1.0/img/akl/FormProtect.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://gamekult.metaboli.fr/components/Metaboli.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
End of file - 11184 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R0 UNPR - c:\windows\system32\unpr.sys
R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 VIAPFD - c:\windows\system32\drivers\viapfd.sys <Not Verified; VIA Technologies. Inc.; VIA PFD driver>

S0 ElbyVCD - c:\windows\system32\drivers\elbyvcd.sys (file missing)
S2 CINEMSUP (Software Cinemaster NT4.0 Driver) - c:\windows\system32\drivers\cinemsup.sys (file missing)
S3 AX88172 (ASIX AX88172 USB2 to Fast Ethernet Adapter) - c:\windows\system32\drivers\ax88172.sys <Not Verified; ASIX Electronics Corp.; ASIX AX88172 USB2 to Fast Ethernet Adapter>
S3 catchme - c:\docume~1\anna\locals~1\temp\catchme.sys (file missing)
S3 CO_Mon - c:\windows\system32\drivers\co_mon.sys
S3 oUltraf - c:\docume~1\anna\locals~1\temp\oultraf.sys (file missing)
S3 PCAMPR5 (PCAMPR5 NDIS Protocol Driver) - c:\windows\system32\pcampr5.sys (file missing)
S3 PCANDIS5 (PCANDIS5 NDIS Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 pgfilter - c:\program files\peerguardian2\pgfilter.sys (file missing)
S3 RescueDrv (Inventel Access Point USB Rescue Driver) - c:\windows\system32\drivers\resc_dwb.sys <Not Verified; Inventel; Your Product Name>
S3 USBSHGX (SHARP GSM GPRS USB Driver 2.1.0) - c:\windows\system32\drivers\usbgx_2.sys <Not Verified; SHARP; GX series>
S3 wanusb (ECI Telecom USB ADSL WAN Modem) - c:\windows\system32\drivers\gwausb.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 FTRTSVC (France Telecom Routing Table Service) - c:\windows\system32\ftrtsvc.exe <Not Verified; France Telecom; FTRTSVC NT Service>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2007-11-27 01:00:00 254 --ah----- C:\WINDOWS\Tasks\AF9263E490021B9C.job

-- Files created between 2007-10-27 and 2007-11-27 -----------------------------

2007-11-26 23:29:33 467632 --a------ C:\WINDOWS\system32\perfh040.dat
2007-11-26 23:29:33 74326 --a------ C:\WINDOWS\system32\perfc040.dat
2007-11-26 21:40:37 0 d-------- C:\VundoFix Backups
2007-11-26 20:39:09 0 d-------- C:\Program Files\Trend Micro
2007-11-26 17:08:44 0 d-------- C:\Program Files\Spyware Doctor
2007-11-26 12:23:55 0 dr-h----- C:\Documents and Settings\ANNA\Recent
2007-11-26 11:12:09 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-26 08:07:50 0 d-------- C:\WINDOWS\system32\tnrtmwuk
2007-11-25 00:47:11 0 d-------- C:\WINDOWS\AU_Temp
2007-11-24 13:58:47 81472 --a------ C:\WINDOWS\system32\ilsqvvyi.dll
2007-11-22 17:22:23 79936 --a------ C:\WINDOWS\system32\murnqpsp.dll
2007-11-22 17:08:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-18 23:50:53 8650752 --a------ C:\Documents and Settings\ANNA\ntuser.dat
2007-11-18 18:58:44 79424 --a------ C:\WINDOWS\system32\ydsrbxvb.dll
2007-11-12 18:21:07 0 d-------- C:\Documents and Settings\Administrateur\Favoris
2007-11-12 18:21:07 0 d--hs---- C:\Documents and Settings\Administrateur\Cookies
2007-11-12 18:21:07 0 d-------- C:\Documents and Settings\Administrateur\Bureau
2007-11-12 18:21:07 0 dr-h----- C:\Documents and Settings\Administrateur\Application Data
2007-11-12 18:21:07 0 d---s---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
2007-11-12 18:21:06 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2007-11-12 18:21:06 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-11-12 18:21:06 0 dr-h----- C:\Documents and Settings\Administrateur\SendTo
2007-11-12 18:21:06 0 d--h----- C:\Documents and Settings\Administrateur\Recent
2007-11-12 18:21:06 786432 --ah----- C:\Documents and Settings\Administrateur\ntuser.dat
2007-11-12 18:21:06 0 d--h----- C:\Documents and Settings\Administrateur\Modèles
2007-11-12 18:21:06 0 d-------- C:\Documents and Settings\Administrateur\Mes documents
2007-11-12 18:21:06 0 dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2007-11-12 18:21:06 0 d--h----- C:\Documents and Settings\Administrateur\Local Settings
2007-11-12 14:44:57 81472 --a------ C:\WINDOWS\system32\soxeqqrx.dll
2007-11-12 13:54:51 0 d-------- C:\Program Files\Runtime Software
2007-11-12 10:38:48 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2007-11-12 10:18:40 0 d-------- C:\Program Files\STOPzilla!
2007-11-12 10:18:36 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2007-11-12 02:34:39 2432 --a------ C:\WINDOWS\system32\unpr.sys
2007-11-12 02:29:40 0 d-------- C:\WINDOWS\system32\bfeguufo
2007-11-12 02:29:30 0 d-------- C:\Program Files\rexunuxy
2007-11-12 01:39:57 0 d-------- C:\Documents and Settings\ANNA\Application Data\PC Tools
2007-11-10 02:36:35 0 d-------- C:\Program Files\RegCleaner
2007-11-10 02:06:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-11-10 01:22:41 0 d-------- C:\Documents and Settings\ANNA\Application Data\MSNInstaller
2007-11-10 01:14:29 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-11-10 01:03:48 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-11-10 00:39:38 0 d--hs--c- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-11-10 00:39:30 0 d-------- C:\Program Files\Windows Live
2007-11-10 00:39:16 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-09 01:08:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-09 00:32:46 267845 --a------ C:\WINDOWS\tsc.exe <Not Verified; Trend Micro Inc.; TrendSystemCleaner>
2007-11-09 00:32:46 71749 --a------ C:\WINDOWS\hcextoutput.dll
2007-11-09 00:32:45 1163344 --a------ C:\WINDOWS\vsapi32.dll <Not Verified; Trend Micro Inc.; VSAPI>
2007-11-09 00:32:45 86094 --a------ C:\WINDOWS\BPMNT.dll <Not Verified; Trend Micro Inc.; VSAPI>
2007-11-09 00:31:28 69689 --a------ C:\WINDOWS\UNZIP.DLL <Not Verified; Trend Micro Inc.; Trend Active Update 1.32>
2007-11-09 00:31:28 507904 --a------ C:\WINDOWS\TMUPDATE.DLL <Not Verified; Trend Micro Inc.; ActiveUpdate Module>
2007-11-09 00:31:27 286720 --a------ C:\WINDOWS\PATCH.EXE <Not Verified; Trend Micro Inc.; ActiveUpdate Module>

-- Find3M Report ---------------------------------------------------------------

2007-11-27 01:07:37 0 d-------- C:\Program Files\PestPatrol
2007-11-27 00:51:14 0 d-------- C:\Program Files\Wanadoo
2007-11-26 17:10:28 467632 --a------ C:\WINDOWS\system32\perfh00C.dat
2007-11-26 17:10:28 74326 --a------ C:\WINDOWS\system32\perfc00C.dat
2007-11-26 17:01:24 0 d-------- C:\Program Files\Google
2007-11-26 08:26:54 0 d-------- C:\Program Files\Hijackthis Version Française
2007-11-25 02:21:44 0 d-------- C:\Program Files\Fichiers communs
2007-11-22 16:59:58 0 d-------- C:\Documents and Settings\ANNA\Application Data\uTorrent
2007-11-22 16:48:09 0 d-------- C:\Program Files\Messenger
2007-11-22 16:48:08 0 d-------- C:\Program Files\LogProtect
2007-11-12 22:35:22 0 d-------- C:\Program Files\eMule
2007-11-12 21:56:12 0 d-------- C:\Program Files\a-squared Free
2007-11-12 19:26:53 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-12 19:26:48 0 d-------- C:\Program Files\Ontrack
2007-11-12 13:54:24 0 d-------- C:\Program Files\PowerArchiver
2007-11-12 12:06:37 0 d-------- C:\Program Files\Ahead
2007-11-12 12:06:33 0 d-------- C:\Documents and Settings\ANNA\Application Data\Ahead
2007-11-12 11:10:28 0 d-------- C:\Program Files\Fichiers communs\Ahead
2007-11-12 00:53:10 46080 --a------ C:\WINDOWS\system32\ftp.exe
2007-11-10 01:55:23 0 d-------- C:\Program Files\Messenger Plus! Live
2007-11-10 01:43:48 0 d-------- C:\Program Files\MSN Messenger
2007-11-10 00:33:31 0 d-------- C:\Program Files\Windows Live Toolbar
2007-11-08 18:00:46 0 d-------- C:\Program Files\Macrogaming
2007-11-08 16:09:02 0 d-------- C:\Program Files\Fichiers communs\Sandlot Shared
2007-10-08 21:52:22 0 d-------- C:\Program Files\Wizards of the Coast

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22b86299-7d7b-42fa-915c-3aa7dd2914ed}]
C:\WINDOWS\system32\jxcbeynb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C45DAA2-2ABF-4D05-A606-D4A85AE2074E}]
C:\WINDOWS\system32\efecd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7690710C-1A33-4D05-B860-1730FE652B77}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B83082CA-29DB-4B4D-BA3A-E2BD0902DA7A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B98B4120-018E-4C17-9496-7705DE0F1216}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [25/10/2007 17:20]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 11:50]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [23/03/2006 17:06]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [02/11/2004 20:24]
"C-Media Mixer"="Mixer.exe" [07/12/2001 16:24 C:\WINDOWS\Mixer.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [14/08/2002 17:29]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [10/12/2002 17:54]
"EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.exe" [11/09/2003 04:00]
"PPMemCheck"="C:\PROGRA~1\PESTPA~1\PPMemCheck.exe" [05/08/2003 09:11]
"PestPatrol Control Center"="C:\Program Files\PESTPA~1\PPControl.exe" [05/08/2003 09:11]
"CookiePatrol"="C:\PROGRA~1\PESTPA~1\CookiePatrol.exe" [05/08/2003 09:11]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [23/08/2004 13:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [14/10/2004 15:55]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [12/10/2006 03:10]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [09/06/2006 01:17]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Launchpad"="C:\Program Files\ATI Multimedia\main\LaunchPd.exe" [02/05/2002 09:57]
"EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.exe" [11/09/2003 04:00]
"WOOKIT"="C:\Program Files\Wanadoo\Shell.exe" [23/08/2004 13:50]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [03/08/2004 23:54]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/07/2007 21:41]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]
"WINSOS VERIFY"="C:\Program Files\Winsos\WINSOS.exe" []
"Ptei"="C:\PROGRA~1\SMANTE~1\attrib.exe" []

C:\Documents and Settings\ANNA\Menu D‚marrer\Programmes\D‚marrage\
PPControl.lnk - C:\Documents and Settings\ANNA\Application Data\Microsoft\Installer\{FA1B3B7A-98D0-4F54-B555-7711A6E54544}\IconFA1B3B7A.exe [23/03/2005 00:49:53]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [13/11/2007 01:44:38]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

-- End of Deckard's System Scanner: finished at 2007-11-27 01:16:26 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professionnel (build 2600) SP 2.0
Architecture: X86; Language: French

CPU 0: AMD Athlon(TM) XP2000+
Percentage of Memory in Use: 54%
Physical Memory (total/avail): 511.47 MiB / 234.39 MiB
Pagefile Memory (total/avail): 1249.3 MiB / 959.23 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1938.58 MiB

A: is Removable (Unformatted)
C: is Fixed (NTFS) - 74.52 GiB total, 20.6 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD800BB-00CAA1 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Système de fichiers installable - 74.52 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

AV: avast! antivirus 4.7.1074 [VPS 071125-0] v4.7.1074 (ALWIL Software) [COLOR=RED]Disabled[/COLOR]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\ANNA\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=UNICORNI-47B451
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\ANNA
LOGONSERVER=\\UNICORNI-47B451
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 6 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0602
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ANNA\LOCALS~1\Temp
TMP=C:\DOCUME~1\ANNA\LOCALS~1\Temp
USERDOMAIN=UNICORNI-47B451
USERNAME=ANNA
USERPROFILE=C:\Documents and Settings\ANNA
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

ANNA [I](admin)[/I]
Administrateur [I](new local, admin)[/I]

-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7 Wonders of the Ancient World --> "C:\Program Files\Wanadoo Jeux\7 Wonders of the Ancient World\Uninstall.exe" "C:\Program Files\Wanadoo Jeux\7 Wonders of the Ancient World\install.log"
a-squared Free 2.0 --> "C:\Program Files\a-squared Free\unins000.exe"
Ad-aware 6 Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Ahead Nero Burning ROM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Alice Greenfingers --> "C:\Program Files\orange\jeux\Alice Greenfingers\Uninstall.exe" "C:\Program Files\orange\jeux\Alice Greenfingers\install.log"
AntiSpy --> MsiExec.exe /I{6EB67994-2627-11D6-8CEC-00304F10A79B}
Apprendre à jouer à Magic --> MsiExec.exe /X{0AA3AF26-2FA7-4719-9A97-664CD6D332F6}
Assistant de connexion Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
ATI Control Panel --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI DVD Decoder --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BE29663C-9BA7-4D7B-B779-91B5D16BECC2}
ATI Multimedia Center 7.8.0.0 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{844C6FC3-852E-11D6-8D60-00105A22D3D2}\setup.exe"
µTorrent --> "C:\Program Files\uTorrent\uninstall.exe"
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
Barbie(tm) Agent Secret --> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Barbie(tm)\Barbie(tm) Agent Secret\DeIsL1.isu"
Belarc Advisor 7.0 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Believe in Santa --> "C:\Program Files\Gamenext\Believe in Santa\Uninstall.exe" "C:\Program Files\Gamenext\Believe in Santa\install.log"
Belles Beauty Boutique --> "C:\Program Files\Gamenext\Belles Beauty Boutique\Uninstall.exe" "C:\Program Files\Gamenext\Belles Beauty Boutique\install.log"
Bettys Beer Bar --> "C:\Program Files\orange\jeux\Bettys Beer Bar\Uninstall.exe" "C:\Program Files\orange\jeux\Bettys Beer Bar\install.log"
BitTornado 0.3.9 --> C:\Program Files\BitTornado\uninst.exe
Cake Mania --> "C:\Program Files\Gamenext\Cake Mania\Uninstall.exe" "C:\Program Files\Gamenext\Cake Mania\install.log"
Capturino V1.3 --> C:\Program Files\Capturino V1.3\Uninstal.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP Pro 3 --> MsiExec.exe /I{896D642C-7125-44F0-AC49-A23ABF82209C}
Chicken Attack --> "C:\Program Files\orange\jeux\Chicken Attack\Uninstall.exe" "C:\Program Files\orange\jeux\Chicken Attack\install.log"
Coffee Tycoon --> "C:\Program Files\orange\jeux\Coffee Tycoon\Uninstall.exe" "C:\Program Files\orange\jeux\Coffee Tycoon\install.log"
Compresor WinRAR --> C:\Program Files\WinRAR\uninstall.exe
DeepBurner v1.7.1.213 --> "C:\Program Files\Astonsoft\DeepBurner\Uninstall.exe" "C:\Program Files\Astonsoft\DeepBurner\install.log"
Delicious winter edition Deluxe --> "C:\Program Files\Zylom Games\Delicious winter edition Deluxe\GameInstaller.exe" --uninstall UnInstall.log
Diner Dash --> "C:\Program Files\orange\jeux\Diner Dash\Uninstall.exe" "C:\Program Files\orange\jeux\Diner Dash\install.log"
Diner Dash 2 --> "C:\Program Files\Gamenext\Diner Dash 2\Uninstall.exe" "C:\Program Files\Gamenext\Diner Dash 2\install.log"
Diner Dash Flo on the Go --> "C:\Program Files\orange\jeux\Diner Dash Flo on the Go\Uninstall.exe" "C:\Program Files\orange\jeux\Diner Dash Flo on the Go\install.log"
Dora l'exploratrice : Les animaux de la jungle --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF9FA161-78F2-11D8-95ED-000476379056}\setup.exe" -l0x40c -uninst
Droppix Recorder 1.1.1 --> "C:\Program Files\Droppix\Droppix Recorder\unins000.exe"
DVDx 2.0 --> "C:\Program Files\DVDx\unins000.exe"
EasyCleaner --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9
eMule --> "C:\Program Files\eMule\Uninstall.exe"
EPSON CardMonitor --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\Setup.exe" -l0x40c uninst
EPSON Logiciel imprimante --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
EPSON PhotoQuicker3.5 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65F5B7AF-3363-11D7-BB6B-00018021113F}\SETUP.EXE" -l0x40c uninst
EPSON PhotoStarter3.1 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C48817E7-AA05-4151-A99D-1E1E550CE801}\SETUP.EXE" -l0x40c uninst
EPSON Print CD --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\SETUP.EXE" -l0x40c -SYSTEM
EPSON PRINT Image Framer Tool2.1 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23B59ED4-C360-11D7-875B-0090CC005647}\SETUP.EXE" -l0x40c anything
ESPR300 Guide de référence --> C:\Program Files\EPSON\ESPR300\REF_G\DOCUNINS.EXE
ESPR300 Guide des logiciels --> C:\Program Files\EPSON\ESPR300\PQU_G\DOCUNINS.EXE
ESPR300 Guide du mode autonome --> C:\Program Files\EPSON\ESPR300\STA_G\DOCUNINS.EXE
EVEREST Home Edition v2.20 --> "C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Fish Tycoon --> "C:\Program Files\orange\jeux\Fish Tycoon\Uninstall.exe" "C:\Program Files\orange\jeux\Fish Tycoon\install.log"
FixMessenger --> C:\Program Files\FixMessenger\uninstall.exe
Flower Shop - Big City Break --> "C:\Program Files\orange\jeux\Flower Shop - Big City Break\Uninstall.exe" "C:\Program Files\orange\jeux\Flower Shop - Big City Break\install.log"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
Granny In Paradise --> "C:\Program Files\orange\jeux\Granny In Paradise\Uninstall.exe" "C:\Program Files\orange\jeux\Granny In Paradise\install.log"
GX25 USB-Handset Manager --> C:\WINDOWS\USBGX25phmgunin.exe C:\Program Files\GX25 USB-Handset Manager\FileList.ini
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hijackthis Version Française --> "C:\Program Files\Hijackthis Version Française\unins000.exe"
Hitman - tueur à gages --> "C:\Program Files\Eidos Interactive\IO Interactive\Hitman - tueur à gages\uninstall.exe" C:\WINDOWS\ISUN040C.EXE -y -f"C:\Program Files\Eidos Interactive\IO Interactive\Hitman - tueur à gages\uninstall.isu"
HydraVision --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL
InterCasino France --> C:\WINDOWS\system32\UnCasinoV5_FRA.exe InterCasinoV8FRA
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Language pack for Ad-Aware SE --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\INSTALL.LOG
Les Sims 2 --> C:\Program Files\EA GAMES\Les Sims 2\EAUninstall.exe
Les Sims Deluxe --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10798AE3-DCBB-43C3-9C93-C23512427E25}\setup.exe" -l040c
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft DirectX Transform optional components --> RUNDLL32.EXE ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\DXTXTRA.INF,UNINSTALL.NT,12
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB914882) --> "C:\WINDOWS\$NtUninstallKB914882$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
MSN Messenger 7.0 --> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600813}
MSN Messenger 7.5 --> MsiExec.exe /I{BAFD3C1E-03EC-11DA-BFBD-00065BBDC0B5}
Mystery Case Files - Huntsville --> "C:\Program Files\orange\jeux\Mystery Case Files - Huntsville\Uninstall.exe" "C:\Program Files\orange\jeux\Mystery Case Files - Huntsville\install.log"
Mystery Case Files - Prime Suspects --> "C:\Program Files\orange\jeux\Mystery Case Files - Prime Suspects\Uninstall.exe" "C:\Program Files\orange\jeux\Mystery Case Files - Prime Suspects\install.log"
Mystic Inn --> "C:\Program Files\orange\jeux\Mystic Inn\Uninstall.exe" "C:\Program Files\orange\jeux\Mystic Inn\install.log"
Nanny Mania --> "C:\Program Files\orange\jeux\Nanny Mania\Uninstall.exe" "C:\Program Files\orange\jeux\Nanny Mania\install.log"
oggcodecs --> MsiExec.exe /I{EDCBAB86-104A-4A03-B7D6-DFD783573933}
Outil de connexion Wanadoo --> C:\PROGRA~1\Wanadoo\MessageDesinstallation.exe Wanadoo
Outil de mise à jour Google --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
PCI Audio Applications --> C:\Program Files\PCI Audio Applications\Bin\Uninstall.exe
PCI Audio Driver --> cmuninst.exe
Perles de rocaille 1.06 --> "C:\Program Files\Perles de rocaille\uninstall.exe"
PestPatrol --> MsiExec.exe /I{FA1B3B7A-98D0-4F54-B555-7711A6E54544}
PhotoFiltre --> "C:\les enfants\PhotoFiltre\Uninst.exe"
PIF DESIGNER2.1 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23B59B9F-C360-11D7-875B-0090CC005647}\SETUP.EXE" -l0x40c anything
PowerArchiver 2006 v9.63 --> "C:\Program Files\PowerArchiver\unins000.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
Registry Mechanic 6.0 --> "C:\Program Files\Registry Mechanic\unins000.exe"
Roller Rush --> "C:\Program Files\orange\jeux\Roller Rush\Uninstall.exe" "C:\Program Files\orange\jeux\Roller Rush\install.log"
Sandlot Games Client Services --> "C:\Program Files\Fichiers communs\Sandlot Shared\unins000.exe"
Santa Claus in Trouble --> C:\PROGRA~1\SANTAC~1\UNINST~1\UNWISE.EXE C:\PROGRA~1\SANTAC~1\UNINST~1\INSTALL.LOG
Satsuki Decoder Pack --> C:\Program Files\Satsuki Decoder Pack\Uninstall.exe
ScanToWeb --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\SETUP.EXE" ADDREMOVEDLG
SHARP GSM GPRS USB Driver Ver2.1.0 --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{3D4B89AC-B4B3-47D4-8CEE-85390508F3D6} /l1036
Snowy Fish Frenzy --> "C:\Program Files\orange\jeux\Snowy Fish Frenzy\Uninstall.exe" "C:\Program Files\orange\jeux\Snowy Fish Frenzy\install.log"
Snowy Lunch Rush --> "C:\Program Files\orange\jeux\Snowy Lunch Rush\Uninstall.exe" "C:\Program Files\orange\jeux\Snowy Lunch Rush\install.log"
SpeedFan (remove only) --> "C:\Program Files\SpeedFan\uninstall.exe"
SpongeBob Diner Dash --> "C:\Program Files\Gamenext\SpongeBob Diner Dash\Uninstall.exe" "C:\Program Files\Gamenext\SpongeBob Diner Dash\install.log"
Spyware Doctor 5.1 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
Teddy Factory --> "C:\Program Files\orange\jeux\Teddy Factory\Uninstall.exe" "C:\Program Files\orange\jeux\Teddy Factory\install.log"
Tennis Titans --> "C:\Program Files\Wanadoo Jeux\Tennis Titans\Uninstall.exe" "C:\Program Files\Wanadoo Jeux\Tennis Titans\install.log"
Tinos Fruit Stand --> "C:\Program Files\orange\jeux\Tinos Fruit Stand\Uninstall.exe" "C:\Program Files\orange\jeux\Tinos Fruit Stand\install.log"
Tom Clancy's Splinter Cell --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A174402A-2EE6-4B86-A930-7BC85A9933BD}\setup.exe" -l0x40c
VideoLAN VLC media player 0.8.4a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtual Villagers --> "C:\Program Files\Gamenext\Virtual Villagers\Uninstall.exe" "C:\Program Files\Gamenext\Virtual Villagers\install.log"
VirtualDub 1.6.4 Fr --> C:\Program Files\VirtualDub\UnInstall_VirtualDub.exe
Wanadoo Messager --> C:\PROGRA~1\WANADO~1\UNWISE.EXE C:\PROGRA~1\WANADO~1\INSTALL.LOG
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger --> MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
X-OOM Movies On PSP désinstaller --> C:\Program Files\X-OOM\Movies On PSP\uninstall.exe

-- Application Event Log -------------------------------------------------------

Event Record #/Type4394 / Success
Event Submitted/Written: 11/27/2007 00:52:00 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type4385 / Success
Event Submitted/Written: 11/27/2007 00:21:24 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type4372 / Success
Event Submitted/Written: 11/26/2007 11:40:10 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type4363 / Success
Event Submitted/Written: 11/26/2007 10:08:16 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type4356 / Error
Event Submitted/Written: 11/26/2007 05:19:09 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Application bloquée TeaTimer.exe, version 1.4.0.2, module bloqué hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type17831 / Error
Event Submitted/Written: 11/27/2007 00:50:57 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger :
sptd

Event Record #/Type17830 / Error
Event Submitted/Written: 11/27/2007 00:50:56 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Le service Software Cinemaster NT4.0 Driver n'a pas pu démarrer en raison de l'erreur :
%%2

Event Record #/Type17801 / Error
Event Submitted/Written: 11/27/2007 00:21:06 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger :
sptd

Event Record #/Type17800 / Error
Event Submitted/Written: 11/27/2007 00:21:06 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Le service Software Cinemaster NT4.0 Driver n'a pas pu démarrer en raison de l'erreur :
%%2

Event Record #/Type17767 / Error
Event Submitted/Written: 11/26/2007 11:39:52 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger :
sptd

-- End of Deckard's System Scanner: finished at 2007-11-27 01:16:26 ------------

Répondre à marina

marina, le 27 nov 2007 à 01:26:10

Deckard's System Scanner v20071014.68
Run by ANNA on 2007-11-27 01:23:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as ANNA.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:23, on 27/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\Program Files\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Multimedia\main\LaunchPd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\ANNA\Bureau\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ANNA.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: {de4192dd-7aa3-c519-af24-b7d799268b22} - {22b86299-7d7b-42fa-915c-3aa7dd2914ed} - C:\WINDOWS\system32\jxcbeynb.dll (file missing)
O2 - BHO: (no name) - {2C45DAA2-2ABF-4D05-A606-D4A85AE2074E} - C:\WINDOWS\system32\efecd.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7690710C-1A33-4D05-B860-1730FE652B77} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {B83082CA-29DB-4B4D-BA3A-E2BD0902DA7A} - (no file)
O2 - BHO: (no name) - {B98B4120-018E-4C17-9496-7705DE0F1216} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /M "Stylus Photo R300" /EF "HKCU"
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [Ptei] "C:\PROGRA~1\SMANTE~1\attrib.exe" -vt yazb
O4 - Startup: PPControl.lnk = ?
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A46CB52-CFA0-4E78-A181-948D5E361BE3} (EpsonObj Class) - http://esupport.epson-europe.com/ePC/activex/EpsonSetup.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4EFE4BE8-8771-4649-B3EF-D97374C8D2C2} (KeybHunterWebInterface Class) - https://particuliers.secure.lcl.fr/v_1.0/img/akl/FormProtect.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://gamekult.metaboli.fr/components/Metaboli.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
End of file - 11184 bytes

-- Files created between 2007-10-27 and 2007-11-27 -----------------------------

2007-11-26 23:29:33 467632 --a------ C:\WINDOWS\system32\perfh040.dat
2007-11-26 23:29:33 74326 --a------ C:\WINDOWS\system32\perfc040.dat
2007-11-26 21:40:37 0 d-------- C:\VundoFix Backups
2007-11-26 20:39:09 0 d-------- C:\Program Files\Trend Micro
2007-11-26 17:08:44 0 d-------- C:\Program Files\Spyware Doctor
2007-11-26 12:23:55 0 dr-h----- C:\Documents and Settings\ANNA\Recent
2007-11-26 11:12:09 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-26 08:07:50 0 d-------- C:\WINDOWS\system32\tnrtmwuk
2007-11-25 00:47:11 0 d-------- C:\WINDOWS\AU_Temp
2007-11-24 13:58:47 81472 --a------ C:\WINDOWS\system32\ilsqvvyi.dll
2007-11-22 17:22:23 79936 --a------ C:\WINDOWS\system32\murnqpsp.dll
2007-11-22 17:08:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-18 23:50:53 8650752 --a------ C:\Documents and Settings\ANNA\ntuser.dat
2007-11-18 18:58:44 79424 --a------ C:\WINDOWS\system32\ydsrbxvb.dll
2007-11-12 18:21:07 0 d-------- C:\Documents and Settings\Administrateur\Favoris
2007-11-12 18:21:07 0 d--hs---- C:\Documents and Settings\Administrateur\Cookies
2007-11-12 18:21:07 0 d-------- C:\Documents and Settings\Administrateur\Bureau
2007-11-12 18:21:07 0 dr-h----- C:\Documents and Settings\Administrateur\Application Data
2007-11-12 18:21:07 0 d---s---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
2007-11-12 18:21:06 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2007-11-12 18:21:06 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-11-12 18:21:06 0 dr-h----- C:\Documents and Settings\Administrateur\SendTo
2007-11-12 18:21:06 0 d--h----- C:\Documents and Settings\Administrateur\Recent
2007-11-12 18:21:06 786432 --ah----- C:\Documents and Settings\Administrateur\ntuser.dat
2007-11-12 18:21:06 0 d--h----- C:\Documents and Settings\Administrateur\Modèles
2007-11-12 18:21:06 0 d-------- C:\Documents and Settings\Administrateur\Mes documents
2007-11-12 18:21:06 0 dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2007-11-12 18:21:06 0 d--h----- C:\Documents and Settings\Administrateur\Local Settings
2007-11-12 14:44:57 81472 --a------ C:\WINDOWS\system32\soxeqqrx.dll
2007-11-12 13:54:51 0 d-------- C:\Program Files\Runtime Software
2007-11-12 10:38:48 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2007-11-12 10:18:40 0 d-------- C:\Program Files\STOPzilla!
2007-11-12 10:18:36 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2007-11-12 02:34:39 2432 --a------ C:\WINDOWS\system32\unpr.sys
2007-11-12 02:29:40 0 d-------- C:\WINDOWS\system32\bfeguufo
2007-11-12 02:29:30 0 d-------- C:\Program Files\rexunuxy
2007-11-12 01:39:57 0 d-------- C:\Documents and Settings\ANNA\Application Data\PC Tools
2007-11-10 02:36:35 0 d-------- C:\Program Files\RegCleaner
2007-11-10 02:06:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-11-10 01:22:41 0 d-------- C:\Documents and Settings\ANNA\Application Data\MSNInstaller
2007-11-10 01:14:29 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-11-10 01:03:48 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-11-10 00:39:38 0 d--hs--c- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-11-10 00:39:30 0 d-------- C:\Program Files\Windows Live
2007-11-10 00:39:16 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-09 01:08:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-11-09 00:32:46 267845 --a------ C:\WINDOWS\tsc.exe <Not Verified; Trend Micro Inc.; TrendSystemCleaner>
2007-11-09 00:32:46 71749 --a------ C:\WINDOWS\hcextoutput.dll
2007-11-09 00:32:45 1163344 --a------ C:\WINDOWS\vsapi32.dll <Not Verified; Trend Micro Inc.; VSAPI>
2007-11-09 00:32:45 86094 --a------ C:\WINDOWS\BPMNT.dll <Not Verified; Trend Micro Inc.; VSAPI>
2007-11-09 00:31:28 69689 --a------ C:\WINDOWS\UNZIP.DLL <Not Verified; Trend Micro Inc.; Trend Active Update 1.32>
2007-11-09 00:31:28 507904 --a------ C:\WINDOWS\TMUPDATE.DLL <Not Verified; Trend Micro Inc.; ActiveUpdate Module>
2007-11-09 00:31:27 286720 --a------ C:\WINDOWS\PATCH.EXE <Not Verified; Trend Micro Inc.; ActiveUpdate Module>

-- Find3M Report ---------------------------------------------------------------

2007-11-27 01:21:09 0 d-------- C:\Program Files\PestPatrol
2007-11-27 00:51:14 0 d-------- C:\Program Files\Wanadoo
2007-11-26 17:10:28 467632 --a------ C:\WINDOWS\system32\perfh00C.dat
2007-11-26 17:10:28 74326 --a------ C:\WINDOWS\system32\perfc00C.dat
2007-11-26 17:01:24 0 d-------- C:\Program Files\Google
2007-11-26 08:26:54 0 d-------- C:\Program Files\Hijackthis Version Française
2007-11-25 02:21:44 0 d-------- C:\Program Files\Fichiers communs
2007-11-22 16:59:58 0 d-------- C:\Documents and Settings\ANNA\Application Data\uTorrent
2007-11-22 16:48:09 0 d-------- C:\Program Files\Messenger
2007-11-22 16:48:08 0 d-------- C:\Program Files\LogProtect
2007-11-12 22:35:22 0 d-------- C:\Program Files\eMule
2007-11-12 21:56:12 0 d-------- C:\Program Files\a-squared Free
2007-11-12 19:26:53 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-12 19:26:48 0 d-------- C:\Program Files\Ontrack
2007-11-12 13:54:24 0 d-------- C:\Program Files\PowerArchiver
2007-11-12 12:06:37 0 d-------- C:\Program Files\Ahead
2007-11-12 12:06:33 0 d-------- C:\Documents and Settings\ANNA\Application Data\Ahead
2007-11-12 11:10:28 0 d-------- C:\Program Files\Fichiers communs\Ahead
2007-11-12 00:53:10 46080 --a------ C:\WINDOWS\system32\ftp.exe
2007-11-10 01:55:23 0 d-------- C:\Program Files\Messenger Plus! Live
2007-11-10 01:43:48 0 d-------- C:\Program Files\MSN Messenger
2007-11-10 00:33:31 0 d-------- C:\Program Files\Windows Live Toolbar
2007-11-08 18:00:46 0 d-------- C:\Program Files\Macrogaming
2007-11-08 16:09:02 0 d-------- C:\Program Files\Fichiers communs\Sandlot Shared
2007-10-08 21:52:22 0 d-------- C:\Program Files\Wizards of the Coast

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22b86299-7d7b-42fa-915c-3aa7dd2914ed}]
C:\WINDOWS\system32\jxcbeynb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C45DAA2-2ABF-4D05-A606-D4A85AE2074E}]
C:\WINDOWS\system32\efecd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7690710C-1A33-4D05-B860-1730FE652B77}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B83082CA-29DB-4B4D-BA3A-E2BD0902DA7A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B98B4120-018E-4C17-9496-7705DE0F1216}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [25/10/2007 17:20]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 11:50]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [23/03/2006 17:06]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [02/11/2004 20:24]
"C-Media Mixer"="Mixer.exe" [07/12/2001 16:24 C:\WINDOWS\Mixer.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [14/08/2002 17:29]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [10/12/2002 17:54]
"EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.exe" [11/09/2003 04:00]
"PPMemCheck"="C:\PROGRA~1\PESTPA~1\PPMemCheck.exe" [05/08/2003 09:11]
"PestPatrol Control Center"="C:\Program Files\PESTPA~1\PPControl.exe" [05/08/2003 09:11]
"CookiePatrol"="C:\PROGRA~1\PESTPA~1\CookiePatrol.exe" [05/08/2003 09:11]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [23/08/2004 13:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [14/10/2004 15:55]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [12/10/2006 03:10]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [09/06/2006 01:17]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Launchpad"="C:\Program Files\ATI Multimedia\main\LaunchPd.exe" [02/05/2002 09:57]
"EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.exe" [11/09/2003 04:00]
"WOOKIT"="C:\Program Files\Wanadoo\Shell.exe" [23/08/2004 13:50]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [03/08/2004 23:54]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/07/2007 21:41]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]
"WINSOS VERIFY"="C:\Program Files\Winsos\WINSOS.exe" []
"Ptei"="C:\PROGRA~1\SMANTE~1\attrib.exe" []

C:\Documents and Settings\ANNA\Menu D‚marrer\Programmes\D‚marrage\
PPControl.lnk - C:\Documents and Settings\ANNA\Application Data\Microsoft\Installer\{FA1B3B7A-98D0-4F54-B555-7711A6E54544}\IconFA1B3B7A.exe [23/03/2005 00:49:53]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [13/11/2007 01:44:38]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

-- End of Deckard's System Scanner: finished at 2007-11-27 01:23:48 ------------

Répondre à marina

143 réponses 12 3 4 5 6 7 8 Suivant

Posez votre question Répondre