Sujet Précédent Sujet Suivant

Besion daide virus

Résolu/Fermé
dasterpx Messages postés 27 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 25 avril 2011 - 4 nov. 2008 à 03:37
dasterpx Messages postés 27 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 25 avril 2011 - 6 nov. 2008 à 23:54
Bonjour,


svp jai un virus mais je ne sais pas c quoi
jai telecharger un crack et boum
pus dinternet plus de avg anti virus ni limewire ni plusieur autre aider moi svp
pour pouvoir r'avoir internet jai du desactiver agshearhhook class (agcutils.dll)
mais cela ne ma redonner que internet et rien d'autre

voici mon log hithisjack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:32:43, on 2008-11-03
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\cynthia leclercs\Mes documents\bryan jeux\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.ca/0SEFRCA/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {12345678-1234-1234-1234-1234567890AB} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\cynthia leclercs\Menu Démarrer\Programmes\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\cynthia leclercs\Menu Démarrer\Programmes\Absolute Poker\Absolute Poker.lnk (HKCU)
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - https://pirates.disney.com/
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jdk/6u10/jinstall-6u10-windows-i586-jc.cab?e=1225512139377&h=070c44aae3ccd5b3d332173b56466142/&filename=jinstall-6u10-windows-i586-jc.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin2.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://ww38.instantaction.com/download/iaplayer.cab
O20 - AppInit_DLLs: C:\Program,Files\PremierOpinion\pmai.dll,C:\Program,Files\PremierOpinion\pmai.dll,C:\Program,Files\PremierOpinion\pmai.dll,C:\Program,Files\PremierOpinion\pmai.dll,C:\Program Files\PremierOpinion\pmai.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

19 réponses

Réponse 1 / 19
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 291
4 nov. 2008 à 05:55
https://www.youtube.com/watch?v=UtcUzslVKkc&gl=FR
1
Réponse 2 / 19
Utilisateur anonyme
4 nov. 2008 à 03:39
Salut,

Combofix. Attention, ce logiciel est très puissant, une mauvaise utilisation peut faire des dégâts...

Fais exactement ce qui suit :



Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !) :
Fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix, choisis le bureau comme destination et valide :

--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation (si jamais tu en as et que je ne les ai pas vu sur le rapport hijackthis....)

---> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre...

Tuto ici : TUTO
---------------------------------------------------------------------------------------------------------------------------------

Ensuite :

Double-clique sur C-Fix.exe (= combofix.exe ) .

Appuie sur une touche pour démarrer le scan .

Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi ---> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer

Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp
0
Réponse 3 / 19
Utilisateur anonyme
4 nov. 2008 à 03:42
Salut

pour suivre
0
Réponse 4 / 19
dasterpx Messages postés 27 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 25 avril 2011
4 nov. 2008 à 04:44
ComboFix 08-11-03.04 - cynthia leclercs 2008-11-03 22:31:48.1 - NTFSx86
Lancé depuis: c:\documents and settings\cynthia leclercs\Bureau\C-Fix.exe

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\cynthia leclercs\Mes documents\My Documents.url
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\Cache
c:\windows\system32\srutv.ini
c:\windows\system32\srutv.ini2
c:\windows\system32\system32.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Legacy_IPRIP
-------\Service_Boonty Games
-------\Service_Iprip


((((((((((((((((((((((((((((( Fichiers créés du 2008-10-04 au 2008-11-04 ))))))))))))))))))))))))))))))))))))
.

2008-11-03 21:52 . 2008-11-03 21:52 <REP> d-------- c:\program files\FrostWire
2008-11-03 21:43 . 2008-11-03 21:43 <REP> d-------- c:\program files\Windows Defender
2008-11-03 21:41 . 2008-11-03 21:41 <REP> d-------- c:\documents and settings\cynthia leclercs\Application Data\Grisoft
2008-11-03 21:40 . 2007-05-30 07:10 10,872 --a------ c:\windows\system32\drivers\AvgAsCln.sys
2008-11-03 20:54 . 2008-11-03 20:55 8,192 --a------ c:\documents and settings\ADDACE~3.007
2008-11-03 20:54 . 2008-11-03 20:55 8,192 --a------ c:\documents and settings\ADDACE~3.005
2008-11-03 20:54 . 2008-11-03 20:55 8,192 --a------ c:\documents and settings\ADDACE~3.004
2008-11-03 20:54 . 2008-11-03 20:55 8,192 --a------ c:\documents and settings\ADDACE~3.003
2008-11-03 20:54 . 2008-11-03 20:55 8,192 --a------ c:\documents and settings\ADDACE~3.002
2008-11-03 20:54 . 2008-11-03 20:55 8,192 --a------ c:\documents and settings\ADDACE~3.001
2008-11-03 20:54 . 2008-11-03 20:55 8,192 --a------ c:\documents and settings\ADDACE~3.000
2008-11-03 20:54 . 2008-11-03 20:55 8,192 --a------ c:\documents and settings\ADD~3.ACE
2008-11-03 20:49 . 2008-11-03 20:49 <REP> d-------- c:\documents and settings\cynthia leclercs\Application Data\InstallShield
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\Goto Software
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\Google
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\GemMasterFrench
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\FrenchOtto
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d--hs---- c:\program files\Fichiers communs\WindowsLiveInstaller
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\Fichiers communs\NewTech Infosystems
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\Fichiers communs\Nero
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\Fichiers communs\muvee Technologies
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\Fichiers communs\Kodak
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\Fichiers communs\InstallShield
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\Fichiers communs\HP
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\Fichiers communs\BOONTY Shared
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\DIFX
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\CyberLink
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\commercial
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\CCleaner
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\AVG
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\AGI
2008-11-03 20:47 . 2008-11-03 20:47 <REP> d-------- c:\program files\Sun
2008-11-03 20:47 . 2008-11-03 20:47 <REP> d-------- c:\program files\MSECache
2008-11-03 20:47 . 2008-11-03 20:47 <REP> d-------- c:\program files\mnProjects
2008-11-03 20:47 . 2008-11-03 20:47 <REP> d-------- c:\program files\Microsoft.NET
2008-11-03 20:47 . 2008-11-03 20:47 <REP> d-------- c:\program files\Microsoft Works
2008-11-03 20:47 . 2008-11-03 20:47 <REP> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-11-03 20:47 . 2008-11-03 20:47 <REP> d-------- c:\program files\Microsoft ActiveSync
2008-11-03 20:47 . 2008-11-03 20:47 <REP> d-------- c:\program files\Jasc Software Inc
2008-11-03 20:46 . 2008-11-03 20:46 <REP> d-------- c:\program files\Yahoo!
2008-11-03 17:33 . 2008-11-03 17:34 8,192 --a------ c:\documents and settings\ADDACE~2.007
2008-11-03 17:33 . 2008-11-03 17:34 8,192 --a------ c:\documents and settings\ADDACE~2.005
2008-11-03 17:33 . 2008-11-03 17:34 8,192 --a------ c:\documents and settings\ADDACE~2.004
2008-11-03 17:33 . 2008-11-03 17:34 8,192 --a------ c:\documents and settings\ADDACE~2.003
2008-11-03 17:33 . 2008-11-03 17:34 8,192 --a------ c:\documents and settings\ADDACE~2.002
2008-11-03 17:33 . 2008-11-03 17:34 8,192 --a------ c:\documents and settings\ADDACE~2.001
2008-11-03 17:33 . 2008-11-03 17:34 8,192 --a------ c:\documents and settings\ADDACE~2.000
2008-11-03 17:33 . 2008-11-03 17:34 8,192 --a------ c:\documents and settings\ADD~2.ACE
2008-11-03 17:29 . 2008-11-03 20:43 <REP> d-------- c:\program files\Absolute Poker
2008-11-03 17:27 . 2008-11-03 20:49 <REP> d--h----- c:\program files\InstallShield Installation Information
2008-11-03 16:59 . 2008-11-03 17:09 <REP> d-------- c:\documents and settings\cynthia leclercs\Application Data\alot
2008-10-31 23:01 . 2008-10-31 23:01 410,976 --a------ c:\windows\system32\deploytk.dll
2008-10-29 20:26 . 2008-11-03 20:49 <REP> d-------- c:\program files\WarRock
2008-10-29 19:37 . 2008-10-29 19:38 8,192 --a------ c:\documents and settings\ADDACE~1.007
2008-10-29 19:37 . 2008-10-29 19:38 8,192 --a------ c:\documents and settings\ADDACE~1.005
2008-10-29 19:37 . 2008-10-29 19:38 8,192 --a------ c:\documents and settings\ADDACE~1.004
2008-10-29 19:37 . 2008-10-29 19:38 8,192 --a------ c:\documents and settings\ADDACE~1.003
2008-10-29 19:37 . 2008-10-29 19:38 8,192 --a------ c:\documents and settings\ADDACE~1.002
2008-10-29 19:37 . 2008-10-29 19:38 8,192 --a------ c:\documents and settings\ADDACE~1.001
2008-10-29 19:37 . 2008-10-29 19:38 8,192 --a------ c:\documents and settings\ADDACE~1.000
2008-10-29 19:37 . 2008-10-29 19:38 8,192 --a------ c:\documents and settings\ADD~1.ACE
2008-10-29 19:37 . 2008-10-29 19:38 8,192 --a------ c:\documents and settings\ADD
2008-10-29 19:25 . 2008-10-29 19:25 <REP> d--h----- c:\windows\$hf_mig$
2008-10-29 19:22 . 2008-10-29 19:22 <REP> d-------- c:\program files\Oca History Tool
2008-10-29 19:22 . 2008-10-29 19:22 <REP> d-------- c:\program files\NOS
2008-10-29 19:21 . 2008-10-29 19:21 <REP> d-------- c:\program files\VMNetSrv
2008-10-29 19:21 . 2008-10-29 19:21 <REP> d-------- c:\program files\Unity
2008-10-29 19:21 . 2008-10-29 19:21 <REP> d-------- c:\program files\TryMedia
2008-10-29 19:21 . 2008-10-29 19:21 <REP> d-------- c:\program files\Stellar Phoenix Windows Data Recovery
2008-10-29 19:21 . 2008-10-29 19:21 <REP> d-------- c:\program files\Spybot - Search & Destroy
2008-10-29 19:21 . 2008-10-29 19:21 <REP> d-------- c:\program files\Services en ligne
2008-10-29 19:21 . 2008-10-29 19:21 <REP> d-------- c:\program files\Realtek
2008-10-29 19:21 . 2008-10-29 19:22 <REP> d-------- c:\program files\QuickTime
2008-10-28 11:22 . 2008-10-28 11:22 262,144 --a------ C:\ntuser.dat
2008-10-27 21:59 . 2008-10-27 21:59 <REP> d-------- c:\documents and settings\cynthia leclercs\Application Data\Malwarebytes
2008-10-27 21:59 . 2008-10-27 21:59 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-27 21:49 . 2008-10-27 21:49 <REP> d-------- C:\_OTMoveIt
2008-10-24 14:00 . 2008-10-15 11:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-21 14:56 . 2008-10-21 14:57 <REP> d-------- c:\documents and settings\cynthia leclercs\Application Data\agi
2008-10-21 14:56 . 2008-10-21 14:56 <REP> d-------- c:\documents and settings\All Users\Application Data\Kiwee Toolbar
2008-10-21 14:56 . 2008-10-21 14:56 <REP> d-------- c:\documents and settings\All Users\Application Data\agi
2008-10-14 12:05 . 2008-08-14 08:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-14 12:05 . 2008-08-14 08:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-14 12:05 . 2008-08-14 08:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-14 12:05 . 2008-08-14 08:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-14 12:05 . 2008-09-15 10:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-14 12:05 . 2008-09-08 05:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-11 19:34 . 2008-10-11 19:34 <REP> d-------- c:\documents and settings\LocalService\Application Data\agi
2008-10-11 19:34 . 2008-10-21 14:56 2,117,632 --a------ c:\windows\system32\python25.dll
2008-10-11 19:34 . 2008-09-16 11:26 1,332,197 --a------ c:\windows\system32\pythondll.zip
2008-10-11 19:34 . 2008-10-21 14:56 339,968 --a------ c:\windows\system32\pythoncom25.dll
2008-10-11 19:34 . 2008-10-21 14:56 114,688 --a------ c:\windows\system32\pywintypes25.dll
2008-10-11 09:36 . 2008-10-11 09:36 268 --ah----- C:\sqmdata17.sqm
2008-10-11 09:36 . 2008-10-11 09:36 244 --ah----- C:\sqmnoopt17.sqm
2008-10-10 18:58 . 2008-10-10 18:58 268 --ah----- C:\sqmdata16.sqm
2008-10-10 18:58 . 2008-10-10 18:58 244 --ah----- C:\sqmnoopt16.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-04 01:54 --------- d-----w c:\documents and settings\All Users\Application Data\avg7
2008-11-04 01:48 --------- d-----w c:\program files\Glary Utilities
2008-11-04 01:47 --------- d-----w c:\program files\Fichiers communs\L&H
2008-11-04 01:47 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-11-04 01:47 --------- d-----w c:\program files\Acer WLAN 11g USB Dongle
2008-11-04 01:47 --------- d-----w c:\documents and settings\cynthia leclercs\Application Data\Azureus
2008-11-04 01:46 --------- d-----w c:\program files\Fichiers communs\LightScribe
2008-11-04 01:36 --------- d-----w c:\documents and settings\cynthia leclercs\Application Data\AVG7
2008-11-04 00:20 138,280 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-04 00:20 111,928 ----a-w c:\windows\system32\PnkBstrB.exe
2008-11-03 22:24 --------- d-----w c:\program files\Kodak
2008-11-03 22:23 --------- d-----w c:\program files\HP
2008-11-02 02:47 100,916 ----a-w c:\program files\warslot.exe
2008-11-01 04:01 --------- d-----w c:\program files\Java
2008-10-31 20:29 109,108 ----a-w c:\program files\changeme3.exe
2008-10-30 00:56 --------- d-----w c:\documents and settings\All Users\Application Data\Zylom
2008-10-28 22:18 --------- d-----w c:\documents and settings\cynthia leclercs\Application Data\LimeWire
2008-10-28 02:38 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-20 16:00 --------- d-----w c:\documents and settings\cynthia leclercs\Application Data\Image Zone Express
2008-10-18 22:01 --------- d-----w c:\documents and settings\cynthia leclercs\Application Data\Nero
2008-10-18 18:52 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-09-21 15:00 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-09-15 17:27 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
2008-09-14 01:14 --------- d-----w c:\program files\Wolfenstein - Enemy Territory
2008-09-14 00:58 --------- d-----w c:\documents and settings\cynthia leclercs\Application Data\teamspeak2
2008-09-14 00:58 --------- d-----w c:\documents and settings\cynthia leclercs\Application Data\bang
2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys
2008-08-28 07:47 74,752 ----a-w c:\windows\system32\msw3prt.dll
2008-08-28 07:47 105,472 ----a-w c:\windows\system32\win32spl.dll
2008-08-26 08:11 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-14 13:23 2,147,328 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 13:23 2,025,984 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-06-27 00:57 22,328 ----a-w c:\documents and settings\cynthia leclercs\Application Data\PnkBstrK.sys
2007-12-28 01:46 32 ----a-r c:\documents and settings\All Users\hash.dat
2004-07-22 15:51 3,432,656 ----a-w c:\program files\ManagedDX.CAB
2004-07-20 03:58 1,156,363 ----a-w c:\program files\BDANT.cab
2004-07-20 03:53 976,020 ----a-w c:\program files\BDAXP.cab
2004-07-09 19:17 13,265,040 ----a-w c:\program files\dxnt.cab
2004-07-09 14:13 703,080 ----a-w c:\program files\BDA.cab
2004-07-09 14:13 15,493,481 ----a-w c:\program files\DirectX.cab
2004-07-09 09:08 472,576 ----a-w c:\program files\dxsetup.exe
2004-07-09 09:08 2,242,560 ----a-w c:\program files\dsetup32.dll
2004-07-09 08:03 62,976 ----a-w c:\program files\DSETUP.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-11 7626752]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-04-18 49152]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-11-03 579072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 345088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-31 136600]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"SkyTel"="SkyTel.EXE" [2006-05-15 c:\windows\SkyTel.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-07-11 c:\windows\system32\nvmctray.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-31 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-09-17 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-07-09 219136]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2007-09-29 45056]
Acer WLAN 11g USB Dongle.lnk - c:\program files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 745472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= c:\windows\Resources\Themes\Royale.theme
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2007-10-02 15:51 75064 c:\windows\system32\LMIinit.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ntiMUI"=c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"PHIME2002A"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"IMEKRMIG6.1"=c:\windows\ime\imkr6_1\IMEKRMIG.EXE
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"LaunchApp"=Alaunch
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-09-12 46112]
S2 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\PythonService.exe [2008-10-21 10240]
S2 JavaQuickStarterService;Java Quick Starter;c:\program files\Java\jre6\bin\jqs.exe [2008-10-31 152984]
S3 p2pgasvc;Authentification de groupe réseau homologue;c:\windows\system32\svchost.exe [2008-04-13 14336]
S3 p2pimsvc;Gestionnaire d'identité réseau homologue;c:\windows\system32\svchost.exe [2008-04-13 14336]
S3 p2psvc;Réseau homologue;c:\windows\system32\svchost.exe [2008-04-13 14336]
S3 PNRPSvc;Protocole de résolution de noms d'homologues;c:\windows\system32\svchost.exe [2008-04-13 14336]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [2007-02-15 26624]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);c:\windows\system32\DRIVERS\zd1211Bu.sys [2005-10-28 402432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contenu du dossier 'Tâches planifiées'

2008-11-04 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-10-29 17:58]

2008-11-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2008-11-01 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe []

2008-10-25 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2008-07-17 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2008-11-04 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE []
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
BHO-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
Toolbar-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)


.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.ask.com?o=1607
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
R0 -: HKLM-Main,Start Page = hxxp://home.sweetim.com
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-SearchURL,(Default) = hxxp://g.fr.msn.ca/0SEFRCA/SAOS01?FORM=TOOLBR
O8 -: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 -: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 -: {12345678-1234-1234-1234-1234567890AB}
O9 -: {12345678-1234-1234-1234-1234567890AB} - -

O16 -: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
c:\windows\Downloaded Program Files\OSDC5.OSD
c:\windows\Downloaded Program Files\InstallerControl.dll

O16 -: {DB7BF79A-FC51-4B5A-92BC-A65731174380} - hxxp://www.instantaction.com/download/iaplayer.cab
c:\windows\Downloaded Program Files\cab.inf
c:\windows\Downloaded Program Files\iaplayer.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-03 22:36:19
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Windows Defender\MsMpEng.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\progra~1\Grisoft\AVG7\avgemc.exe
c:\windows\system32\Crypserv.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\fxssvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\verclsid.exe
.
**************************************************************************
.
Heure de fin: 2008-11-03 22:41:19 - La machine a redémarré [cynthia leclercs]
ComboFix-quarantined-files.txt 2008-11-04 03:41:16

Avant-CF: 208 141 938 688 octets libres
Après-CF: 208,346,533,888 octets libres

341 --- E O F --- 2008-10-25 04:12:01
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 19
dasterpx Messages postés 27 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 25 avril 2011
4 nov. 2008 à 04:44
ComboFix 08-11-03.04 - cynthia leclercs 2008-11-03 22:31:48.1 - NTFSx86
Lancé depuis: c:\documents and settings\cynthia leclercs\Bureau\C-Fix.exe

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\cynthia leclercs\Mes documents\My Documents.url
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\Cache
c:\windows\system32\srutv.ini
c:\windows\system32\srutv.ini2
c:\windows\system32\system32.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Legacy_IPRIP
-------\Service_Boonty Games
-------\Service_Iprip


((((((((((((((((((((((((((((( Fichiers créés du 2008-10-04 au 2008-11-04 ))))))))))))))))))))))))))))))))))))
.

2008-11-03 21:52 . 2008-11-03 21:52 <REP> d-------- c:\program files\FrostWire
2008-11-03 21:43 . 2008-11-03 21:43 <REP> d-------- c:\program files\Windows Defender
2008-11-03 21:41 . 2008-11-03 21:41 <REP> d-------- c:\documents and settings\cynthia leclercs\Application Data\Grisoft
2008-11-03 21:40 . 2007-05-30 07:10 10,872 --a------ c:\windows\system32\drivers\AvgAsCln.sys
2008-11-03 20:54 . 2008-11-03 20:55 8,192 --a------ c:\documents and settings\ADDACE~3.007
2008-11-03 20:54 . 2008-11-03 20:55 8,192 --a------ c:\documents and settings\ADDACE~3.005
2008-11-03 20:54 . 2008-11-03 20:55 8,192 --a------ c:\documents and settings\ADDACE~3.004
2008-11-03 20:54 . 2008-11-03 20:55 8,192 --a------ c:\documents and settings\ADDACE~3.003
2008-11-03 20:54 . 2008-11-03 20:55 8,192 --a------ c:\documents and settings\ADDACE~3.002
2008-11-03 20:54 . 2008-11-03 20:55 8,192 --a------ c:\documents and settings\ADDACE~3.001
2008-11-03 20:54 . 2008-11-03 20:55 8,192 --a------ c:\documents and settings\ADDACE~3.000
2008-11-03 20:54 . 2008-11-03 20:55 8,192 --a------ c:\documents and settings\ADD~3.ACE
2008-11-03 20:49 . 2008-11-03 20:49 <REP> d-------- c:\documents and settings\cynthia leclercs\Application Data\InstallShield
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\Goto Software
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\Google
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\GemMasterFrench
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\FrenchOtto
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d--hs---- c:\program files\Fichiers communs\WindowsLiveInstaller
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\Fichiers communs\NewTech Infosystems
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\Fichiers communs\Nero
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\Fichiers communs\muvee Technologies
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\Fichiers communs\Kodak
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\Fichiers communs\InstallShield
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\Fichiers communs\HP
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\Fichiers communs\BOONTY Shared
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\DIFX
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\CyberLink
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\commercial
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\CCleaner
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\AVG
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\AGI
2008-11-03 20:47 . 2008-11-03 20:47 <REP> d-------- c:\program files\Sun
2008-11-03 20:47 . 2008-11-03 20:47 <REP> d-------- c:\program files\MSECache
2008-11-03 20:47 . 2008-11-03 20:47 <REP> d-------- c:\program files\mnProjects
2008-11-03 20:47 . 2008-11-03 20:47 <REP> d-------- c:\program files\Microsoft.NET
2008-11-03 20:47 . 2008-11-03 20:47 <REP> d-------- c:\program files\Microsoft Works
2008-11-03 20:47 . 2008-11-03 20:47 <REP> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-11-03 20:47 . 2008-11-03 20:47 <REP> d-------- c:\program files\Microsoft ActiveSync
2008-11-03 20:47 . 2008-11-03 20:47 <REP> d-------- c:\program files\Jasc Software Inc
2008-11-03 20:46 . 2008-11-03 20:46 <REP> d-------- c:\program files\Yahoo!
2008-11-03 17:33 . 2008-11-03 17:34 8,192 --a------ c:\documents and settings\ADDACE~2.007
2008-11-03 17:33 . 2008-11-03 17:34 8,192 --a------ c:\documents and settings\ADDACE~2.005
2008-11-03 17:33 . 2008-11-03 17:34 8,192 --a------ c:\documents and settings\ADDACE~2.004
2008-11-03 17:33 . 2008-11-03 17:34 8,192 --a------ c:\documents and settings\ADDACE~2.003
2008-11-03 17:33 . 2008-11-03 17:34 8,192 --a------ c:\documents and settings\ADDACE~2.002
2008-11-03 17:33 . 2008-11-03 17:34 8,192 --a------ c:\documents and settings\ADDACE~2.001
2008-11-03 17:33 . 2008-11-03 17:34 8,192 --a------ c:\documents and settings\ADDACE~2.000
2008-11-03 17:33 . 2008-11-03 17:34 8,192 --a------ c:\documents and settings\ADD~2.ACE
2008-11-03 17:29 . 2008-11-03 20:43 <REP> d-------- c:\program files\Absolute Poker
2008-11-03 17:27 . 2008-11-03 20:49 <REP> d--h----- c:\program files\InstallShield Installation Information
2008-11-03 16:59 . 2008-11-03 17:09 <REP> d-------- c:\documents and settings\cynthia leclercs\Application Data\alot
2008-10-31 23:01 . 2008-10-31 23:01 410,976 --a------ c:\windows\system32\deploytk.dll
2008-10-29 20:26 . 2008-11-03 20:49 <REP> d-------- c:\program files\WarRock
2008-10-29 19:37 . 2008-10-29 19:38 8,192 --a------ c:\documents and settings\ADDACE~1.007
2008-10-29 19:37 . 2008-10-29 19:38 8,192 --a------ c:\documents and settings\ADDACE~1.005
2008-10-29 19:37 . 2008-10-29 19:38 8,192 --a------ c:\documents and settings\ADDACE~1.004
2008-10-29 19:37 . 2008-10-29 19:38 8,192 --a------ c:\documents and settings\ADDACE~1.003
2008-10-29 19:37 . 2008-10-29 19:38 8,192 --a------ c:\documents and settings\ADDACE~1.002
2008-10-29 19:37 . 2008-10-29 19:38 8,192 --a------ c:\documents and settings\ADDACE~1.001
2008-10-29 19:37 . 2008-10-29 19:38 8,192 --a------ c:\documents and settings\ADDACE~1.000
2008-10-29 19:37 . 2008-10-29 19:38 8,192 --a------ c:\documents and settings\ADD~1.ACE
2008-10-29 19:37 . 2008-10-29 19:38 8,192 --a------ c:\documents and settings\ADD
2008-10-29 19:25 . 2008-10-29 19:25 <REP> d--h----- c:\windows\$hf_mig$
2008-10-29 19:22 . 2008-10-29 19:22 <REP> d-------- c:\program files\Oca History Tool
2008-10-29 19:22 . 2008-10-29 19:22 <REP> d-------- c:\program files\NOS
2008-10-29 19:21 . 2008-10-29 19:21 <REP> d-------- c:\program files\VMNetSrv
2008-10-29 19:21 . 2008-10-29 19:21 <REP> d-------- c:\program files\Unity
2008-10-29 19:21 . 2008-10-29 19:21 <REP> d-------- c:\program files\TryMedia
2008-10-29 19:21 . 2008-10-29 19:21 <REP> d-------- c:\program files\Stellar Phoenix Windows Data Recovery
2008-10-29 19:21 . 2008-10-29 19:21 <REP> d-------- c:\program files\Spybot - Search & Destroy
2008-10-29 19:21 . 2008-10-29 19:21 <REP> d-------- c:\program files\Services en ligne
2008-10-29 19:21 . 2008-10-29 19:21 <REP> d-------- c:\program files\Realtek
2008-10-29 19:21 . 2008-10-29 19:22 <REP> d-------- c:\program files\QuickTime
2008-10-28 11:22 . 2008-10-28 11:22 262,144 --a------ C:\ntuser.dat
2008-10-27 21:59 . 2008-10-27 21:59 <REP> d-------- c:\documents and settings\cynthia leclercs\Application Data\Malwarebytes
2008-10-27 21:59 . 2008-10-27 21:59 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-27 21:49 . 2008-10-27 21:49 <REP> d-------- C:\_OTMoveIt
2008-10-24 14:00 . 2008-10-15 11:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-21 14:56 . 2008-10-21 14:57 <REP> d-------- c:\documents and settings\cynthia leclercs\Application Data\agi
2008-10-21 14:56 . 2008-10-21 14:56 <REP> d-------- c:\documents and settings\All Users\Application Data\Kiwee Toolbar
2008-10-21 14:56 . 2008-10-21 14:56 <REP> d-------- c:\documents and settings\All Users\Application Data\agi
2008-10-14 12:05 . 2008-08-14 08:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-14 12:05 . 2008-08-14 08:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-14 12:05 . 2008-08-14 08:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-14 12:05 . 2008-08-14 08:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-14 12:05 . 2008-09-15 10:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-14 12:05 . 2008-09-08 05:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-11 19:34 . 2008-10-11 19:34 <REP> d-------- c:\documents and settings\LocalService\Application Data\agi
2008-10-11 19:34 . 2008-10-21 14:56 2,117,632 --a------ c:\windows\system32\python25.dll
2008-10-11 19:34 . 2008-09-16 11:26 1,332,197 --a------ c:\windows\system32\pythondll.zip
2008-10-11 19:34 . 2008-10-21 14:56 339,968 --a------ c:\windows\system32\pythoncom25.dll
2008-10-11 19:34 . 2008-10-21 14:56 114,688 --a------ c:\windows\system32\pywintypes25.dll
2008-10-11 09:36 . 2008-10-11 09:36 268 --ah----- C:\sqmdata17.sqm
2008-10-11 09:36 . 2008-10-11 09:36 244 --ah----- C:\sqmnoopt17.sqm
2008-10-10 18:58 . 2008-10-10 18:58 268 --ah----- C:\sqmdata16.sqm
2008-10-10 18:58 . 2008-10-10 18:58 244 --ah----- C:\sqmnoopt16.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-04 01:54 --------- d-----w c:\documents and settings\All Users\Application Data\avg7
2008-11-04 01:48 --------- d-----w c:\program files\Glary Utilities
2008-11-04 01:47 --------- d-----w c:\program files\Fichiers communs\L&H
2008-11-04 01:47 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-11-04 01:47 --------- d-----w c:\program files\Acer WLAN 11g USB Dongle
2008-11-04 01:47 --------- d-----w c:\documents and settings\cynthia leclercs\Application Data\Azureus
2008-11-04 01:46 --------- d-----w c:\program files\Fichiers communs\LightScribe
2008-11-04 01:36 --------- d-----w c:\documents and settings\cynthia leclercs\Application Data\AVG7
2008-11-04 00:20 138,280 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-04 00:20 111,928 ----a-w c:\windows\system32\PnkBstrB.exe
2008-11-03 22:24 --------- d-----w c:\program files\Kodak
2008-11-03 22:23 --------- d-----w c:\program files\HP
2008-11-02 02:47 100,916 ----a-w c:\program files\warslot.exe
2008-11-01 04:01 --------- d-----w c:\program files\Java
2008-10-31 20:29 109,108 ----a-w c:\program files\changeme3.exe
2008-10-30 00:56 --------- d-----w c:\documents and settings\All Users\Application Data\Zylom
2008-10-28 22:18 --------- d-----w c:\documents and settings\cynthia leclercs\Application Data\LimeWire
2008-10-28 02:38 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-20 16:00 --------- d-----w c:\documents and settings\cynthia leclercs\Application Data\Image Zone Express
2008-10-18 22:01 --------- d-----w c:\documents and settings\cynthia leclercs\Application Data\Nero
2008-10-18 18:52 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-09-21 15:00 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-09-15 17:27 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
2008-09-14 01:14 --------- d-----w c:\program files\Wolfenstein - Enemy Territory
2008-09-14 00:58 --------- d-----w c:\documents and settings\cynthia leclercs\Application Data\teamspeak2
2008-09-14 00:58 --------- d-----w c:\documents and settings\cynthia leclercs\Application Data\bang
2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys
2008-08-28 07:47 74,752 ----a-w c:\windows\system32\msw3prt.dll
2008-08-28 07:47 105,472 ----a-w c:\windows\system32\win32spl.dll
2008-08-26 08:11 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-14 13:23 2,147,328 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 13:23 2,025,984 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-06-27 00:57 22,328 ----a-w c:\documents and settings\cynthia leclercs\Application Data\PnkBstrK.sys
2007-12-28 01:46 32 ----a-r c:\documents and settings\All Users\hash.dat
2004-07-22 15:51 3,432,656 ----a-w c:\program files\ManagedDX.CAB
2004-07-20 03:58 1,156,363 ----a-w c:\program files\BDANT.cab
2004-07-20 03:53 976,020 ----a-w c:\program files\BDAXP.cab
2004-07-09 19:17 13,265,040 ----a-w c:\program files\dxnt.cab
2004-07-09 14:13 703,080 ----a-w c:\program files\BDA.cab
2004-07-09 14:13 15,493,481 ----a-w c:\program files\DirectX.cab
2004-07-09 09:08 472,576 ----a-w c:\program files\dxsetup.exe
2004-07-09 09:08 2,242,560 ----a-w c:\program files\dsetup32.dll
2004-07-09 08:03 62,976 ----a-w c:\program files\DSETUP.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-11 7626752]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-04-18 49152]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-11-03 579072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 345088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-31 136600]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"SkyTel"="SkyTel.EXE" [2006-05-15 c:\windows\SkyTel.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-07-11 c:\windows\system32\nvmctray.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-31 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-09-17 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-07-09 219136]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2007-09-29 45056]
Acer WLAN 11g USB Dongle.lnk - c:\program files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 745472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= c:\windows\Resources\Themes\Royale.theme
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2007-10-02 15:51 75064 c:\windows\system32\LMIinit.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ntiMUI"=c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"PHIME2002A"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"IMEKRMIG6.1"=c:\windows\ime\imkr6_1\IMEKRMIG.EXE
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"LaunchApp"=Alaunch
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-09-12 46112]
S2 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\PythonService.exe [2008-10-21 10240]
S2 JavaQuickStarterService;Java Quick Starter;c:\program files\Java\jre6\bin\jqs.exe [2008-10-31 152984]
S3 p2pgasvc;Authentification de groupe réseau homologue;c:\windows\system32\svchost.exe [2008-04-13 14336]
S3 p2pimsvc;Gestionnaire d'identité réseau homologue;c:\windows\system32\svchost.exe [2008-04-13 14336]
S3 p2psvc;Réseau homologue;c:\windows\system32\svchost.exe [2008-04-13 14336]
S3 PNRPSvc;Protocole de résolution de noms d'homologues;c:\windows\system32\svchost.exe [2008-04-13 14336]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [2007-02-15 26624]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);c:\windows\system32\DRIVERS\zd1211Bu.sys [2005-10-28 402432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contenu du dossier 'Tâches planifiées'

2008-11-04 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-10-29 17:58]

2008-11-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2008-11-01 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe []

2008-10-25 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2008-07-17 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2008-11-04 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE []
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
BHO-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
Toolbar-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)


.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.ask.com?o=1607
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
R0 -: HKLM-Main,Start Page = hxxp://home.sweetim.com
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-SearchURL,(Default) = hxxp://g.fr.msn.ca/0SEFRCA/SAOS01?FORM=TOOLBR
O8 -: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 -: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 -: {12345678-1234-1234-1234-1234567890AB}
O9 -: {12345678-1234-1234-1234-1234567890AB} - -

O16 -: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
c:\windows\Downloaded Program Files\OSDC5.OSD
c:\windows\Downloaded Program Files\InstallerControl.dll

O16 -: {DB7BF79A-FC51-4B5A-92BC-A65731174380} - hxxp://www.instantaction.com/download/iaplayer.cab
c:\windows\Downloaded Program Files\cab.inf
c:\windows\Downloaded Program Files\iaplayer.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-03 22:36:19
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Windows Defender\MsMpEng.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\progra~1\Grisoft\AVG7\avgemc.exe
c:\windows\system32\Crypserv.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\fxssvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\verclsid.exe
.
**************************************************************************
.
Heure de fin: 2008-11-03 22:41:19 - La machine a redémarré [cynthia leclercs]
ComboFix-quarantined-files.txt 2008-11-04 03:41:16

Avant-CF: 208 141 938 688 octets libres
Après-CF: 208,346,533,888 octets libres

341 --- E O F --- 2008-10-25 04:12:01
0
Réponse 6 / 19
dasterpx Messages postés 27 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 25 avril 2011
4 nov. 2008 à 04:44
ComboFix 08-11-03.04 - cynthia leclercs 2008-11-03 22:31:48.1 - NTFSx86
Lancé depuis: c:\documents and settings\cynthia leclercs\Bureau\C-Fix.exe

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\cynthia leclercs\Mes documents\My Documents.url
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\Cache
c:\windows\system32\srutv.ini
c:\windows\system32\srutv.ini2
c:\windows\system32\system32.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Legacy_IPRIP
-------\Service_Boonty Games
-------\Service_Iprip


((((((((((((((((((((((((((((( Fichiers créés du 2008-10-04 au 2008-11-04 ))))))))))))))))))))))))))))))))))))
.

2008-11-03 21:52 . 2008-11-03 21:52 <REP> d-------- c:\program files\FrostWire
2008-11-03 21:43 . 2008-11-03 21:43 <REP> d-------- c:\program files\Windows Defender
2008-11-03 21:41 . 2008-11-03 21:41 <REP> d-------- c:\documents and settings\cynthia leclercs\Application Data\Grisoft
2008-11-03 21:40 . 2007-05-30 07:10 10,872 --a------ c:\windows\system32\drivers\AvgAsCln.sys
2008-11-03 20:54 . 2008-11-03 20:55 8,192 --a------ c:\documents and settings\ADDACE~3.007
2008-11-03 20:54 . 2008-11-03 20:55 8,192 --a------ c:\documents and settings\ADDACE~3.005
2008-11-03 20:54 . 2008-11-03 20:55 8,192 --a------ c:\documents and settings\ADDACE~3.004
2008-11-03 20:54 . 2008-11-03 20:55 8,192 --a------ c:\documents and settings\ADDACE~3.003
2008-11-03 20:54 . 2008-11-03 20:55 8,192 --a------ c:\documents and settings\ADDACE~3.002
2008-11-03 20:54 . 2008-11-03 20:55 8,192 --a------ c:\documents and settings\ADDACE~3.001
2008-11-03 20:54 . 2008-11-03 20:55 8,192 --a------ c:\documents and settings\ADDACE~3.000
2008-11-03 20:54 . 2008-11-03 20:55 8,192 --a------ c:\documents and settings\ADD~3.ACE
2008-11-03 20:49 . 2008-11-03 20:49 <REP> d-------- c:\documents and settings\cynthia leclercs\Application Data\InstallShield
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\Goto Software
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\Google
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\GemMasterFrench
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\FrenchOtto
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d--hs---- c:\program files\Fichiers communs\WindowsLiveInstaller
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\Fichiers communs\NewTech Infosystems
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\Fichiers communs\Nero
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\Fichiers communs\muvee Technologies
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\Fichiers communs\Kodak
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\Fichiers communs\InstallShield
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\Fichiers communs\HP
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\Fichiers communs\BOONTY Shared
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\DIFX
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\CyberLink
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\commercial
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\CCleaner
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\AVG
2008-11-03 20:48 . 2008-11-03 20:48 <REP> d-------- c:\program files\AGI
2008-11-03 20:47 . 2008-11-03 20:47 <REP> d-------- c:\program files\Sun
2008-11-03 20:47 . 2008-11-03 20:47 <REP> d-------- c:\program files\MSECache
2008-11-03 20:47 . 2008-11-03 20:47 <REP> d-------- c:\program files\mnProjects
2008-11-03 20:47 . 2008-11-03 20:47 <REP> d-------- c:\program files\Microsoft.NET
2008-11-03 20:47 . 2008-11-03 20:47 <REP> d-------- c:\program files\Microsoft Works
2008-11-03 20:47 . 2008-11-03 20:47 <REP> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-11-03 20:47 . 2008-11-03 20:47 <REP> d-------- c:\program files\Microsoft ActiveSync
2008-11-03 20:47 . 2008-11-03 20:47 <REP> d-------- c:\program files\Jasc Software Inc
2008-11-03 20:46 . 2008-11-03 20:46 <REP> d-------- c:\program files\Yahoo!
2008-11-03 17:33 . 2008-11-03 17:34 8,192 --a------ c:\documents and settings\ADDACE~2.007
2008-11-03 17:33 . 2008-11-03 17:34 8,192 --a------ c:\documents and settings\ADDACE~2.005
2008-11-03 17:33 . 2008-11-03 17:34 8,192 --a------ c:\documents and settings\ADDACE~2.004
2008-11-03 17:33 . 2008-11-03 17:34 8,192 --a------ c:\documents and settings\ADDACE~2.003
2008-11-03 17:33 . 2008-11-03 17:34 8,192 --a------ c:\documents and settings\ADDACE~2.002
2008-11-03 17:33 . 2008-11-03 17:34 8,192 --a------ c:\documents and settings\ADDACE~2.001
2008-11-03 17:33 . 2008-11-03 17:34 8,192 --a------ c:\documents and settings\ADDACE~2.000
2008-11-03 17:33 . 2008-11-03 17:34 8,192 --a------ c:\documents and settings\ADD~2.ACE
2008-11-03 17:29 . 2008-11-03 20:43 <REP> d-------- c:\program files\Absolute Poker
2008-11-03 17:27 . 2008-11-03 20:49 <REP> d--h----- c:\program files\InstallShield Installation Information
2008-11-03 16:59 . 2008-11-03 17:09 <REP> d-------- c:\documents and settings\cynthia leclercs\Application Data\alot
2008-10-31 23:01 . 2008-10-31 23:01 410,976 --a------ c:\windows\system32\deploytk.dll
2008-10-29 20:26 . 2008-11-03 20:49 <REP> d-------- c:\program files\WarRock
2008-10-29 19:37 . 2008-10-29 19:38 8,192 --a------ c:\documents and settings\ADDACE~1.007
2008-10-29 19:37 . 2008-10-29 19:38 8,192 --a------ c:\documents and settings\ADDACE~1.005
2008-10-29 19:37 . 2008-10-29 19:38 8,192 --a------ c:\documents and settings\ADDACE~1.004
2008-10-29 19:37 . 2008-10-29 19:38 8,192 --a------ c:\documents and settings\ADDACE~1.003
2008-10-29 19:37 . 2008-10-29 19:38 8,192 --a------ c:\documents and settings\ADDACE~1.002
2008-10-29 19:37 . 2008-10-29 19:38 8,192 --a------ c:\documents and settings\ADDACE~1.001
2008-10-29 19:37 . 2008-10-29 19:38 8,192 --a------ c:\documents and settings\ADDACE~1.000
2008-10-29 19:37 . 2008-10-29 19:38 8,192 --a------ c:\documents and settings\ADD~1.ACE
2008-10-29 19:37 . 2008-10-29 19:38 8,192 --a------ c:\documents and settings\ADD
2008-10-29 19:25 . 2008-10-29 19:25 <REP> d--h----- c:\windows\$hf_mig$
2008-10-29 19:22 . 2008-10-29 19:22 <REP> d-------- c:\program files\Oca History Tool
2008-10-29 19:22 . 2008-10-29 19:22 <REP> d-------- c:\program files\NOS
2008-10-29 19:21 . 2008-10-29 19:21 <REP> d-------- c:\program files\VMNetSrv
2008-10-29 19:21 . 2008-10-29 19:21 <REP> d-------- c:\program files\Unity
2008-10-29 19:21 . 2008-10-29 19:21 <REP> d-------- c:\program files\TryMedia
2008-10-29 19:21 . 2008-10-29 19:21 <REP> d-------- c:\program files\Stellar Phoenix Windows Data Recovery
2008-10-29 19:21 . 2008-10-29 19:21 <REP> d-------- c:\program files\Spybot - Search & Destroy
2008-10-29 19:21 . 2008-10-29 19:21 <REP> d-------- c:\program files\Services en ligne
2008-10-29 19:21 . 2008-10-29 19:21 <REP> d-------- c:\program files\Realtek
2008-10-29 19:21 . 2008-10-29 19:22 <REP> d-------- c:\program files\QuickTime
2008-10-28 11:22 . 2008-10-28 11:22 262,144 --a------ C:\ntuser.dat
2008-10-27 21:59 . 2008-10-27 21:59 <REP> d-------- c:\documents and settings\cynthia leclercs\Application Data\Malwarebytes
2008-10-27 21:59 . 2008-10-27 21:59 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-27 21:49 . 2008-10-27 21:49 <REP> d-------- C:\_OTMoveIt
2008-10-24 14:00 . 2008-10-15 11:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-21 14:56 . 2008-10-21 14:57 <REP> d-------- c:\documents and settings\cynthia leclercs\Application Data\agi
2008-10-21 14:56 . 2008-10-21 14:56 <REP> d-------- c:\documents and settings\All Users\Application Data\Kiwee Toolbar
2008-10-21 14:56 . 2008-10-21 14:56 <REP> d-------- c:\documents and settings\All Users\Application Data\agi
2008-10-14 12:05 . 2008-08-14 08:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-14 12:05 . 2008-08-14 08:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-14 12:05 . 2008-08-14 08:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-14 12:05 . 2008-08-14 08:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-14 12:05 . 2008-09-15 10:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-14 12:05 . 2008-09-08 05:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-11 19:34 . 2008-10-11 19:34 <REP> d-------- c:\documents and settings\LocalService\Application Data\agi
2008-10-11 19:34 . 2008-10-21 14:56 2,117,632 --a------ c:\windows\system32\python25.dll
2008-10-11 19:34 . 2008-09-16 11:26 1,332,197 --a------ c:\windows\system32\pythondll.zip
2008-10-11 19:34 . 2008-10-21 14:56 339,968 --a------ c:\windows\system32\pythoncom25.dll
2008-10-11 19:34 . 2008-10-21 14:56 114,688 --a------ c:\windows\system32\pywintypes25.dll
2008-10-11 09:36 . 2008-10-11 09:36 268 --ah----- C:\sqmdata17.sqm
2008-10-11 09:36 . 2008-10-11 09:36 244 --ah----- C:\sqmnoopt17.sqm
2008-10-10 18:58 . 2008-10-10 18:58 268 --ah----- C:\sqmdata16.sqm
2008-10-10 18:58 . 2008-10-10 18:58 244 --ah----- C:\sqmnoopt16.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-04 01:54 --------- d-----w c:\documents and settings\All Users\Application Data\avg7
2008-11-04 01:48 --------- d-----w c:\program files\Glary Utilities
2008-11-04 01:47 --------- d-----w c:\program files\Fichiers communs\L&H
2008-11-04 01:47 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-11-04 01:47 --------- d-----w c:\program files\Acer WLAN 11g USB Dongle
2008-11-04 01:47 --------- d-----w c:\documents and settings\cynthia leclercs\Application Data\Azureus
2008-11-04 01:46 --------- d-----w c:\program files\Fichiers communs\LightScribe
2008-11-04 01:36 --------- d-----w c:\documents and settings\cynthia leclercs\Application Data\AVG7
2008-11-04 00:20 138,280 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-04 00:20 111,928 ----a-w c:\windows\system32\PnkBstrB.exe
2008-11-03 22:24 --------- d-----w c:\program files\Kodak
2008-11-03 22:23 --------- d-----w c:\program files\HP
2008-11-02 02:47 100,916 ----a-w c:\program files\warslot.exe
2008-11-01 04:01 --------- d-----w c:\program files\Java
2008-10-31 20:29 109,108 ----a-w c:\program files\changeme3.exe
2008-10-30 00:56 --------- d-----w c:\documents and settings\All Users\Application Data\Zylom
2008-10-28 22:18 --------- d-----w c:\documents and settings\cynthia leclercs\Application Data\LimeWire
2008-10-28 02:38 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-20 16:00 --------- d-----w c:\documents and settings\cynthia leclercs\Application Data\Image Zone Express
2008-10-18 22:01 --------- d-----w c:\documents and settings\cynthia leclercs\Application Data\Nero
2008-10-18 18:52 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-09-21 15:00 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-09-15 17:27 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
2008-09-14 01:14 --------- d-----w c:\program files\Wolfenstein - Enemy Territory
2008-09-14 00:58 --------- d-----w c:\documents and settings\cynthia leclercs\Application Data\teamspeak2
2008-09-14 00:58 --------- d-----w c:\documents and settings\cynthia leclercs\Application Data\bang
2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys
2008-08-28 07:47 74,752 ----a-w c:\windows\system32\msw3prt.dll
2008-08-28 07:47 105,472 ----a-w c:\windows\system32\win32spl.dll
2008-08-26 08:11 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-14 13:23 2,147,328 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 13:23 2,025,984 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-06-27 00:57 22,328 ----a-w c:\documents and settings\cynthia leclercs\Application Data\PnkBstrK.sys
2007-12-28 01:46 32 ----a-r c:\documents and settings\All Users\hash.dat
2004-07-22 15:51 3,432,656 ----a-w c:\program files\ManagedDX.CAB
2004-07-20 03:58 1,156,363 ----a-w c:\program files\BDANT.cab
2004-07-20 03:53 976,020 ----a-w c:\program files\BDAXP.cab
2004-07-09 19:17 13,265,040 ----a-w c:\program files\dxnt.cab
2004-07-09 14:13 703,080 ----a-w c:\program files\BDA.cab
2004-07-09 14:13 15,493,481 ----a-w c:\program files\DirectX.cab
2004-07-09 09:08 472,576 ----a-w c:\program files\dxsetup.exe
2004-07-09 09:08 2,242,560 ----a-w c:\program files\dsetup32.dll
2004-07-09 08:03 62,976 ----a-w c:\program files\DSETUP.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-11 7626752]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-04-18 49152]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-11-03 579072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 345088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-31 136600]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"SkyTel"="SkyTel.EXE" [2006-05-15 c:\windows\SkyTel.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-07-11 c:\windows\system32\nvmctray.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-31 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-09-17 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-07-09 219136]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2007-09-29 45056]
Acer WLAN 11g USB Dongle.lnk - c:\program files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 745472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= c:\windows\Resources\Themes\Royale.theme
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2007-10-02 15:51 75064 c:\windows\system32\LMIinit.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ntiMUI"=c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"PHIME2002A"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"IMEKRMIG6.1"=c:\windows\ime\imkr6_1\IMEKRMIG.EXE
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"LaunchApp"=Alaunch
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-09-12 46112]
S2 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\PythonService.exe [2008-10-21 10240]
S2 JavaQuickStarterService;Java Quick Starter;c:\program files\Java\jre6\bin\jqs.exe [2008-10-31 152984]
S3 p2pgasvc;Authentification de groupe réseau homologue;c:\windows\system32\svchost.exe [2008-04-13 14336]
S3 p2pimsvc;Gestionnaire d'identité réseau homologue;c:\windows\system32\svchost.exe [2008-04-13 14336]
S3 p2psvc;Réseau homologue;c:\windows\system32\svchost.exe [2008-04-13 14336]
S3 PNRPSvc;Protocole de résolution de noms d'homologues;c:\windows\system32\svchost.exe [2008-04-13 14336]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [2007-02-15 26624]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);c:\windows\system32\DRIVERS\zd1211Bu.sys [2005-10-28 402432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contenu du dossier 'Tâches planifiées'

2008-11-04 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-10-29 17:58]

2008-11-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2008-11-01 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe []

2008-10-25 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2008-07-17 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2008-11-04 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE []
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
BHO-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
Toolbar-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)


.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.ask.com?o=1607
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
R0 -: HKLM-Main,Start Page = hxxp://home.sweetim.com
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-SearchURL,(Default) = hxxp://g.fr.msn.ca/0SEFRCA/SAOS01?FORM=TOOLBR
O8 -: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 -: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 -: {12345678-1234-1234-1234-1234567890AB}
O9 -: {12345678-1234-1234-1234-1234567890AB} - -

O16 -: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
c:\windows\Downloaded Program Files\OSDC5.OSD
c:\windows\Downloaded Program Files\InstallerControl.dll

O16 -: {DB7BF79A-FC51-4B5A-92BC-A65731174380} - hxxp://www.instantaction.com/download/iaplayer.cab
c:\windows\Downloaded Program Files\cab.inf
c:\windows\Downloaded Program Files\iaplayer.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-03 22:36:19
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Windows Defender\MsMpEng.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\progra~1\Grisoft\AVG7\avgemc.exe
c:\windows\system32\Crypserv.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\fxssvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\verclsid.exe
.
**************************************************************************
.
Heure de fin: 2008-11-03 22:41:19 - La machine a redémarré [cynthia leclercs]
ComboFix-quarantined-files.txt 2008-11-04 03:41:16

Avant-CF: 208 141 938 688 octets libres
Après-CF: 208,346,533,888 octets libres

341 --- E O F --- 2008-10-25 04:12:01
0
Réponse 7 / 19
Utilisateur anonyme
4 nov. 2008 à 04:55
Re,

Dans l'ordre:STP.

--> Télécharge UsbFix (de Chiquitine29) sur ton Bureau :
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe

--> Lance l'installation avec les paramètres par défaut.

--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.

--> Double-clique sur le raccourci UsbFix sur ton Bureau.

--> Le PC va redémarrer.

--> Après redémarrage, poste le rapport UsbFix.txt

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)

-------------------------------------------------------------------------------------------------------------------------------------------------

Relance hijackthis,clique sur "Do a system scan only "

Ensuite recherche cette ligne et coche la case :

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

Ensuite clique sur "Fix checked "


desactive le service:

=> Démarrer -> Exécuter -> tape <gras>services.msc, et supprime le service => Service: Boonty Games - BOONTY

clique sur la ligne

fais arreter puis desactiver

ensuite=> supprime tous le dossier boonty si il est present dans :

C:\Program Files\Fichiers communs\BOONTY Shared


redemarre et reposte un rapport hijackthis.



0
Réponse 8 / 19
Utilisateur anonyme
4 nov. 2008 à 04:57
une question stp


pourquoi usbfix ??
0
Réponse 9 / 19
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 291
4 nov. 2008 à 05:00
Salut,

Contre Boonty Games, tu peux utiliser Ad-Remover.
0
Réponse 10 / 19
Utilisateur anonyme
4 nov. 2008 à 05:29
Re,

A tous:

Pour usbfix: O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe (pour moi il a des clé USB ou autres)

Ensuite pour bounty,le savait pas et trouver cette "astuce" et l'applique .(aussi pour le log que tu me dit il est bon que pour xp)?

merci pour l'info.

PS:Maintenant si pas sa vous laisse finir,et verrais comme sa.
0
Réponse 11 / 19
Utilisateur anonyme
4 nov. 2008 à 05:48
Pour usbfix: O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk

c une clé wifi qui te dis quelle est infecté ???
0
Réponse 12 / 19
Utilisateur anonyme
4 nov. 2008 à 05:55
Re,

Oui c'est vrai mais préfère prévenir aussi.Non ou je me trompe?

@+
0
Réponse 13 / 19
Utilisateur anonyme
4 nov. 2008 à 05:58
ouais tu te trompes

je suis pas la pour te faire ...

mé voila on m a alerté sur ton comportement face a des infections ....


j ai décidé de venir vers toi car je pense que tu veux apprendre


alors pourquoi tu pense "vaut mieux que" ??
0
Réponse 14 / 19
Utilisateur anonyme
4 nov. 2008 à 05:59
Re,

Cool la petite musique de goldorak59,

j'vais l'écouter en boucle.

merci
0
Réponse 15 / 19
Utilisateur anonyme
4 nov. 2008 à 06:01
http://www.commentcamarche.net/forum/affich 9242544 besion daide virus?#13
0
Réponse 16 / 19
Utilisateur anonyme
4 nov. 2008 à 06:03
Re,

Ne pense pas "vaut mieux que" mais maintenant si on parle de moi,trés bien aussi..........

Maintenant oui je veut apprendre et c que c'est pas facile mais fait du mieux que je peut.

Aussi un point que je trouve important c'est que d'autres disent des aneries et eux "sévices" aussi.

Maintenant fait ce que tu doit.
0
didishnikov Messages postés 1994 Date d'inscription jeudi 12 juin 2008 Statut Membre Dernière intervention 10 juin 2017 81
4 nov. 2008 à 11:14
b'jour a tous. et en ce qui concerne dasterpx ? il fait quoi ? ;-))
0
Réponse 17 / 19
dasterpx Messages postés 27 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 25 avril 2011
6 nov. 2008 à 23:40
-------------- UsbFix V2.395 ---------------

* User : cynthia leclercs - ACER-AEA8124537
* Outils mis a jours le 06/11/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 17:34:29 le 2008-11-06
* Windows Xp - Internet Explorer 7.0.5730.13


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\DOCUME~1\CYNTHI~1\LOCALS~1\Temp\1.tmp\b2e.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\RUNDLL32.EXE
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe

D: - Lecteur fixe


--------------- [ Registre / Startup ] ----------------


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
SkyTel REG_SZ SkyTel.EXE
Acer Empowering Technology Monitor REG_SZ C:\WINDOWS\system32\SysMonitor.exe
NvMediaCenter REG_SZ RunDLL32.exe NvMCTray.dll,NvTaskbarInit
RTHDCPL REG_SZ RTHDCPL.EXE
ehTray REG_SZ C:\WINDOWS\ehome\ehtray.exe
AVG7_CC REG_SZ C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
eDataSecurity Loader REG_SZ C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
nwiz REG_SZ nwiz.exe /install
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
!AVG Anti-Spyware REG_SZ "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

--------------- [ Registre / Mountpoint2 ] ----------------


-> Recherche négative.

--------------- [ Nettoyage des disques ] ----------------


--------------- [ Listing des fichiers présents ] ----------------

-> /!\ Le resultat doit etre interprété par un spécialiste /!\

[2006-08-23 14:20][--a------] C:\AUTOEXEC.BAT
[2004-08-10 15:00][-rahs----] C:\NTDETECT.COM
[2008-05-05 19:49][-r-hs----] C:\boot.ini

--------------- ! Fin du rapport ! ----------------
0
Réponse 18 / 19
dasterpx Messages postés 27 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 25 avril 2011
6 nov. 2008 à 23:50
dsl pour bounty il nest pas la
jai fais un scan avec
hijackthis
do a systeme scan only et il n.est pas la

voici le log du 2eme scan do a systeme scan whit a log



--------------- ! Fin du rapport ! ----------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:48:56, on 2008-11-06
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\cynthia leclercs\Local Settings\Temporary Internet Files\Content.IE5\R74N57EK\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.ca/0SEFRCA/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {12345678-1234-1234-1234-1234567890AB} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\cynthia leclercs\Menu Démarrer\Programmes\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\cynthia leclercs\Menu Démarrer\Programmes\Absolute Poker\Absolute Poker.lnk (HKCU)
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - https://pirates.disney.com/
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jdk/6u10/jinstall-6u10-windows-i586-jc.cab?e=1225512139377&h=070c44aae3ccd5b3d332173b56466142/&filename=jinstall-6u10-windows-i586-jc.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin2.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://ww38.instantaction.com/download/iaplayer.cab
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
0
Réponse 19 / 19
dasterpx Messages postés 27 Date d'inscription mardi 22 janvier 2008 Statut Membre Dernière intervention 25 avril 2011
6 nov. 2008 à 23:54
merci de ton aide car je suis nul
mais jai une tites question deveraige formater mo pc ou si c possible de le reparer
et si je formate quel programme doi-je prendre pour enregistrer mes donner importante (photo , cv ,
dossier jeux . etc ) merci encore de bien voyul;oir maider
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
Comment savoir si j'ai attrapé un virus sur mon téléphone ?
Infolock -
bell -

66 réponses
Virus Altruistic
Mael03250 -
MisteryBean -

11 réponses
Supprimer notifications myavids.com sous Android.
Guy72 -
Liline -

7 réponses