Sujet Précédent Sujet Suivant

Rapport HijackThis pour écrans bleus.

Résolu/Fermé
kENiCHi - 8 juin 2008 à 13:31
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 28 juin 2008 à 01:12
Bonjour, mon pc n'arrête pas de faire des écrans bleus et je fais appel à vos services pour m'aider :s.
Voici le rapport HijackThis :

Logfile of HijackThis v1.99.1
Scan saved at 13:26:34, on 08/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.2\KbdAp32A.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\SuperCopier\SuperCopier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\MaxiMemo\MaxiMemo.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/microsoftupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\%%%^^% ^^% ^%%%^%%% %^ ^ ^^% ^^^ ^ .exe
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: InlineSearchHandleHotKey - {B6FFE2AE-4D12-451F-B457-FE6125FFB1CF} - C:\Program Files\IEForge\Inline Search\InlineSearch.dll
O3 - Toolbar: Clipmarks.Toolbar - {1205D44C-FFD2-44E5-AA1D-929DCA37EB7A} - C:\Program Files\Clipmarks\clipmarks.dll
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.2\KbdAp32A.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: MaxiMemo.lnk = C:\Program Files\MaxiMemo\MaxiMemo.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/activex/TmHcmsX.CAB
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.serviceshub.microsoft.com/supportforbusiness/create
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - https://www.cult3d.com/
O16 - DPF: {33331111-1111-1111-1111-611111193458} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E123BED4-B8C7-42BB-958F-F13CA77EF95D} (Anark Client ActiveX Control) - http://install.anark.com/client/version2/windows-ie/en/AMClient.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS3\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS4\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS5\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS6\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS85\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 192.168.1.1
O17 - HKLM\System\CS86\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awtsq - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Unknown owner - C:\Program Files\a-squared Anti-Malware\a2service.exe (file missing)
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: NXHIQ - Unknown owner - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\NXHIQ.exe (file missing)
O23 - Service: NYKCDDBE - Unknown owner - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\NYKCDDBE.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: YQTNWRD - Unknown owner - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\YQTNWRD.exe (file missing)

Merci d'avance :/.

70 réponses

Réponse 1 / 70
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
18 juin 2008 à 13:21
Salut

passe ceci :

Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX
Télécharge Rav antivirus: http://ww25.evosla.com/compteur.php?soft=rav_antivirus
• Clique droit sur le fichier .ZIP > Extraire sur > le Bureau
• Doucle clic sur >> RAV.exe << afin de lancer l'outil.
• Une fois RAV ANTIVIRUS lancé, laisse-le réagir, il scanne automatiquement tous les lecteurs (disques fixes et amovibles)
• Si infection > un rapport s'établira, sinon s'affichera (très rapide) ==>Votre Ordinateur est sain .
• Retire tes disques amovibles et redémarre ton ordinateur .
Poste le rapport , si infection!

@+
1
Réponse 2 / 70
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
20 juin 2008 à 12:17
Salut Kenichi,

bon je suis de retour...

on va essayer comme ca : (avec les deux sous cles ;)

branche ta cle usb et/ou ton disque externe mais sans les ouvrir...

puis

Copie le texte ci-dessous :

File::
H:\sxs.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\WScript.exe
C:\WINDOWS\WillPolo.vbs
C:\WINDOWS\system32\WillPolo.vbs

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0541d­6­eb-774b-11d9-9908-0090d093a0b5}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95060­3­0f-08a2-11dd-a89b-000000000000}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95060­3­10-08a2-11dd-a89b-000000000000}]
[-HKEY_USERS\S-1-5-21-1010277773-2783298459-3642488703-1003\Software\Microsoft\Windows\Curr­entVersion\Explorer\MountPoints2\{9506030f-08a2-11dd-a89b-000000000000}\Shell\AutoRun\comm­and]
[-HKEY_USERS\S-1-5-21-1010277773-2783298459-3642488703-1003\Software\Microsoft\Windows\Curr­entVersion\Explorer\MountPoints2\{95060310-08a2-11dd-a89b-000000000000}\Shell\AutoRun\comm­and]

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+
1
Réponse 3 / 70
Utilisateur anonyme
8 juin 2008 à 14:00
salut

quel est le message de ton ecran bleu ??

Télécharge, puis installe MSNFix : http://sosvirus.changelog.fr/MSNFix.zip , tuto de Malekal
- Décompresse donc le dossier zip MSNFix et lance le fichier "MSNFix.bat". Une fenêtre bleue doit apparaitre.
- Mets l'interface en français en appuyant sur la touche F puis sur Entrée.
- Lance la recherche de virus en appuyant sur la touche R puis sur Entrée.
Si un virus est détecté, il te sera alors demandé de nettoyer l'ordinateur.
Un message d'erreur concernant la suppression impossible d'un fichier sera résolu par un redémarrage.
Après le nettoyage, la barre "Démarrer" s'efface puis réapparait, cela fait partie de la procédure de nettoyage.
- Poste le rapport qui s'ouvre en fin de nettoyage sur le forum stp.

Si ta barre "Démarrer" ne s'affiche toujours pas, il suffit de faire :
Ctrl + Alt + Suppr (sous Windows XP), ou Ctrl + Maj + Echap (sous Windows Vista) pour ouvrir le Gestionnaire de tâches Windows.
- Fais ensuite "Fichier", puis "Nouvelle tâche" et entre explorer.exe dans la fenêtre qui apparait et finis par "OK".

- redémarre ton ordinateur pour achever le nettoyage !
0
Réponse 4 / 70
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
8 juin 2008 à 14:02
salut,

fais ceci

Téléchargez MSNFix.zip (de !aur3n7) sur votre bureau:
http://sosvirus.changelog.fr/MSNFix.zip
Décompressez-le (clic droit >> Extraire ici) et double cliquer sur le fichier MSNFix.bat.
- Exécutez l'option R.
-- Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage

Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal

- Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt

Tuto :

https://www.malekal.com/supprimer-virus-desinfecter-pc/

et

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

Post donc les trois rapports

@+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 70
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
8 juin 2008 à 14:02
les pieds dans l´plat
0
Réponse 6 / 70
kENiCHi Messages postés 32 Date d'inscription dimanche 8 juin 2008 Statut Membre Dernière intervention 28 juin 2008
8 juin 2008 à 14:16
Merci déjà pour votre attention, j'avais déjà utilisé MSNfix mais je l'ai refait pour être sûr voici le log :

MSNFix 1.719

C:\Documents and Settings\Propri‚taire.YOKOØ.007\Bureau\MSNFix
Fix exécuté le 08/06/2008 - 14:06:56,68 By Propri‚taire
mode normal

************************ Recherche les fichiers présents

Aucun Fichier trouvé

************************ Recherche les dossiers présents

Aucun dossier trouvé


************************ Fichiers suspects

Aucun Fichier trouvé


************************ HKLM\...\Winlogon\Userinit

Userinit = C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\% ^%% ^ ^ .exe

Important : http://msnfix.changelog.fr/index.php/2008/05/18/32-alerte


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

Je vais redémarrer mon pc en espérant qu'il arrive à démarrer le mode sans échec et je posterais le rapport SDfix. Si je mets du temps c'est que mon pc me fait des misères ^^ !
0
Réponse 7 / 70
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
8 juin 2008 à 14:20
ok

esperons oui ;-)

@+
0
Réponse 8 / 70
kENiCHi Messages postés 32 Date d'inscription dimanche 8 juin 2008 Statut Membre Dernière intervention 28 juin 2008
8 juin 2008 à 21:20
Re-bonsoir j'ai réussi à prendre un autre pc pour venir sur le forum. Déjà je n'arrive pas à éxécuter correctement SDfix : aprés avoir fais Y et "entrée" la recherche commence mais un message d'erreur windows apparaît qui me parle d'une DLL de Symantec (c'est Norton non ?) et que je dois fermer l'application ou ignorer, si je fais plusieurs fois "fermer" SDfix me dit qu'il ne trouve pas des fichiers TXT enfin bref je comprends rien ^^'.
Sinon les 2 écrans bleus qui me reviennent le plus souvent sont "PAGE_FAULT_IN_NONPAGED_AREA" et "RQL_NOT_LESS_OR_EQUAL" (je l'ai sous les yeux celui là ^^') sinon ça arrive qu'il ait des écrans bleus ou il n'y a pas de messages particulier juste ils me disent le blabla habituel. Je vais ré-essayer de lancer SDfix je vous tiens au courant.
0
Réponse 9 / 70
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
9 juin 2008 à 19:06
Salut kenichi,

Arrives tu as passer ceci :

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Post egalement un nouveau hijack this stp

@+
0
Réponse 10 / 70
kENiCHi Messages postés 32 Date d'inscription dimanche 8 juin 2008 Statut Membre Dernière intervention 28 juin 2008
10 juin 2008 à 00:53
Je vais lire juste aprés ton message je poste juste le rapport SDfix (que j'ai finalement pu lancer ^^) et le nouveau rapport HijackThis :

Rapport SDfix :


[b]SDFix: Version 1.189 [/b]
Run by Administrateur on 10/06/2008 at 00:13

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-10 00:24:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:63,31,e1,34,12,65,51,2b,7b,24,e9,92,0b,72,f1,0c,87,b6,96,92,d9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6c,74,a7,dc,5d,29,93,22,4c,83,2e,c3,30,48,b2,70,a2,..
"khjeh"=hex:49,0b,85,9b,b8,f8,7c,a7,1c,0a,33,b8,70,68,b4,f2,05,d8,c6,13,df,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:db,dd,b6,a1,18,24,0b,1b,ef,ea,26,8a,03,2f,8c,87,45,68,de,b8,98,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:63,31,e1,34,12,65,51,2b,7b,24,e9,92,0b,72,f1,0c,87,b6,96,92,d9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6c,74,a7,dc,5d,29,93,22,4c,83,2e,c3,30,48,b2,70,a2,..
"khjeh"=hex:49,0b,85,9b,b8,f8,7c,a7,1c,0a,33,b8,70,68,b4,f2,05,d8,c6,13,df,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:f2,83,78,02,a1,fd,a1,53,11,d3,08,46,04,c9,ad,53,1a,e0,09,28,37,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:63,31,e1,34,12,65,51,2b,7b,24,e9,92,0b,72,f1,0c,87,b6,96,92,d9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6c,74,a7,dc,5d,29,93,22,4c,83,2e,c3,30,48,b2,70,a2,..
"khjeh"=hex:49,0b,85,9b,b8,f8,7c,a7,1c,0a,33,b8,70,68,b4,f2,05,d8,c6,13,df,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:56,47,50,1d,d9,7f,3d,fe,36,12,03,40,7c,af,9c,39,19,0c,a9,e2,63,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:63,31,e1,34,12,65,51,2b,7b,24,e9,92,0b,72,f1,0c,87,b6,96,92,d9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6c,74,a7,dc,5d,29,93,22,4c,83,2e,c3,30,48,b2,70,a2,..
"khjeh"=hex:49,0b,85,9b,b8,f8,7c,a7,1c,0a,33,b8,70,68,b4,f2,05,d8,c6,13,df,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:db,dd,b6,a1,18,24,0b,1b,ef,ea,26,8a,03,2f,8c,87,45,68,de,b8,98,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:63,31,e1,34,12,65,51,2b,7b,24,e9,92,0b,72,f1,0c,87,b6,96,92,d9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6c,74,a7,dc,5d,29,93,22,4c,83,2e,c3,30,48,b2,70,a2,..
"khjeh"=hex:49,0b,85,9b,b8,f8,7c,a7,1c,0a,33,b8,70,68,b4,f2,05,d8,c6,13,df,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:db,dd,b6,a1,18,24,0b,1b,ef,ea,26,8a,03,2f,8c,87,45,68,de,b8,98,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:63,31,e1,34,12,65,51,2b,7b,24,e9,92,0b,72,f1,0c,87,b6,96,92,d9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6c,74,a7,dc,5d,29,93,22,4c,83,2e,c3,30,48,b2,70,a2,..
"khjeh"=hex:49,0b,85,9b,b8,f8,7c,a7,1c,0a,33,b8,70,68,b4,f2,05,d8,c6,13,df,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:db,dd,b6,a1,18,24,0b,1b,ef,ea,26,8a,03,2f,8c,87,45,68,de,b8,98,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:63,31,e1,34,12,65,51,2b,7b,24,e9,92,0b,72,f1,0c,87,b6,96,92,d9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6c,74,a7,dc,5d,29,93,22,4c,83,2e,c3,30,48,b2,70,a2,..
"khjeh"=hex:49,0b,85,9b,b8,f8,7c,a7,1c,0a,33,b8,70,68,b4,f2,05,d8,c6,13,df,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:db,dd,b6,a1,18,24,0b,1b,ef,ea,26,8a,03,2f,8c,87,45,68,de,b8,98,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:63,31,e1,34,12,65,51,2b,7b,24,e9,92,0b,72,f1,0c,87,b6,96,92,d9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6c,74,a7,dc,5d,29,93,22,4c,83,2e,c3,30,48,b2,70,a2,..
"khjeh"=hex:49,0b,85,9b,b8,f8,7c,a7,1c,0a,33,b8,70,68,b4,f2,05,d8,c6,13,df,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:db,dd,b6,a1,18,24,0b,1b,ef,ea,26,8a,03,2f,8c,87,45,68,de,b8,98,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:63,31,e1,34,12,65,51,2b,7b,24,e9,92,0b,72,f1,0c,87,b6,96,92,d9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6c,74,a7,dc,5d,29,93,22,4c,83,2e,c3,30,48,b2,70,a2,..
"khjeh"=hex:49,0b,85,9b,b8,f8,7c,a7,1c,0a,33,b8,70,68,b4,f2,05,d8,c6,13,df,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:db,dd,b6,a1,18,24,0b,1b,ef,ea,26,8a,03,2f,8c,87,45,68,de,b8,98,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:63,31,e1,34,12,65,51,2b,7b,24,e9,92,0b,72,f1,0c,87,b6,96,92,d9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6c,74,a7,dc,5d,29,93,22,4c,83,2e,c3,30,48,b2,70,a2,..
"khjeh"=hex:49,0b,85,9b,b8,f8,7c,a7,1c,0a,33,b8,70,68,b4,f2,05,d8,c6,13,df,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:db,dd,b6,a1,18,24,0b,1b,ef,ea,26,8a,03,2f,8c,87,45,68,de,b8,98,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:63,31,e1,34,12,65,51,2b,7b,24,e9,92,0b,72,f1,0c,87,b6,96,92,d9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6c,74,a7,dc,5d,29,93,22,4c,83,2e,c3,30,48,b2,70,a2,..
"khjeh"=hex:49,0b,85,9b,b8,f8,7c,a7,1c,0a,33,b8,70,68,b4,f2,05,d8,c6,13,df,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:db,dd,b6,a1,18,24,0b,1b,ef,ea,26,8a,03,2f,8c,87,45,68,de,b8,98,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:63,31,e1,34,12,65,51,2b,7b,24,e9,92,0b,72,f1,0c,87,b6,96,92,d9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6c,74,a7,dc,5d,29,93,22,4c,83,2e,c3,30,48,b2,70,a2,..
"khjeh"=hex:49,0b,85,9b,b8,f8,7c,a7,1c,0a,33,b8,70,68,b4,f2,05,d8,c6,13,df,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:db,dd,b6,a1,18,24,0b,1b,ef,ea,26,8a,03,2f,8c,87,45,68,de,b8,98,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:63,31,e1,34,12,65,51,2b,7b,24,e9,92,0b,72,f1,0c,87,b6,96,92,d9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6c,74,a7,dc,5d,29,93,22,4c,83,2e,c3,30,48,b2,70,a2,..
"khjeh"=hex:49,0b,85,9b,b8,f8,7c,a7,1c,0a,33,b8,70,68,b4,f2,05,d8,c6,13,df,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:db,dd,b6,a1,18,24,0b,1b,ef,ea,26,8a,03,2f,8c,87,45,68,de,b8,98,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:63,31,e1,34,12,65,51,2b,7b,24,e9,92,0b,72,f1,0c,87,b6,96,92,d9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6c,74,a7,dc,5d,29,93,22,4c,83,2e,c3,30,48,b2,70,a2,..
"khjeh"=hex:49,0b,85,9b,b8,f8,7c,a7,1c,0a,33,b8,70,68,b4,f2,05,d8,c6,13,df,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:db,dd,b6,a1,18,24,0b,1b,ef,ea,26,8a,03,2f,8c,87,45,68,de,b8,98,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:63,31,e1,34,12,65,51,2b,7b,24,e9,92,0b,72,f1,0c,87,b6,96,92,d9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6c,74,a7,dc,5d,29,93,22,4c,83,2e,c3,30,48,b2,70,a2,..
"khjeh"=hex:49,0b,85,9b,b8,f8,7c,a7,1c,0a,33,b8,70,68,b4,f2,05,d8,c6,13,df,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:db,dd,b6,a1,18,24,0b,1b,ef,ea,26,8a,03,2f,8c,87,45,68,de,b8,98,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:63,31,e1,34,12,65,51,2b,7b,24,e9,92,0b,72,f1,0c,87,b6,96,92,d9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6c,74,a7,dc,5d,29,93,22,4c,83,2e,c3,30,48,b2,70,a2,..
"khjeh"=hex:49,0b,85,9b,b8,f8,7c,a7,1c,0a,33,b8,70,68,b4,f2,05,d8,c6,13,df,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:db,dd,b6,a1,18,24,0b,1b,ef,ea,26,8a,03,2f,8c,87,45,68,de,b8,98,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:63,31,e1,34,12,65,51,2b,7b,24,e9,92,0b,72,f1,0c,87,b6,96,92,d9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6c,74,a7,dc,5d,29,93,22,4c,83,2e,c3,30,48,b2,70,a2,..
"khjeh"=hex:49,0b,85,9b,b8,f8,7c,a7,1c,0a,33,b8,70,68,b4,f2,05,d8,c6,13,df,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:db,dd,b6,a1,18,24,0b,1b,ef,ea,26,8a,03,2f,8c,87,45,68,de,b8,98,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:63,31,e1,34,12,65,51,2b,7b,24,e9,92,0b,72,f1,0c,87,b6,96,92,d9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,6c,74,a7,dc,5d,29,93,22,4c,83,2e,c3,30,48,b2,70,a2,..
"khjeh"=hex:49,0b,85,9b,b8,f8,7c,a7,1c,0a,33,b8,70,68,b4,f2,05,d8,c6,13,df,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:db,dd,b6,a1,18,24,0b,1b,ef,ea,26,8a,03,2f,8c,87,45,68,de,b8,98,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet021\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet023\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet024\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet025\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet026\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet027\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet028\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet029\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet030\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet031\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet032\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet033\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet034\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet035\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet036\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet037\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet038\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet039\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet040\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet041\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet042\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet043\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet044\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet045\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet046\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet047\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet048\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet049\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet050\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet051\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet052\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet053\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet054\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet055\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet056\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet057\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet058\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet059\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet060\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet061\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet062\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet063\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet064\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet065\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet066\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet067\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet068\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet069\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet070\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet071\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet072\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet073\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet074\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet075\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet076\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet077\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet078\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet079\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet080\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet081\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet082\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet083\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet084\Services\BTHPORT\Parameters\Keys\000272b00026]
"0016db26f515"=hex:09,d6,f8,51,d3,4a,50,72,61,24,30,03,39,89,5a,74
"001247b48855"=hex:7a,77,a6,19,ad,14,94,1a,22,11,7d,90,d3,e4,eb,27
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet084\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272b00026]
"0016db26f515"=hex:09,d6,f8,51,d3,4a,50,72,61,24,30,03,39,89,5a,74
"001247b48855"=hex:7a,77,a6,19,ad,14,94,1a,22,11,7d,90,d3,e4,eb,27
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:1b485c1e
"s2"=dword:88cfef9b
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet086\Services\BTHPORT\Parameters\Keys\000272b00026]
"0016db26f515"=hex:09,d6,f8,51,d3,4a,50,72,61,24,30,03,39,89,5a,74
"001247b48855"=hex:7a,77,a6,19,ad,14,94,1a,22,11,7d,90,d3,e4,eb,27
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet086\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e3,4d,74,ee,ca,bd,fb,77,e2,d7,1b,e9,a9,d1,42,9a,f7,d2,da,d4,5f,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\eMule\\eMule.exe"="C:\\Program Files\\eMule\\eMule.exe:*:Enabled:eMule"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:*:Disabled:ActiveSync RAPI Manager"
"C:\\Program Files\\IEPro\\MiniDM.exe"="C:\\Program Files\\IEPro\\MiniDM.exe:*:Enabled:MiniDM"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Lavasoft\\Ad-Aware SE Personal\\Ad-Aware.exe"="C:\\Program Files\\Lavasoft\\Ad-Aware SE Personal\\Ad-Aware.exe:*:Enabled:Ad-Aware SE Personal"
"C:\\Documents and Settings\\Propri‚taire.YOKOØ.007\\Local Settings\\Temp\\WZSE0.TMP\\symnrt.exe"="C:\\Documents and Settings\\Propri‚taire.YOKOØ.007\\Local Settings\\Temp\\WZSE0.TMP\\symnrt.exe:*:Enabled:Symantec Removal Utility"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Thu 15 Mar 2007 102,400 A.SH. --- "C:\WINDOWS\DUMP2c6f.tmp"
Thu 20 Oct 2005 56 A.SHR --- "C:\WINDOWS\system32\1CA6156100.sys"
Thu 20 Oct 2005 12,208 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sun 20 May 2007 641,748 ..SH. --- "C:\WINDOWS\system32\qstwa.tmp"
Sat 19 May 2007 627,238 ..SH. --- "C:\WINDOWS\system32\qstwa.bak1"
Sun 20 May 2007 642,541 ..SH. --- "C:\WINDOWS\system32\qstwa.bak2"
Wed 23 Mar 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 4 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
--- 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2b3ec987c557c0db8aeefc1b4c479971\BIT4B.tmp"
--- 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\778fd2fc3fe6b905e366b5ddbba384c8\BIT49.tmp"
--- 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\eaf9a70595fa5abd295f301727b0d6e2\BIT4A.tmp"
Wed 23 Mar 2005 4,348 A..H. --- "C:\Documents and Settings\Propri‚taire\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Sat 26 Aug 2006 20 A..H. --- "C:\Documents and Settings\Propri‚taire\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Fri 20 Jan 2006 488 A.SH. --- "C:\Documents and Settings\Propri‚taire\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Tue 25 Sep 2007 23,552 A..H. --- "C:\Documents and Settings\Propri‚taire.YOKOØ.007\Mes documents\takaks\cours\paci blanc sept\~WRL1765.tmp"
Thu 10 Jan 2008 58,880 A.SH. --- "C:\Documents and Settings\Propri‚taire.YOKOØ.007\Mes documents\takaks\cours\technique d'analyse\~WRL0001.tmp"
Thu 10 Jan 2008 59,392 A.SH. --- "C:\Documents and Settings\Propri‚taire.YOKOØ.007\Mes documents\takaks\cours\technique d'analyse\~WRL0004.tmp"
Thu 10 Jan 2008 62,976 A.SH. --- "C:\Documents and Settings\Propri‚taire.YOKOØ.007\Mes documents\takaks\cours\technique d'analyse\~WRL0186.tmp"
Thu 10 Jan 2008 65,024 A.SH. --- "C:\Documents and Settings\Propri‚taire.YOKOØ.007\Mes documents\takaks\cours\technique d'analyse\~WRL0421.tmp"
Thu 10 Jan 2008 65,024 A.SH. --- "C:\Documents and Settings\Propri‚taire.YOKOØ.007\Mes documents\takaks\cours\technique d'analyse\~WRL0555.tmp"
Thu 10 Jan 2008 67,584 A.SH. --- "C:\Documents and Settings\Propri‚taire.YOKOØ.007\Mes documents\takaks\cours\technique d'analyse\~WRL2347.tmp"
Thu 10 Jan 2008 61,440 A.SH. --- "C:\Documents and Settings\Propri‚taire.YOKOØ.007\Mes documents\takaks\cours\technique d'analyse\~WRL2591.tmp"
Thu 10 Jan 2008 63,488 A.SH. --- "C:\Documents and Settings\Propri‚taire.YOKOØ.007\Mes documents\takaks\cours\technique d'analyse\~WRL4000.tmp"
Fri 14 Dec 2007 35,840 A..H. --- "C:\Documents and Settings\Propri‚taire.YOKOØ.007\Mes documents\takaks\cours\TMO Dalmas\~WRL0152.tmp"
Fri 14 Dec 2007 36,352 A..H. --- "C:\Documents and Settings\Propri‚taire.YOKOØ.007\Mes documents\takaks\cours\TMO Dalmas\~WRL0191.tmp"
Fri 14 Dec 2007 28,160 A..H. --- "C:\Documents and Settings\Propri‚taire.YOKOØ.007\Mes documents\takaks\cours\TMO Dalmas\~WRL0290.tmp"
Fri 14 Dec 2007 35,840 A..H. --- "C:\Documents and Settings\Propri‚taire.YOKOØ.007\Mes documents\takaks\cours\TMO Dalmas\~WRL1085.tmp"
Fri 14 Dec 2007 32,768 A..H. --- "C:\Documents and Settings\Propri‚taire.YOKOØ.007\Mes documents\takaks\cours\TMO Dalmas\~WRL1421.tmp"
Fri 14 Dec 2007 34,304 A..H. --- "C:\Documents and Settings\Propri‚taire.YOKOØ.007\Mes documents\takaks\cours\TMO Dalmas\~WRL3052.tmp"
Fri 14 Dec 2007 32,768 A..H. --- "C:\Documents and Settings\Propri‚taire.YOKOØ.007\Mes documents\takaks\cours\TMO Dalmas\~WRL3220.tmp"
Fri 14 Dec 2007 29,184 A..H. --- "C:\Documents and Settings\Propri‚taire.YOKOØ.007\Mes documents\takaks\cours\TMO Dalmas\~WRL3336.tmp"
Wed 7 Feb 2007 43,008 A..H. --- "C:\Documents and Settings\Propri‚taire.YOKOØ.007\Mes documents\takaks\cours\TMO Dalmas\contrat\~WRL0002.tmp"
Tue 11 Dec 2007 54,784 A..H. --- "C:\Documents and Settings\Propri‚taire.YOKOØ.007\Mes documents\takaks\cours\TMO Souir\jeux pyreneens de l'aventure\~WRL1878.tmp"
Tue 11 Dec 2007 54,272 A..H. --- "C:\Documents and Settings\Propri‚taire.YOKOØ.007\Mes documents\takaks\cours\TMO Souir\jeux pyreneens de l'aventure\~WRL2081.tmp"

[b]Finished![/b]

Rapport HijackThis :

Logfile of HijackThis v1.99.1
Scan saved at 00:53:47, on 10/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.2\KbdAp32A.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SuperCopier\SuperCopier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\MaxiMemo\MaxiMemo.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/microsoftupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Clipmarks.Toolbar - {1205D44C-FFD2-44E5-AA1D-929DCA37EB7A} - C:\Program Files\Clipmarks\clipmarks.dll
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.2\KbdAp32A.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: MaxiMemo.lnk = C:\Program Files\MaxiMemo\MaxiMemo.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/activex/TmHcmsX.CAB
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.serviceshub.microsoft.com/supportforbusiness/create
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - https://www.cult3d.com/
O16 - DPF: {33331111-1111-1111-1111-611111193458} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E123BED4-B8C7-42BB-958F-F13CA77EF95D} (Anark Client ActiveX Control) - http://install.anark.com/client/version2/windows-ie/en/AMClient.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS3\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS4\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS5\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS6\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS85\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 192.168.1.1
O17 - HKLM\System\CS86\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awtsq - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Unknown owner - C:\Program Files\a-squared Anti-Malware\a2service.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: NXHIQ - Unknown owner - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\NXHIQ.exe (file missing)
O23 - Service: NYKCDDBE - Unknown owner - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\NYKCDDBE.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: YQTNWRD - Unknown owner - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\YQTNWRD.exe (file missing)

Merci encore, je vais faire ta nouvelle procédure !
0
Réponse 11 / 70
kENiCHi Messages postés 32 Date d'inscription dimanche 8 juin 2008 Statut Membre Dernière intervention 28 juin 2008
10 juin 2008 à 01:30
Bonsoir je viens de faire le combofix voici le rapport :

ComboFix 08-06-09.7 - Propriétaire 2008-06-10 0:58:22.1 - NTFSx86
Endroit: C:\Documents and Settings\Propriétaire.YOKOÏ.007\Bureau\ComboFix.exe
.
[i] ADS - svchost.exe: deleted 132 bytes in 1 streams. /i

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Propriétaire.YOKOÏ.007\real.txt
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\ewfadvxopn.dat
C:\WINDOWS\system32\ewfadvxopn_nav.dat
C:\WINDOWS\system32\ewfadvxopn_navps.dat
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\qstwa.bak1
C:\WINDOWS\system32\qstwa.bak2
C:\WINDOWS\system32\qstwa.ini2
C:\WINDOWS\system32\qstwa.tmp
C:\WINDOWS\system32\vslnroajf.dat
C:\WINDOWS\system32\vslnroajf_navps.dat
C:\WINDOWS\system32\vslnroajf_navup.dat
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-09 to 2008-06-09 ))))))))))))))))))))))))))))))))))))
.

2008-06-08 20:59 . 2008-06-08 21:00 <REP> d-------- C:\WINDOWS\ERUNT
2008-06-08 14:10 . 2008-06-10 00:48 <REP> d-------- C:\SDFix
2008-06-01 23:01 . 2007-01-18 14:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-06-01 23:00 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-05-11 16:34 . 2008-05-11 16:34 0 --a------ C:\WINDOWS\system32\real.MSNFix

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
9999-01-01 08:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
9999-01-01 07:59 --------- d-----w C:\Program Files\Fichiers communs\Adobe
9999-01-01 07:49 --------- d-----w C:\Program Files\IEForge
9999-01-01 07:47 --------- d-----w C:\Program Files\QuickTime
9999-01-01 07:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-09 22:53 --------- d-----w C:\Program Files\Hijackthis Version Française
2008-06-09 15:12 --------- d-----w C:\Program Files\IEPro
2008-06-08 16:12 --------- d-----w C:\Program Files\eMule
2008-05-29 18:24 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-05-29 18:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-05-27 23:26 --------- d-----w C:\Program Files\FlashFXP
2008-05-27 21:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-25 21:55 --------- d-----w C:\Program Files\Azureus
2008-05-21 16:16 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-10 10:27 --------- d-----w C:\Program Files\DivX
2008-04-30 00:00 --------- d-----w C:\Program Files\TomTom DesktopSuite
2008-04-29 23:47 --------- d-----w C:\Program Files\TomTom HOME 2
2008-04-19 20:51 --------- d-----w C:\Program Files\XBC
2008-03-22 00:33 693 ---ha-w C:\os245053.bin
2007-01-17 23:49 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2004-08-18 16:25 88 ----a-w C:\Program Files\375085915.edat
2005-10-19 22:46 56 --sha-r C:\WINDOWS\system32\1CA6156100.sys
2005-10-19 22:46 12,208 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier.exe"="C:\Program Files\SuperCopier\SuperCopier.exe" [2003-04-25 00:03 683520]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-25 11:10 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59 204288]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 15:07 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 16:57 81920]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 21:42 212992]
"LWBKEYBOARD"="C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.2\KbdAp32A.exe" [2004-04-02 14:40 381440]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-11 17:11 114688]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-19 17:22 262401]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoUserNameInStartMenu"= 1 (0x1)
"NoInstrumentation"= 0 (0x0)
"NoStartMenuPinnedList"= 0 (0x0)
"ForceStartMenuLogoff"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsq]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg20.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KLBLMain]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StyleXPService"=2 (0x2)
"KLBLMain"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ShowShifter TVTV EPG Daemon"="C:\Program Files\Home Media Networks Limited\ShowShifter\TVTVD.exe"
"eCarteBleue-LPV-P1"="C:\Program Files\e-Carte Bleue\LA POSTE\CVD VISA\ECB.exe" /dontopenmycards
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\eMule.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"C:\\Program Files\\IEPro\\MiniDM.exe"=
"C:\\Program Files\\Lavasoft\\Ad-Aware SE Personal\\Ad-Aware.exe"=

R1 Dev_UNIDRV;Dev_UNIDRV;C:\WINDOWS\system32\Drivers\UNIDRV.SYS [2007-03-10 19:50]
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2001-11-27 16:07]
R1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys [2005-06-16 19:10]
R1 oxser;OX16C95x Serial port driver;C:\WINDOWS\system32\DRIVERS\oxser.sys [2005-01-20 04:11]
R2 Dnscache;Client DNS;C:\WINDOWS\System32\svchost.exe [2004-08-20 01:10]
R2 Vcs;Vcs support;C:\WINDOWS\System32\Drivers\Vcs.sys [2002-12-10 10:11]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 09:08]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 21:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 20:30]
S1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys []
S3 ids00035;ids00035;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00035.sys []
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-05-11 13:12]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-05-11 13:12]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-05-11 13:12]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-05-11 13:12]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-05-11 13:12]
S3 klstm;klstm;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\klstm.sys []
S3 NXHIQ;NXHIQ;C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\NXHIQ.exe []
S3 NYKCDDBE;NYKCDDBE;C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\NYKCDDBE.exe []
S3 PsSdk30;PsSdk30;C:\WINDOWS\system32\Drivers\PsSdk30.drv []
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 23:41]
S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-01-24 16:38]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-01-24 16:38]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-01-24 16:38]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 07:58]
S3 xbreader;ActionReplay XBox Driver (xbreader.sys);C:\WINDOWS\system32\Drivers\xbreader.sys [2001-01-03 00:53]
S3 YQTNWRD;YQTNWRD;C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\YQTNWRD.exe []
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0541d6eb-774b-11d9-9908-0090d093a0b5}]
\Shell\Auto\command - H:\sxs.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9506030f-08a2-11dd-a89b-000000000000}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe WillPolo.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95060310-08a2-11dd-a89b-000000000000}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe WillPolo.vbs

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-27 08:07:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-09 22:21:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
"2007-05-06 22:21:33 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-10 01:08:19
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet085\Services\PSSdk21]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\HNPsSdk.drv"

[HKEY_LOCAL_MACHINE\System\ControlSet085\Services\PsSdk30]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk30.drv"
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\System32\CSCDLL.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\MaxiMemo\MaxiMemo.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-10 1:24:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-09 23:24:06

Pre-Run: 3,008,999,424 octets libres
Post-Run: 2,949,861,376 octets libres

216 --- E O F --- 2008-06-09 22:54:51

Rapport HijackThis :

Logfile of HijackThis v1.99.1
Scan saved at 01:30:10, on 10/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.2\KbdAp32A.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SuperCopier\SuperCopier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\MaxiMemo\MaxiMemo.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/microsoftupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Clipmarks.Toolbar - {1205D44C-FFD2-44E5-AA1D-929DCA37EB7A} - C:\Program Files\Clipmarks\clipmarks.dll
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.2\KbdAp32A.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: MaxiMemo.lnk = C:\Program Files\MaxiMemo\MaxiMemo.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/activex/TmHcmsX.CAB
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.serviceshub.microsoft.com/supportforbusiness/create
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - https://www.cult3d.com/
O16 - DPF: {33331111-1111-1111-1111-611111193458} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E123BED4-B8C7-42BB-958F-F13CA77EF95D} (Anark Client ActiveX Control) - http://install.anark.com/client/version2/windows-ie/en/AMClient.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS3\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS4\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS5\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS6\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS85\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 192.168.1.1
O17 - HKLM\System\CS86\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awtsq - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Unknown owner - C:\Program Files\a-squared Anti-Malware\a2service.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: NXHIQ - Unknown owner - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\NXHIQ.exe (file missing)
O23 - Service: NYKCDDBE - Unknown owner - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\NYKCDDBE.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: YQTNWRD - Unknown owner - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\YQTNWRD.exe (file missing)

Merci beaucoup pour votre attention !
0
Réponse 12 / 70
kENiCHi Messages postés 32 Date d'inscription dimanche 8 juin 2008 Statut Membre Dernière intervention 28 juin 2008
10 juin 2008 à 17:54
Bonjour, j'ai aussi le log antivir que je poste au cas où, je fais aussi en ce moment une analyse avec malwarebytes's anti-malware je posterais le log aprés (sauf si ce n'est pas nécessaire ^^) :



Avira AntiVir Personal
Report file date: mardi 10 juin 2008 02:28

Scanning for 1320174 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: YOKOÏ

Version information:
BUILD.DAT : 8.1.0.308 16478 Bytes 28/05/2008 17:03:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 19/04/2008 15:22:47
AVSCAN.DLL : 8.1.1.0 53505 Bytes 19/04/2008 15:22:47
LUKE.DLL : 8.1.2.9 151809 Bytes 19/04/2008 15:22:47
LUKERES.DLL : 8.1.2.1 12033 Bytes 19/04/2008 15:22:47
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 16:23:33
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 11:13:04
ANTIVIR2.VDF : 7.0.4.120 2206720 Bytes 01/06/2008 17:19:35
ANTIVIR3.VDF : 7.0.4.165 237568 Bytes 09/06/2008 00:27:49
Engineversion : 8.1.0.55
AEVDF.DLL : 8.1.0.5 102772 Bytes 19/04/2008 15:22:47
AESCRIPT.DLL : 8.1.0.40 266618 Bytes 07/06/2008 17:19:47
AESCN.DLL : 8.1.0.21 119156 Bytes 07/06/2008 17:19:46
AERDL.DLL : 8.1.0.20 418165 Bytes 25/04/2008 15:14:31
AEPACK.DLL : 8.1.1.5 364918 Bytes 15/05/2008 16:47:21
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 19/04/2008 15:22:47
AEHEUR.DLL : 8.1.0.30 1253750 Bytes 07/06/2008 17:19:45
AEHELP.DLL : 8.1.0.15 115063 Bytes 30/05/2008 06:41:59
AEGEN.DLL : 8.1.0.28 307572 Bytes 07/06/2008 17:19:40
AEEMU.DLL : 8.1.0.6 430451 Bytes 08/05/2008 13:06:45
AECORE.DLL : 8.1.0.31 168310 Bytes 07/06/2008 17:19:38
AVWINLL.DLL : 1.0.0.7 14593 Bytes 19/04/2008 15:22:47
AVPREF.DLL : 8.0.0.1 25857 Bytes 19/04/2008 15:22:47
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 19/04/2008 15:22:47
AVARKT.DLL : 1.0.0.23 307457 Bytes 19/04/2008 15:22:46
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 19/04/2008 15:22:46
SQLITE3.DLL : 3.3.17.1 339968 Bytes 19/04/2008 15:22:47
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 19/04/2008 15:22:47
NETNT.DLL : 8.0.0.1 7937 Bytes 19/04/2008 15:22:47
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 19/04/2008 15:22:43
RCTEXT.DLL : 8.0.32.0 86273 Bytes 19/04/2008 15:22:43

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 10 juin 2008 02:28

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'MaxiMemo.exe' - '1' Module(s) have been scanned
Scan process 'rapimgr.exe' - '1' Module(s) have been scanned
Scan process 'wcescomm.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'SuperCopier.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'KbdAp32A.exe' - '1' Module(s) have been scanned
Scan process 'ps2.EXE' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'Tablet.exe' - '1' Module(s) have been scanned
Scan process 'TabUserW.exe' - '1' Module(s) have been scanned
Scan process 'Tablet.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'DTSRVC.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
41 processes with 41 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '42' files ).


Starting the file scan:

Begin scan in 'C:\' <DD 1>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <DD 2>


End of the scan: mardi 10 juin 2008 04:40
Used time: 2:11:54 min

The scan has been done completely.

13753 Scanning directories
951951 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
951951 Files not concerned
25920 Archives were scanned
7 Warnings
0 Notes

Je ne sais pas si les 7 warnings sont importants je m'en remets à vous !
0
Réponse 13 / 70
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
10 juin 2008 à 19:34
Salut kenichi

la suite :

Télécharge FixWareout d'un de ces deux sites sur le bureau:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

*Poste (Copie/colle) le contenu du rapport qui va s'afficher à l'écran (report.txt)

branche tes cles usb ou disque dur externe sans les ouvrir

Copie le texte ci-dessous :

File::
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\NXHIQ.exe
C:\WINDOWS\system32\1CA6156100.sys
C:\WINDOWS\system32\drivers\oreans32.sys
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\NYKCDDBE.exe
C:\WINDOWS\system32\Drivers\PsSdk30.drv
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\YQTNWRD.exe

Folder::
C:\Program Files\375085915.edat
C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsq]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0541d6­eb-774b-11d9-9908-0090d093a0b5}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{950603­10-08a2-11dd-a89b-000000000000}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{950603­0f-08a2-11dd-a89b-000000000000}]

Driver::
YQTNWRD
oreans32
ids00035
NXHIQ
klstm
NYKCDDBE
PsSdk30

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

Puis passe ceci :

Télécharge l'outil Flash_Disinfector de sUBs:
http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe

Enregistre Flash_Disinfector.exe sur ton bureau.
Double clique sur Flash_Disinfector.exe pour l'exécuter.
Quand le message : [Plug in yours flash drive & clic Ok to begin disinfection] apparaitra :
Connecte au pc, clé USB, DD externes, susceptibles d'avoir été infectés.
Puis clic sur Ok
Les icônes sur le bureau vont disparaitre jusqu'à l'apparition du message: [Done!!]
Appuies ensuite sur OK, pour faire réapparaitre le bureau.
Si tout a bien fonctionné jusque là, l'infection est supprimé en totalité.

Donc post les quatres rapports

@+
0
Réponse 14 / 70
kENiCHi Messages postés 32 Date d'inscription dimanche 8 juin 2008 Statut Membre Dernière intervention 28 juin 2008
10 juin 2008 à 21:38
Bonsoir ! Voici le rapport de Fixwareout :

Username "Propri‚taire" - 10/06/2008 21:32:09 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

Cache de résolution DNS vidé.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"LWBKEYBOARD"="C:\\Program Files\\MultiMedia Keyboard\\MultiMedia Keyboard\\1.2\\KbdAp32A.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\jusched.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier.exe"="C:\\Program Files\\SuperCopier\\SuperCopier.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

Je vais faire la 2nde étape !
0
Réponse 15 / 70
kENiCHi Messages postés 32 Date d'inscription dimanche 8 juin 2008 Statut Membre Dernière intervention 28 juin 2008
10 juin 2008 à 22:14
Re-bonsoir, voici le rapport combofix avec le nouveau rapport HijackThis :

ComboFix 08-06-09.7 - Propriétaire 2008-06-10 21:43:29.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.134 [GMT 2:00]
Endroit: C:\Documents and Settings\Propriétaire.YOKOÏ.007\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Propriétaire.YOKOÏ.007\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\NXHIQ.exe
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\NYKCDDBE.exe
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\YQTNWRD.exe
C:\WINDOWS\system32\1CA6156100.sys
C:\WINDOWS\system32\drivers\oreans32.sys
C:\WINDOWS\system32\Drivers\PsSdk30.drv
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\375085915.edat\
C:\WINDOWS\system32\1CA6156100.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IDS00035
-------\Legacy_KLSTM
-------\Legacy_NPF
-------\Legacy_NXHIQ
-------\Legacy_NYKCDDBE
-------\Legacy_OREANS32
-------\Legacy_PSSDK30
-------\Legacy_YQTNWRD
-------\Service_ids00035
-------\Service_klstm
-------\Service_NXHIQ
-------\Service_NYKCDDBE
-------\Service_oreans32
-------\Service_PsSdk30
-------\Service_YQTNWRD


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-10 to 2008-06-10 ))))))))))))))))))))))))))))))))))))
.

2008-06-10 21:31 . 2008-06-10 21:36 <REP> d-------- C:\fixwareout
2008-06-10 12:42 . 2008-06-10 12:42 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-10 12:42 . 2008-06-10 12:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-10 12:42 . 2008-06-09 20:13 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-10 12:42 . 2008-06-09 20:13 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-10 01:24 . 2008-06-10 01:24 <REP> d-------- C:\Documents and Settings\Propriétaire.YOKOÏ.007
2008-06-10 01:24 . 2008-06-10 01:24 <REP> d-------- C:\Documents and Settings\Propriétaire.YOKOÏ.001
2008-06-10 01:24 . <REP> C:\Documents and Settings\PropriÚtaire.YOKO¤.007\Local Settings
2008-06-10 01:24 . <REP> C:\Documents and Settings\PropriÚtaire.YOKO¤.007\Local Settings
2008-06-10 01:24 . <REP> C:\Documents and Settings\PropriÚtaire.YOKO¤.001\Local Settings
2008-06-08 20:59 . 2008-06-08 21:00 <REP> d-------- C:\WINDOWS\ERUNT
2008-06-08 14:10 . 2008-06-10 00:48 <REP> d-------- C:\SDFix
2008-06-01 23:01 . 2007-01-18 14:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-06-01 23:00 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-05-11 16:34 . 2008-05-11 16:34 0 --a------ C:\WINDOWS\system32\real.MSNFix

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
9999-01-01 07:59 --------- d-----w C:\Program Files\Fichiers communs\Adobe
9999-01-01 07:49 --------- d-----w C:\Program Files\IEForge
9999-01-01 07:47 --------- d-----w C:\Program Files\QuickTime
9999-01-01 07:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-10 17:37 --------- d-----w C:\Program Files\eMule
2008-06-10 15:50 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-06-10 00:12 --------- d---a-w C:\Program Files\InstallShield Installation Information
2008-06-09 23:30 --------- d-----w C:\Program Files\Hijackthis Version Française
2008-06-09 15:12 --------- d-----w C:\Program Files\IEPro
2008-05-29 18:24 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-05-29 18:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-05-27 23:26 --------- d-----w C:\Program Files\FlashFXP
2008-05-27 21:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-25 21:55 --------- d-----w C:\Program Files\Azureus
2008-05-21 16:16 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-10 10:27 --------- d-----w C:\Program Files\DivX
2008-04-30 00:00 --------- d-----w C:\Program Files\TomTom DesktopSuite
2008-04-29 23:47 --------- d-----w C:\Program Files\TomTom HOME 2
2008-04-19 20:51 --------- d-----w C:\Program Files\XBC
2008-03-22 00:33 693 ---ha-w C:\os245053.bin
2007-01-17 23:49 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2004-08-18 16:25 88 ----a-w C:\Program Files\375085915.edat
2005-10-19 22:46 12,208 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-10_ 1.23.28.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-06-10 15:49:45 88,776 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll
+ 2008-06-10 15:49:42 101,064 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.InfoPath\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll
- 2008-06-09 23:07:27 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-10 19:54:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2003-07-15 09:13:58 166,456 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\ACCWIZ.DLL
+ 2003-07-15 04:43:20 87,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\ADDRPARS.DLL
+ 2003-07-15 01:14:28 350,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\CDLMSO.DLL
+ 2003-07-15 09:18:12 47,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\DFUICOM.EXE
+ 2003-07-26 00:57:20 75,832 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\DLGSETP.DLL
+ 2003-07-31 21:19:52 131,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\ENVELOPE.DLL
+ 2003-08-13 08:34:38 10,073,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\EXCEL.EXE
+ 2003-07-24 05:01:40 1,949,240 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\FPCUTL.DLL
+ 2003-07-15 05:36:14 186,424 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\FPDTC.DLL
+ 2003-07-15 05:11:42 2,139,192 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\GRAPH.EXE
+ 2003-07-14 20:57:44 87,096 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\IEAWSDC.DLL
+ 2003-07-24 04:32:32 121,400 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\IMPMAIL.DLL
+ 2003-08-01 21:07:36 4,815,424 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\INFOPATH.EXE
+ 2003-05-28 21:42:48 514,680 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\INTLNAME.DLL
+ 2003-06-18 23:31:44 758,784 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\MDIGRAPH.DLL
+ 2003-06-18 23:31:48 17,920 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\MDIMON.DLL
+ 2003-06-18 23:31:48 18,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\MDIPPR.DLL
+ 2003-06-18 23:31:46 35,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\MDIUI.DLL
+ 2003-06-18 23:31:34 443,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\MDIVWCTL.DLL
+ 2003-08-15 06:54:08 6,627,392 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\MSACCESS.EXE
+ 2003-07-15 09:13:58 130,112 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\MSAEXP30.DLL
+ 2003-07-15 09:14:00 139,328 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\MSJSPP40.DLL
+ 2003-07-15 01:14:18 106,552 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\MSOCF.DLL
+ 2003-07-23 20:35:26 127,032 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\MSOCFU.DLL
+ 2003-06-18 23:31:24 1,033,216 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\MSPCORE.DLL
+ 2003-07-28 18:24:40 5,677,112 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\MSPUB.EXE
+ 2003-07-15 05:02:14 627,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\MSTORDB.EXE
+ 2003-07-15 04:56:24 124,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\MSTORE.EXE
+ 2003-07-24 04:40:00 482,872 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\MSTORES.DLL
+ 2003-07-15 09:14:26 283,696 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\OIS.EXE
+ 2003-07-15 09:14:26 828,472 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\OISAPP.DLL
+ 2003-07-15 09:14:26 27,192 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\OISCTRL.DLL
+ 2003-07-15 04:41:56 24,640 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\OUTLACCT.DLL
+ 2003-08-10 05:06:42 7,522,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\OUTLLIB.DLL
+ 2003-07-15 04:44:32 88,128 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\OUTLMIME.DLL
+ 2003-07-15 04:45:18 196,152 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\OUTLOOK.EXE
+ 2003-07-15 04:43:48 139,320 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\OUTLPH.DLL
+ 2003-07-15 04:43:18 64,056 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\OUTLRPC.DLL
+ 2003-07-30 18:40:40 6,133,312 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\POWERPNT.EXE
+ 2003-07-15 09:18:54 430,136 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\PP4X322.DLL
+ 2003-07-31 21:21:08 1,782,840 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\PPTVIEW.EXE
+ 2003-07-15 04:40:26 130,104 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\PRTF9.DLL
+ 2003-07-15 04:51:12 604,728 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\PTXT9.DLL
+ 2003-07-15 04:50:26 551,480 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\PUBCONV.DLL
+ 2003-07-15 04:43:30 74,288 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\RM.DLL
+ 2003-08-06 19:26:18 445,488 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\SOA.DLL
+ 2003-08-03 16:52:32 2,808,376 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\STSLIST.DLL
+ 2003-07-15 05:00:22 99,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\TRANSMGR.DLL
+ 2003-08-06 19:24:20 12,037,688 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.5614\WINWORD.EXE
+ 2005-07-05 11:24:58 1,160,904 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.7969\FPSRVUTL.DLL
+ 2005-03-25 15:49:06 800,960 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.7969\FPWEC.DLL
+ 2005-05-03 23:06:28 465,640 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.7969\MSDMENG.DLL
+ 2005-05-03 23:06:32 1,411,816 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.7969\MSDMINE.DLL
+ 2005-05-03 23:06:26 199,408 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.7969\MSMDUN80.DLL
+ 2005-06-02 22:36:20 7,252,672 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.7969\OWC10.DLL
+ 2005-04-25 11:29:56 8,071,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040110900063D11C8EF10054038389C\11.0.7969\OWC11.DLL
+ 2003-08-01 21:09:04 8,086,072 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C0404A0900063D11C8EF10054038389C\11.0.5614\OWC11.DLL
+ 2003-08-04 19:19:34 7,330,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040620900063D11C8EF10054038389C\11.0.5614\OWC10.DLL
- 2008-05-17 09:28:45 593,920 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-06-10 15:50:35 593,920 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-05-17 09:28:46 12,288 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-06-10 15:50:36 12,288 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-05-17 09:28:46 86,016 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-06-10 15:50:36 86,016 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-05-17 09:28:45 135,168 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-06-10 15:50:35 135,168 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-05-17 09:28:46 11,264 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-06-10 15:50:36 11,264 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-05-17 09:28:46 27,136 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-06-10 15:50:36 27,136 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-05-17 09:28:46 4,096 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-06-10 15:50:36 4,096 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-05-17 09:28:46 794,624 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-06-10 15:50:37 794,624 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-05-17 09:28:45 249,856 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-06-10 15:50:35 249,856 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-05-17 09:28:45 61,440 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-06-10 15:50:35 61,440 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-05-17 09:28:46 23,040 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-06-10 15:50:37 23,040 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-05-17 09:28:45 286,720 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-06-10 15:50:35 286,720 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-05-17 09:28:45 409,600 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-06-10 15:50:34 409,600 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-09-20 14:15:52 135,168 ----a-r C:\WINDOWS\Installer\{9026040C-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-06-10 15:47:25 135,168 ----a-r C:\WINDOWS\Installer\{9026040C-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-09-20 14:15:52 7,168 ----a-r C:\WINDOWS\Installer\{9026040C-6000-11D3-8CFE-0150048383C9}\owcico.exe
+ 2008-06-10 15:47:25 7,168 ----a-r C:\WINDOWS\Installer\{9026040C-6000-11D3-8CFE-0150048383C9}\owcico.exe
- 2007-09-20 14:16:41 135,168 ----a-r C:\WINDOWS\Installer\{90A4040C-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-06-10 15:47:35 135,168 ----a-r C:\WINDOWS\Installer\{90A4040C-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2004-07-14 23:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3340\_aspnet_isapi.dll
+ 2004-07-14 22:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3340\_CORPerfMonExt.dll
+ 2004-07-14 22:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3340\_fusion.dll
+ 2004-07-14 22:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3340\_mscorjit.dll
+ 2004-07-15 12:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3340\_mscorlib.dll
+ 2003-02-20 17:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3340\_mscorsn.dll
+ 2004-07-14 22:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3340\_mscorsvr.dll
+ 2004-07-14 22:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3340\_mscorwks.dll
+ 2003-02-21 02:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3340\_msvcr71.dll
+ 2004-07-14 22:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3340\_PerfCounter.dll
+ 2004-07-14 23:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3864\_aspnet_isapi.dll
+ 2004-07-14 22:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3864\_CORPerfMonExt.dll
+ 2004-07-14 22:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3864\_fusion.dll
+ 2004-07-14 22:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3864\_mscorjit.dll
+ 2004-07-15 12:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3864\_mscorlib.dll
+ 2003-02-20 17:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3864\_mscorsn.dll
+ 2004-07-14 22:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3864\_mscorsvr.dll
+ 2004-07-14 22:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3864\_mscorwks.dll
+ 2003-02-21 02:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3864\_msvcr71.dll
+ 2004-07-14 22:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3864\_PerfCounter.dll
- 2003-06-18 23:31:48 17,920 ----a-w C:\WINDOWS\system32\mdimon.dll
+ 2004-03-22 13:17:06 24,816 ----a-w C:\WINDOWS\system32\mdimon.dll
- 2003-06-18 23:31:44 758,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdigraph.dll
+ 2004-03-22 13:17:04 765,680 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdigraph.dll
- 2003-06-18 23:31:46 35,328 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll
+ 2004-03-22 13:17:10 42,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll
- 2003-06-18 23:31:44 758,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdigraph.dll
+ 2004-03-22 13:17:04 765,680 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdigraph.dll
- 2003-06-18 23:31:46 35,328 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdiui.dll
+ 2004-03-22 13:17:10 42,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\mdiui.dll
- 2003-06-18 23:31:48 18,944 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
+ 2004-03-22 13:17:08 25,840 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier.exe"="C:\Program Files\SuperCopier\SuperCopier.exe" [2003-04-25 00:03 683520]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-25 11:10 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59 204288]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 15:07 1289000]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 16:57 81920]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 21:42 212992]
"LWBKEYBOARD"="C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.2\KbdAp32A.exe" [2004-04-02 14:40 381440]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-11 17:11 114688]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-19 17:22 262401]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoUserNameInStartMenu"= 1 (0x1)
"NoInstrumentation"= 0 (0x0)
"NoStartMenuPinnedList"= 0 (0x0)
"ForceStartMenuLogoff"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg20.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StyleXPService"=2 (0x2)
"KLBLMain"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ShowShifter TVTV EPG Daemon"="C:\Program Files\Home Media Networks Limited\ShowShifter\TVTVD.exe"
"eCarteBleue-LPV-P1"="C:\Program Files\e-Carte Bleue\LA POSTE\CVD VISA\ECB.exe" /dontopenmycards
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\eMule.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"C:\\Program Files\\IEPro\\MiniDM.exe"=
"C:\\Program Files\\Lavasoft\\Ad-Aware SE Personal\\Ad-Aware.exe"=

R1 Dev_UNIDRV;Dev_UNIDRV;C:\WINDOWS\system32\Drivers\UNIDRV.SYS [2007-03-10 19:50]
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2001-11-27 16:07]
R1 oxser;OX16C95x Serial port driver;C:\WINDOWS\system32\DRIVERS\oxser.sys [2005-01-20 04:11]
R2 Dnscache;Client DNS;C:\WINDOWS\System32\svchost.exe [2004-08-20 01:10]
R2 Vcs;Vcs support;C:\WINDOWS\System32\Drivers\Vcs.sys [2002-12-10 10:11]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 09:08]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 21:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 20:30]
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-05-11 13:12]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-05-11 13:12]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-05-11 13:12]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-05-11 13:12]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-05-11 13:12]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 23:41]
S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-01-24 16:38]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-01-24 16:38]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-01-24 16:38]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 07:58]
S3 xbreader;ActionReplay XBox Driver (xbreader.sys);C:\WINDOWS\system32\Drivers\xbreader.sys [2001-01-03 00:53]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0541d6eb-774b-11d9-9908-0090d093a0b5}]
\Shell\Auto\command - H:\sxs.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9506030f-08a2-11dd-a89b-000000000000}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe WillPolo.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95060310-08a2-11dd-a89b-000000000000}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe WillPolo.vbs

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-10 08:07:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-09 22:21:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
"2007-05-06 22:21:33 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-10 21:55:14
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet085\Services\PSSdk21]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\HNPsSdk.drv"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft ActiveSync\rapimgr.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\MaxiMemo\MaxiMemo.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-10 22:10:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-10 20:10:23
ComboFix2.txt 2008-06-09 23:24:19

Pre-Run: 2,244,624,384 octets libres
Post-Run: 2,168,197,120 octets libres

342 --- E O F --- 2008-06-10 15:52:47

Rapport HijackThis :

Logfile of HijackThis v1.99.1
Scan saved at 22:13:56, on 10/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.2\KbdAp32A.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SuperCopier\SuperCopier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\MaxiMemo\MaxiMemo.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/microsoftupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Clipmarks.Toolbar - {1205D44C-FFD2-44E5-AA1D-929DCA37EB7A} - C:\Program Files\Clipmarks\clipmarks.dll
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.2\KbdAp32A.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: MaxiMemo.lnk = C:\Program Files\MaxiMemo\MaxiMemo.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/activex/TmHcmsX.CAB
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.serviceshub.microsoft.com/supportforbusiness/create
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - https://www.cult3d.com/
O16 - DPF: {33331111-1111-1111-1111-611111193458} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E123BED4-B8C7-42BB-958F-F13CA77EF95D} (Anark Client ActiveX Control) - http://install.anark.com/client/version2/windows-ie/en/AMClient.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS3\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS4\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS5\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS6\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS85\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 192.168.1.1
O17 - HKLM\System\CS86\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Unknown owner - C:\Program Files\a-squared Anti-Malware\a2service.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
0
Réponse 16 / 70
kENiCHi Messages postés 32 Date d'inscription dimanche 8 juin 2008 Statut Membre Dernière intervention 28 juin 2008
10 juin 2008 à 22:24
Je n'avais pas de rapport pour Flash_disinfector (peut-être parce-que je ne pense pas avoir de clé usb ou dd externe infectés) en tout cas je poste un nouveau rapport HijackThis :

Logfile of HijackThis v1.99.1
Scan saved at 22:22:55, on 10/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.2\KbdAp32A.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SuperCopier\SuperCopier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\MaxiMemo\MaxiMemo.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/microsoftupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Clipmarks.Toolbar - {1205D44C-FFD2-44E5-AA1D-929DCA37EB7A} - C:\Program Files\Clipmarks\clipmarks.dll
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.2\KbdAp32A.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: MaxiMemo.lnk = C:\Program Files\MaxiMemo\MaxiMemo.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/activex/TmHcmsX.CAB
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.serviceshub.microsoft.com/supportforbusiness/create
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - https://www.cult3d.com/
O16 - DPF: {33331111-1111-1111-1111-611111193458} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E123BED4-B8C7-42BB-958F-F13CA77EF95D} (Anark Client ActiveX Control) - http://install.anark.com/client/version2/windows-ie/en/AMClient.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS3\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS4\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS5\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS6\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS85\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 192.168.1.1
O17 - HKLM\System\CS86\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Unknown owner - C:\Program Files\a-squared Anti-Malware\a2service.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
0
Réponse 17 / 70
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
10 juin 2008 à 23:38
re,

il faut quand meme que tu branches ta/tes cle usb et/ou ton disque dure externe et que tu passes flash desinfector...

puis

-> Redémarre en mode sans échec :

Comment redémarrer en mode sans echec?

Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
Ps : si F8 ne marche pas utilise la touche F5.

a l´aide de hijack this coche et fix :

O17 - HKLM\System\CCS\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS3\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS4\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS5\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS6\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS85\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 192.168.1.1
O17 - HKLM\System\CS86\Services\Tcpip\..\{16BE75F0-3167-4D4A-A983-48EA1A22D0EA}: NameServer = 192.168.1.1

puis

toujours en mode sans echec :

click sur demarrer > executer > dans la boite de dialogue tape > cmd et valide

dans la fenetre noir tape ceci : ipconfig /flushdns et valide par entree

repost un hijack this

@+
0
Réponse 18 / 70
kENiCHi Messages postés 32 Date d'inscription dimanche 8 juin 2008 Statut Membre Dernière intervention 28 juin 2008
11 juin 2008 à 14:48
Bonjour ! Voici le rapport HijackThis :

Logfile of HijackThis v1.99.1
Scan saved at 15:48:52, on 11/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.2\KbdAp32A.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SuperCopier\SuperCopier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\MaxiMemo\MaxiMemo.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://update.microsoft.com/microsoftupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Clipmarks.Toolbar - {1205D44C-FFD2-44E5-AA1D-929DCA37EB7A} - C:\Program Files\Clipmarks\clipmarks.dll
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\MultiMedia Keyboard\MultiMedia Keyboard\1.2\KbdAp32A.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: MaxiMemo.lnk = C:\Program Files\MaxiMemo\MaxiMemo.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/activex/TmHcmsX.CAB
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.serviceshub.microsoft.com/supportforbusiness/create
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - https://www.cult3d.com/
O16 - DPF: {33331111-1111-1111-1111-611111193458} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E123BED4-B8C7-42BB-958F-F13CA77EF95D} (Anark Client ActiveX Control) - http://install.anark.com/client/version2/windows-ie/en/AMClient.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Unknown owner - C:\Program Files\a-squared Anti-Malware\a2service.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Fichiers communs\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
0
Réponse 19 / 70
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
11 juin 2008 à 19:34
Salut kenichi,

ok cool

passe ceci stp :

Fais un scan avec cet antispyware :

Telecharge malwarebytes + tutoriel :

-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.

@+
0
Réponse 20 / 70
kENiCHi Messages postés 32 Date d'inscription dimanche 8 juin 2008 Statut Membre Dernière intervention 28 juin 2008
11 juin 2008 à 22:20
Bonsoir ! Voici le rapport Malwarebytes :

Malwarebytes' Anti-Malware 1.17
Version de la base de données: 848

22:18:26 11/06/2008
mbam-log-6-11-2008 (22-18-26).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 198835
Temps écoulé: 1 hour(s), 23 minute(s), 25 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses
Comment changer le sens de la souris avec un double écran ?
Sviet531 -
Yt_mando -

51 réponses
Probleme bogue
Ines -
Pimmer -

1 réponse
impossible d'afficher le tableau dynamique sur un rapport existant
Pierre -
Adrien71 -

3 réponses