problemes de virus

maxsagaz · **Inscrit le:** Mer 9 Avr 2008 - 17:01 **Messages:** 20

bonjour a toi, merci de tes conseil pour maider a faire partir mes virus , mai j'ai encore quelque pb, jai avec moi un rapport te montran que j'ai quelque virus qui m'embete encore ... g telecharger combofix et quadn j'ai fait un scan il ma di ke j'avai un autre virus sur ceci bizarre non ?
merci d'avance de m'aider

je te met avec mon rapport de scan

d'avance merci --------------------------------------------------------------
//
// Product BitDefender Free Edition v10
// Product 10.2
//
// Created on: 12/04/2008 16:31:08
//
//-----------------------------------------------------------------

Virus Statistics

Scan path : C:\
Folders : 4570
Files : 225740
Memory processes scanned : 32
Archives : 1124
Runtime packers : 6187
Identified viruses : 2
Infected files : 3
Memory processes infected : 0
Suspect files : 0
Warnings : 0
Disinfected files : 0
Deleted files : 1
Moved files : 0
I/O errors : 32
Scan time : 00:34:45
Scan speed (files/sec) : 108

Spyware Statistics

Registry keys scanned : 288
Registry keys infected : 0
Cookies scanned : 22
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 0

Virus definitions : 1141959
Scan plugins : 16
Archive plugins : 41
Unpack plugins : 7
Mail plugins : 6
System plugins : 5

Virus scan options

Detection
[X] Scan boot sectors
[X] Memory Processes
[X] Scan archives
[X] Scan runtime packers
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Move to quarantine
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[X] Move to quarantine
[ ] Prompt user

Virus scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1208010668.log

Spyware scan options

[X] Scan for riskware
[ ] Skip dial and applications from scan
[X] Registry keys
[X] Cookies

Summary:

C:\Documents and Settings\parison michel\Bureau\ComboFix.exe=>(RAR Sfx o)=>327882R2FWJFW\nircmd.cfexe Detected: Spyware.Tool.Nircmd.A
C:\Documents and Settings\parison michel\Bureau\ComboFix.exe=>(RAR Sfx o)=>327882R2FWJFW\nircmd.cfexe Disinfection failed
C:\Documents and Settings\parison michel\Bureau\ComboFix.exe=>(RAR Sfx o)=>327882R2FWJFW\nircmd.cfexe Move failed
C:\Documents and Settings\parison michel\Local Settings\Application Data\Mozilla\Firefox\Profiles\im03v3tw.default\Cache\C2152591d01=>(RAR Sfx o)=>327882R2FWJFW\nircmd.cfexe Detected: Spyware.Tool.Nircmd.A
C:\Documents and Settings\parison michel\Local Settings\Application Data\Mozilla\Firefox\Profiles\im03v3tw.default\Cache\C2152591d01=>(RAR Sfx o)=>327882R2FWJFW\nircmd.cfexe Disinfection failed
C:\Documents and Settings\parison michel\Local Settings\Application Data\Mozilla\Firefox\Profiles\im03v3tw.default\Cache\C2152591d01=>(RAR Sfx o)=>327882R2FWJFW\nircmd.cfexe Move failed
C:\WINDOWS\system32\pac.txt Infected: Trojan.Downloader.VB.VPG
C:\WINDOWS\system32\pac.txt Deleted

AgnesD

Bonjour
Rien de terrible.
j'aimerai que tu me trouve le rapport créé par combofix regarde dans son dossier.

Par contre je te signale qu'il est fortement déconseillé d'utiliser cet outil seul.
:wink:

A +

maxsagaz · **Inscrit le:** Mer 9 Avr 2008 - 17:01 **Messages:** 20

re ! peut tu me conseiller quelque chose pr effacer tt le reste de mes virus car il fai planter mon ordi :s:s
g suprimer combofix voila merci
a+

AgnesD

tu as lu trop vite...
Je voulais le rapport de combofix afin de mieux te conseiller...

Citer:

j'aimerai que tu me trouve le rapport créé par combofix regarde dans son dossier.

Si il est encore a la poubelle peux tu le récupérer ?
Si non...
Peux tu nous fournir un scan HJThis pour voir ce qu'il en est.
Si tu peux fait aussi un scan chez kaspersky en ligne.
http://webscanner.kaspersky.fr/
et poste moi le rapport.
Ce qui se trouve sur ton rapport BitDefender n'est pas pour moi inquiétant.
Donc je veux voir si il y a autre chose.
:wink:

maxsagaz · **Inscrit le:** Mer 9 Avr 2008 - 17:01 **Messages:** 20

voila le scan merci

Logfile of HijackThis v1.99.1
Scan saved at 11:51:39, on 13/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {00C74933-8FD8-4B45-8DCA-8A970D930A1E} - (no file)
O2 - BHO: targettedbanner.biz browser enhancer - {16B435F6-B6CE-4F24-A568-944B27ED919C} - C:\WINDOWS\system32\atgban.dll (file missing)
O2 - BHO: (no name) - {4F58D4C4-0786-41C0-B887-773F9965BB19} - C:\WINDOWS\system32\opnkkhge.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7A531FBF-A639-4A57-AB06-78683AB1F78B} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {7638b1bd-c88d-77ea-bd74-1e429f202078} - {870202f9-24e1-47db-ae77-d88cdb1b8367} - C:\WINDOWS\system32\nkigeayg.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D84A3538-0D59-45FC-A8C4-C83BB5983E16} - C:\WINDOWS\system32\iifdaxvu.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?6e6290571ac34cd6984344b018bac2
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?6e6290571ac34cd6984344b018bac2
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: opnkkhge - C:\WINDOWS\SYSTEM32\opnkkhge.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

AgnesD

Hello.
la première chose que je vois sur ton scan HJThis c'est trois antivirus installés ensembles.
Normal que ton PC plante.
Désinstalle en deux n'en garde qu'un seul.
Ensuite
relance la machine et fait un nettoyage ainsi
http://forumxp.net.free.fr/phpBB2/voir_ ... .php?id=42
fait uniquement les parties 2, 4 et 5 rien d'autre.
Dans le 4 désactive les services relatifs aux antivirus que tu n'aura pas gardé.

Citer:

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Quand cela sera fini on entreprendra le nettoyage des virus éventuellement restants.
Attention ne fait pas de fantaisies tiens toi en a ce qui est ecrit.

maxsagaz · **Inscrit le:** Mer 9 Avr 2008 - 17:01 **Messages:** 20

g uh probleme pr l'etape n°2, quand tu me demande de cliquer sur mozilla car je l'utilise c'est encore en grios cklair dc je ne peu pas aller dessu pk ??

AgnesD

Je ne sais pas.
peu importe passe a la suite.
:wink:

Sois sympa essaye d'écrire correctement, le SMS c'est pas trop mon truc et cela ne facilite pas la communication.
:wink:

maxsagaz · **Inscrit le:** Mer 9 Avr 2008 - 17:01 **Messages:** 20

ok désolé je ne peut meme pas faire l'étape n°4 il ne veut pas me rentrer " services.msc " :s:s

AgnesD

Ok.
Bon ben on va faire "comme si"
=>Télécharge combofix.exe
sauvegarde le sur ton bureau et pas ailleurs!
Double clique sur Combofix.exe puis suis les instructions.
Quand il aura fini, il va générer un rapport.
Poste le dans ta prochaine réponse avec un nouveau log Hijackthis.

Note Ne pas cliquer dans la fenêtre de combofix et ne rien faire d'autre durant le passage de l'outil.
En général cela prend 10 minutes mais cela peut être plus long selon le niveau d'infection.

Je veux donc le rapport combofix.
Mais ne fait ceci que si tu as dés installéles deux Antivirus qui étaient en trop.
A+
:wink:

maxsagaz · **Inscrit le:** Mer 9 Avr 2008 - 17:01 **Messages:** 20

je vient de redemarrer mon ordinateur, et j'ai reussi a y rentrer. j'ai fait tout ce que tu m'as dit de faire apres sa devrai aller mieux ou encore je doit faire des choses ??
a+

AgnesD

Si tu as fait ce qui est noté là:

AgnesD a écrit:

Ok.
Bon ben on va faire "comme si"
=>Télécharge combofix.exe
sauvegarde le sur ton bureau et pas ailleurs!
Double clique sur Combofix.exe puis suis les instructions.
Quand il aura fini, il va générer un rapport.
Poste le dans ta prochaine réponse avec un nouveau log Hijackthis.

Note Ne pas cliquer dans la fenêtre de combofix et ne rien faire d'autre durant le passage de l'outil.
En général cela prend 10 minutes mais cela peut être plus long selon le niveau d'infection.

Je veux donc le rapport combofix.
Mais ne fait ceci que si tu as dés installéles deux Antivirus qui étaient en trop.
A+
:wink:

j'attend donc le rapport de combfix.
Ainsi je pourrai te dire si il reste ou on des choses a faire.
Sinon fait ce qui précéde.
A+
:wink:

maxsagaz · **Inscrit le:** Mer 9 Avr 2008 - 17:01 **Messages:** 20

voile j'ai fait ce que tu m'as dit :

ComboFix 08-04-12.7 - parison michel 2008-04-13 15:20:34.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.306 [GMT 2:00]
Endroit: C:\Documents and Settings\parison michel\Bureau\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ohkxhxyl.ini
.
---- Previous Run -------
.
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\BM8b3656dc.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\fnsdsddq.ini
C:\WINDOWS\system32\gcbowcdr.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\qkscrcai.ini
C:\WINDOWS\system32\uvxadfii.ini
C:\WINDOWS\system32\uvxadfii.ini2
C:\WINDOWS\system32\ygkwvcgm.ini

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-13 to 2008-04-13 ))))))))))))))))))))))))))))))))))))
.

2008-04-13 14:20 . 2008-04-13 14:20 90,688 --a------ C:\WINDOWS\system32\lyxhxkho.dll
2008-04-13 14:17 . 2008-04-13 14:17 95,808 --a------ C:\WINDOWS\system32\vtpqnmgh.dll
2008-04-13 14:14 . 2008-04-13 14:14 93,760 --a------ C:\WINDOWS\system32\tuwnrrff.dll
2008-04-13 14:14 . 2008-04-13 14:14 3,648 --a------ C:\WINDOWS\system32\qxwifysj.dll
2008-04-13 14:06 . 2008-04-13 14:07 <REP> d-------- C:\Program Files\OpenOffice.org 2.4
2008-04-13 13:38 . 2008-04-13 13:39 <REP> d-------- C:\Program Files\jv16 PowerTools
2008-04-13 11:50 . 2008-04-13 11:51 <REP> d-------- C:\Program Files\Hijackthis Version Française
2008-04-12 15:40 . 2008-04-12 20:02 <REP> d-------- C:\Program Files\Everest Poker
2008-04-12 14:14 . 2008-04-12 14:14 3,648 --a------ C:\WINDOWS\system32\vjajimcv.dll
2008-04-11 18:20 . 2008-04-11 18:25 942 --a------ C:\WINDOWS\wininit.ini
2008-04-11 17:04 . 2008-03-23 12:56 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-04-11 17:04 . 2008-03-23 12:56 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-04-11 17:04 . 2008-03-23 12:06 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-04-11 17:04 . 2008-03-23 12:56 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-04-11 17:04 . 2008-03-23 12:56 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-04-11 17:04 . 2008-03-23 12:56 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-04-11 17:04 . 2008-03-23 12:56 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-04-11 16:06 . 2008-04-11 17:49 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-11 16:06 . 2008-04-11 18:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-11 14:49 . 2008-04-11 14:49 <REP> d-------- C:\WINDOWS\system32\Lang
2008-04-11 14:49 . 2008-04-11 14:49 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER
2008-04-11 14:49 . 2008-04-11 14:49 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-04-11 14:08 . 2008-04-13 15:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-11 12:34 . 2008-04-11 12:34 3,648 --a------ C:\WINDOWS\system32\lktwnkju.dll
2008-04-10 12:35 . 2008-04-10 12:35 3,648 --a------ C:\WINDOWS\system32\cjoowfpf.dll
2008-04-09 18:34 . 2008-04-13 13:11 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-04-09 18:29 . 2008-04-13 13:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-04-09 18:26 . 2008-04-13 13:12 <REP> d-------- C:\Program Files\Fichiers communs\Softwin
2008-04-09 18:26 . 2008-04-09 18:26 27,683,672 --a------ C:\Program Files\bitdefender_free_v10.exe
2008-04-07 21:30 . 2008-04-07 21:30 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-04-07 20:29 . 2008-04-07 20:29 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-04-07 20:29 . 2008-04-07 20:35 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-07 17:54 . 2008-04-07 17:54 288,256 --------- C:\WINDOWS\system32\iifdaxvu.dll
2008-04-07 17:50 . 2008-04-07 17:50 39,883 --a------ C:\WINDOWS\system32\targetedbanner-uninst.exe
2008-04-07 17:49 . 2008-04-07 17:49 <REP> d-------- C:\WINDOWS\system32\spol3
2008-04-07 17:49 . 2008-04-07 17:49 <REP> d-------- C:\WINDOWS\system32\MId2
2008-04-07 17:49 . 2008-04-11 15:50 <REP> d-------- C:\WINDOWS\system32\HBL
2008-04-07 17:49 . 2008-04-11 15:47 <REP> d-------- C:\WINDOWS\system32\bharebio18
2008-04-07 17:49 . 2008-04-07 17:49 <REP> d-------- C:\Temp\wdlw14
2008-04-07 17:49 . 2008-04-13 15:03 <REP> d-------- C:\Temp
2008-04-07 17:49 . 2008-04-07 17:49 40,960 --------- C:\WINDOWS\system32\opnkkhge.dll
2008-04-07 17:48 . 2008-04-07 17:48 10,240 --a------ C:\Documents and Settings\parison michel\services.exe
2008-04-06 19:19 . 2008-04-06 19:19 <REP> d-------- C:\Program Files\Incomplete
2008-04-06 19:18 . 2008-04-06 19:19 <REP> d-------- C:\Program Files\LimeWire
2008-04-06 16:56 . 2008-04-06 16:56 <REP> d-------- C:\Program Files\Midway Games
2008-04-06 15:52 . 2008-04-13 14:46 <REP> d-------- C:\Documents and Settings\parison michel\Application Data\OpenOffice.org2
2008-04-06 15:33 . 2008-04-06 15:33 <REP> d-------- C:\Program Files\iTunes
2008-04-06 15:33 . 2008-04-06 15:33 <REP> d-------- C:\Program Files\iPod
2008-04-06 15:33 . 2008-04-06 15:44 <REP> d-------- C:\Documents and Settings\parison michel\Application Data\Apple Computer
2008-04-06 15:31 . 2008-04-06 15:32 <REP> d-------- C:\Program Files\QuickTime
2008-04-06 15:31 . 2008-04-06 15:31 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-04-06 15:31 . 2008-04-06 15:31 <REP> d-------- C:\Program Files\Apple Software Update
2008-04-06 15:31 . 2008-04-06 15:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-06 15:31 . 2008-04-06 15:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-06 15:31 . 2008-02-18 11:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-04-05 15:57 . 2004-01-14 03:10 163,840 --a------ C:\WINDOWS\BJPSUNST.EXE
2008-04-05 15:56 . 1998-11-13 13:16 308,224 --a------ C:\WINDOWS\IsUn040c.exe
2008-04-05 15:56 . 2008-04-05 15:56 0 --a------ C:\WINDOWS\OpPrintServer.INI
2008-04-05 15:54 . 2004-06-15 07:00 116,736 --a------ C:\WINDOWS\system32\CNMLM61.DLL
2008-04-05 15:54 . 2004-06-04 17:34 86,016 -ra------ C:\WINDOWS\system32\CNMCP61.exe
2008-04-05 15:54 . 2004-06-15 07:00 7,680 --a------ C:\WINDOWS\system32\CNMVS61.DLL
2008-04-05 15:53 . 2008-04-05 15:53 <REP> d-------- C:\WINDOWS\StartHtmico
2008-04-05 15:53 . 2008-04-05 15:53 <REP> d-------- C:\WINDOWS\IP4000,3000
2008-04-05 15:52 . 2008-04-05 15:57 <REP> d-------- C:\Program Files\Canon
2008-04-05 15:47 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-05 15:47 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-04-04 21:21 . 2008-04-04 21:21 <REP> d-------- C:\Program Files\EA GAMES
2008-04-04 21:21 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-03-31 14:55 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-03-31 14:55 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-29 11:22 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-29 11:22 . 2007-07-30 20:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-29 11:22 . 2007-07-30 20:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-28 20:57 . 2008-03-28 20:57 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-03-28 20:57 . 2008-03-28 20:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-03-28 20:56 . 2008-03-28 20:57 <REP> d-------- C:\Program Files\Windows Live Toolbar
2008-03-28 19:37 . 2008-03-28 19:37 34 --a------ C:\WINDOWS\Kit.ini
2008-03-27 18:40 . 2004-08-04 01:54 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-03-27 18:40 . 2004-08-03 23:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-27 18:40 . 2001-08-23 18:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-03-24 19:06 . 2005-05-27 11:23 2,180,096 -ra------ C:\WINDOWS\system32\drivers\lvsvf2.sys
2008-03-24 19:06 . 2004-08-04 00:10 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2008-03-24 19:06 . 2004-08-04 00:10 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2008-03-24 19:06 . 2004-08-04 00:10 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2008-03-24 19:06 . 2004-08-04 01:55 16,384 --a------ C:\WINDOWS\system32\ipsink.ax
2008-03-24 19:06 . 2004-08-04 00:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2008-03-24 19:06 . 2004-08-04 00:10 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2008-03-24 19:06 . 2004-08-04 00:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008-03-24 19:06 . 2004-08-03 23:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-03-24 19:00 . 2008-03-24 19:00 <REP> d-------- C:\Program Files\Fichiers communs\FotoWire
2008-03-24 19:00 . 2008-03-24 19:00 <REP> d-------- C:\Documents and Settings\parison michel\Application Data\FotoWire
2008-03-24 19:00 . 2005-07-19 18:31 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
2008-03-24 18:59 . 2008-03-24 18:59 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2008-03-24 18:58 . 2008-03-24 18:58 81,920 -r------- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
2008-03-24 18:57 . 2008-03-24 19:00 <REP> d-------- C:\Program Files\Logitech
2008-03-23 20:05 . 2004-08-04 01:55 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-03-23 20:05 . 2001-08-17 21:19 72,832 --a------ C:\WINDOWS\system32\drivers\cwbwdm.sys
2008-03-23 20:05 . 2004-08-04 00:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 11:42 --------- d-----w C:\Program Files\Wanadoo
2008-04-06 13:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2008-03-24 16:56 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-03-23 15:16 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-03-23 10:58 --------- d-----w C:\Program Files\Windows Live
2008-03-23 10:57 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-23 10:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-23 10:43 --------- d-----w C:\Program Files\Alwil Software
2008-03-23 10:35 --------- d-----w C:\Program Files\Wanadoo Messager
2008-03-23 10:33 --------- d-----w C:\Program Files\SAGEM
2008-03-23 10:10 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-23 10:08 --------- d-----w C:\Program Files\Services en ligne
2008-01-29 10:02 107,368 ----a-w C:\WINDOWS\system32\GEARAspi.dll
.

------- Sigcheck -------

2008-02-16 11:02 663552 c9218cd3cd93586ffe9ae789282cae63 C:\WINDOWS\SoftwareDistribution\Download\58762acf47a35def24a27c268dd31801\sp2gdr\wininet.dll
2008-02-16 11:32 670208 dcb8a9f102663d962be60cde38a6c1d7 C:\WINDOWS\SoftwareDistribution\Download\58762acf47a35def24a27c268dd31801\sp2qfe\wininet.dll
2007-12-07 03:07 663552 c5a40de381481d288addee45fc67f652 C:\WINDOWS\SoftwareDistribution\Download\b2fae1d88b9f406a2afb1c850ba6f5a0\sp2gdr\wininet.dll
2007-12-07 02:47 670208 c057d734b1951393fd07e2607513d4d9 C:\WINDOWS\SoftwareDistribution\Download\b2fae1d88b9f406a2afb1c850ba6f5a0\sp2qfe\wininet.dll
2007-10-11 08:13 663552 d2fd027e5d3af96dee6c5cc225079df0 C:\WINDOWS\SoftwareDistribution\Download\e4818ecd57ac16436508f06dc02ac643\sp2gdr\wininet.dll
2007-10-11 07:59 670208 0465cde31add22f6233ffb4fe4af01cf C:\WINDOWS\SoftwareDistribution\Download\e4818ecd57ac16436508f06dc02ac643\sp2qfe\wininet.dll
2004-08-05 14:00 694784 f6ad4c0f992b3b51c044ad74d9e2e854 C:\WINDOWS\system32\wininet.dll

2004-08-05 14:00 978432 9f3b76c8cf787449a47f05abab4e13e6 C:\WINDOWS\explorer.exe
2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2gdr\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2qfe\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00C74933-8FD8-4B45-8DCA-8A970D930A1E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16B435F6-B6CE-4F24-A568-944B27ED919C}]
C:\WINDOWS\system32\atgban.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{177ec23e-9034-4a18-83e7-8c926acce858}]
2008-04-13 14:17 95808 --a------ C:\WINDOWS\system32\vtpqnmgh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F58D4C4-0786-41C0-B887-773F9965BB19}]
2008-04-07 17:49 40960 --------- C:\WINDOWS\system32\opnkkhge.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A531FBF-A639-4A57-AB06-78683AB1F78B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{870202f9-24e1-47db-ae77-d88cdb1b8367}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D84A3538-0D59-45FC-A8C4-C83BB5983E16}]
2008-04-07 17:54 288256 --------- C:\WINDOWS\system32\iifdaxvu.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BM8b3656dc"="C:\WINDOWS\system32\tuwnrrff.dll" [2008-04-13 14:14 93760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4F58D4C4-0786-41C0-B887-773F9965BB19}"= C:\WINDOWS\system32\opnkkhge.dll [2008-04-07 17:49 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkkhge]
opnkkhge.dll 2008-04-07 17:49 40960 C:\WINDOWS\system32\opnkkhge.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^parison michel^Menu Démarrer^Programmes^Démarrage^DW_Start.lnk]
path=C:\Documents and Settings\parison michel\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
backup=C:\WINDOWS\pss\DW_Start.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^parison michel^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk]
path=C:\Documents and Settings\parison michel\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^parison michel^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk]
path=C:\Documents and Settings\parison michel\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk
backup=C:\WINDOWS\pss\RocketDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^parison michel^Menu Démarrer^Programmes^Démarrage^TransBar.lnk]
path=C:\Documents and Settings\parison michel\Menu Démarrer\Programmes\Démarrage\TransBar.lnk
backup=C:\WINDOWS\pss\TransBar.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^parison michel^Menu Démarrer^Programmes^Démarrage^UberIcon.lnk]
path=C:\Documents and Settings\parison michel\Menu Démarrer\Programmes\Démarrage\UberIcon.lnk
backup=C:\WINDOWS\pss\UberIcon.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^parison michel^Menu Démarrer^Programmes^Démarrage^Y'z Shadow.lnk]
path=C:\Documents and Settings\parison michel\Menu Démarrer\Programmes\Démarrage\Y'z Shadow.lnk
backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\88056540]
C:\WINDOWS\system32\iacrcskq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-23 20:33 57344 C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2008-03-29 19:37 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
C:\Program Files\Softwin\BitDefender10\bdagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]
C:\Program Files\Softwin\BitDefender10\bdmcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM8b3656dc]
C:\WINDOWS\system32\fayyfcxe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAMP SHIM EXIT HECK]
--a------ 2008-04-11 16:09 2940928 C:\Documents and Settings\All Users\Application Data\That Face Camp Shim\media tick.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-05 14:00 15360 C:\WINDOWS\system32\CTFMON.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
--a------ 2004-01-14 03:10 409600 C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2008-03-24 18:59 20480 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 15:44 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 16:24 458752 C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 16:14 217088 C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-07-19 18:32 221184 C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PostSetupCheck]
C:\WINDOWS\system32\atgban.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Roamvc]
--a------ 2008-03-23 13:03 413184 C:\DOCUME~1\PARISO~1\APPLIC~1\META32~1\SiteMeow.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-10-27 15:49 73728 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
--a------ 2004-08-23 15:50 122880 C:\PROGRA~1\Wanadoo\Shell.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
--a------ 2004-10-14 17:55 32768 C:\PROGRA~1\Wanadoo\GestMaj.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
--a------ 2004-08-23 15:49 20480 C:\PROGRA~1\Wanadoo\Watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{56-65-5E-EF-DW}]
C:\WINDOWS\system32\Rtmp\cegmgr76.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
S3 cwbwdm_device;Pilote du codec audio Crystal WDM;C:\WINDOWS\system32\drivers\cwbwdm.sys [2001-08-17 21:19]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca686ff2-063f-11dd-89f3-00195b5e04dd}]
\Shell\Auto\command - F:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6202aaa-f8cb-11dc-89c7-00195b5e04dd}]
\Shell\Auto\command - F:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-13 13:00:00 C:\WINDOWS\Tasks\AD0CA1AC919B5690.job"
- c:\docume~1\pariso~1\applic~1\meta32~1\extrabarbteam.exe
"2008-04-10 19:27:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-13 12:18:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 15:22:46
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\opnkkhge.dll
.
Temps d'accomplissement: 2008-04-13 15:23:28
ComboFix-quarantined-files.txt 2008-04-13 13:23:20
Pre-Run: 94,427,213,824 octets libres
Post-Run: 94,418,685,952 octets libres
.
2008-04-13 08:37:32 --- E O F ---

AgnesD

voici la suite.
-> Assure-toi que l'outil ComboFix.exe soit sur le Bureau (important).

-> Télécharge le fichier CFScript.txt joint a ce post,
..et sauvegarde-le sur ton Bureau.

Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

-> Poste un nouveau rapport HijackThis! également, et dis-nous comment se comporte ton ordi.

maxsagaz · **Inscrit le:** Mer 9 Avr 2008 - 17:01 **Messages:** 20

j'ai fait tout ce que tu m'as demander dans un 1er temps mon ordi va commeme beaucoup mieux il rame un peu moins mai cependant il rame beaucoup au démarrage g beaucoup de pub aussi et internet explorer même pas la peine d'y pense je suis obliger de prendre mozilla mai cela ne me dérange pas ...
je te donne les 2 rapports que tu m'as demandé

Logfile of HijackThis v1.99.1
Scan saved at 11:06, on 2008-04-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {00C74933-8FD8-4B45-8DCA-8A970D930A1E} - (no file)
O2 - BHO: (no name) - {16B435F6-B6CE-4F24-A568-944B27ED919C} - (no file)
O2 - BHO: (no name) - {177ec23e-9034-4a18-83e7-8c926acce858} - (no file)
O2 - BHO: (no name) - {4F58D4C4-0786-41C0-B887-773F9965BB19} - C:\WINDOWS\system32\opnkkhge.dll
O2 - BHO: (no name) - {5263447D-3A1C-4161-BBEE-1FC6D804AA85} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {756D767F-6B99-4D31-8658-E37913CC1664} - C:\WINDOWS\system32\iifdaxvu.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7A531FBF-A639-4A57-AB06-78683AB1F78B} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {870202f9-24e1-47db-ae77-d88cdb1b8367} - (no file)
O2 - BHO: (no name) - {8BDE876E-B57C-4178-A713-4806150A413A} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {3961704d-980f-3c48-da74-adcc29c2b33b} - {b33b2c92-ccda-47ad-84c3-f089d4071693} - C:\WINDOWS\system32\sypnrugk.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {F9D8DB4A-B035-44F4-BA9D-2B015767379E} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [88056540] rundll32.exe "C:\WINDOWS\system32\dtjdlokw.dll",b
O4 - HKLM\..\Run: [BM8b3656dc] Rundll32.exe "C:\WINDOWS\system32\smltpxsc.dll",s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?6e6290571ac34cd6984344b018bac2
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?6e6290571ac34cd6984344b018bac2
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: opnkkhge - C:\WINDOWS\SYSTEM32\opnkkhge.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

ComboFix 08-04-12.7 - parison michel 2008-04-14 10:52:52.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.265 [GMT 2:00]
Endroit: C:\Documents and Settings\parison michel\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\parison michel\Bureau\cfscript.txt
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM8b3656dc.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\kjlkkjjl.ini
C:\WINDOWS\system32\kjlkkjjl.ini2
C:\WINDOWS\system32\qylypafh.ini
C:\WINDOWS\system32\wkoldjtd.ini
.
---- Previous Run -------
.
C:\WINDOWS\BM8b3656dc.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bharebio18
C:\WINDOWS\system32\HBL
C:\WINDOWS\system32\MId2
C:\WINDOWS\system32\qylypafh.ini
C:\WINDOWS\system32\spol3
C:\WINDOWS\system32\uvxadfii.ini
C:\WINDOWS\system32\uvxadfii.ini2

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-14 to 2008-04-14 ))))))))))))))))))))))))))))))))))))
.

2008-04-14 10:50 . 2008-04-14 10:50 91,200 --a------ C:\WINDOWS\system32\dtjdlokw.dll
2008-04-14 10:47 . 2008-04-14 10:47 3,648 --a------ C:\WINDOWS\system32\ncusfhcg.dll
2008-04-14 10:44 . 2008-04-14 10:44 288,768 --a------ C:\WINDOWS\system32\ljjkkljk.dll
2008-04-14 10:44 . 2008-04-14 10:44 93,248 --a------ C:\WINDOWS\system32\vjqotosk.dll
2008-04-13 15:33 . 2008-04-13 15:33 95,808 --a------ C:\WINDOWS\system32\cfxrkrhm.dll
2008-04-13 15:28 . 2008-04-13 15:28 3,648 --a------ C:\WINDOWS\system32\lyyilfwx.dll
2008-04-13 15:27 . 2008-04-13 15:27 93,760 --a------ C:\WINDOWS\system32\ycucenvs.dll
2008-04-13 14:20 . 2008-04-13 14:20 90,688 --a------ C:\WINDOWS\system32\lyxhxkho.dll
2008-04-13 14:17 . 2008-04-13 14:17 95,808 --a------ C:\WINDOWS\system32\vtpqnmgh.dll
2008-04-13 14:14 . 2008-04-13 14:14 93,760 --a------ C:\WINDOWS\system32\tuwnrrff.dll
2008-04-13 14:14 . 2008-04-13 14:14 3,648 --a------ C:\WINDOWS\system32\qxwifysj.dll
2008-04-13 14:06 . 2008-04-13 14:07 <REP> d-------- C:\Program Files\OpenOffice.org 2.4
2008-04-13 13:38 . 2008-04-13 13:39 <REP> d-------- C:\Program Files\jv16 PowerTools
2008-04-13 11:50 . 2008-04-13 11:51 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2008-04-12 15:40 . 2008-04-13 19:20 <REP> d-------- C:\Program Files\Everest Poker
2008-04-12 14:14 . 2008-04-12 14:14 3,648 --a------ C:\WINDOWS\system32\vjajimcv.dll
2008-04-11 18:20 . 2008-04-11 18:25 942 --a------ C:\WINDOWS\wininit.ini
2008-04-11 17:04 . 2008-03-23 12:56 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-04-11 17:04 . 2008-03-23 12:56 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-04-11 17:04 . 2008-03-23 12:06 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-04-11 17:04 . 2008-03-23 12:56 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-04-11 17:04 . 2008-03-23 12:56 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-04-11 17:04 . 2008-03-23 12:56 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-04-11 17:04 . 2008-03-23 12:56 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-04-11 16:06 . 2008-04-11 17:49 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-11 16:06 . 2008-04-11 18:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-11 14:49 . 2008-04-11 14:49 <REP> d-------- C:\WINDOWS\system32\Lang
2008-04-11 14:49 . 2008-04-11 14:49 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER
2008-04-11 14:49 . 2008-04-11 14:49 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-04-11 14:08 . 2008-04-13 15:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-11 12:34 . 2008-04-11 12:34 3,648 --a------ C:\WINDOWS\system32\lktwnkju.dll
2008-04-10 12:35 . 2008-04-10 12:35 3,648 --a------ C:\WINDOWS\system32\cjoowfpf.dll
2008-04-09 18:34 . 2008-04-13 13:11 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-04-09 18:29 . 2008-04-13 13:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-04-09 18:26 . 2008-04-13 13:12 <REP> d-------- C:\Program Files\Fichiers communs\Softwin
2008-04-09 18:26 . 2008-04-09 18:26 27,683,672 --a------ C:\Program Files\bitdefender_free_v10.exe
2008-04-07 21:30 . 2008-04-07 21:30 <REP> d-------- C:\Program Files\Windows Media Connect 2
2008-04-07 20:29 . 2008-04-07 20:29 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-04-07 20:29 . 2008-04-07 20:35 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-07 17:54 . 2008-04-07 17:54 288,256 --------- C:\WINDOWS\system32\iifdaxvu.dll
2008-04-07 17:50 . 2008-04-07 17:50 39,883 --a------ C:\WINDOWS\system32\targetedbanner-uninst.exe
2008-04-07 17:49 . 2008-04-07 17:49 <REP> d-------- C:\Temp\wdlw14
2008-04-07 17:49 . 2008-04-13 15:03 <REP> d-------- C:\Temp
2008-04-07 17:49 . 2008-04-07 17:49 40,960 --------- C:\WINDOWS\system32\opnkkhge.dll
2008-04-07 17:48 . 2008-04-07 17:48 10,240 --a------ C:\Documents and Settings\parison michel\services.exe
2008-04-06 19:19 . 2008-04-06 19:19 <REP> d-------- C:\Program Files\Incomplete
2008-04-06 19:18 . 2008-04-06 19:19 <REP> d-------- C:\Program Files\LimeWire
2008-04-06 16:56 . 2008-04-06 16:56 <REP> d-------- C:\Program Files\Midway Games
2008-04-06 15:52 . 2008-04-14 10:31 <REP> d-------- C:\Documents and Settings\parison michel\Application Data\OpenOffice.org2
2008-04-06 15:33 . 2008-04-06 15:33 <REP> d-------- C:\Program Files\iTunes
2008-04-06 15:33 . 2008-04-06 15:33 <REP> d-------- C:\Program Files\iPod
2008-04-06 15:33 . 2008-04-06 15:44 <REP> d-------- C:\Documents and Settings\parison michel\Application Data\Apple Computer
2008-04-06 15:31 . 2008-04-06 15:32 <REP> d-------- C:\Program Files\QuickTime
2008-04-06 15:31 . 2008-04-06 15:31 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-04-06 15:31 . 2008-04-06 15:31 <REP> d-------- C:\Program Files\Apple Software Update
2008-04-06 15:31 . 2008-04-06 15:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-06 15:31 . 2008-04-06 15:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-06 15:31 . 2008-02-18 11:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-04-05 15:57 . 2004-01-14 03:10 163,840 --a------ C:\WINDOWS\BJPSUNST.EXE
2008-04-05 15:56 . 1998-11-13 13:16 308,224 --a------ C:\WINDOWS\IsUn040c.exe
2008-04-05 15:56 . 2008-04-05 15:56 0 --a------ C:\WINDOWS\OpPrintServer.INI
2008-04-05 15:54 . 2004-06-15 07:00 116,736 --a------ C:\WINDOWS\system32\CNMLM61.DLL
2008-04-05 15:54 . 2004-06-04 17:34 86,016 -ra------ C:\WINDOWS\system32\CNMCP61.exe
2008-04-05 15:54 . 2004-06-15 07:00 7,680 --a------ C:\WINDOWS\system32\CNMVS61.DLL
2008-04-05 15:53 . 2008-04-05 15:53 <REP> d-------- C:\WINDOWS\StartHtmico
2008-04-05 15:53 . 2008-04-05 15:53 <REP> d-------- C:\WINDOWS\IP4000,3000
2008-04-05 15:52 . 2008-04-05 15:57 <REP> d-------- C:\Program Files\Canon
2008-04-05 15:47 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-05 15:47 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-04-04 21:21 . 2008-04-04 21:21 <REP> d-------- C:\Program Files\EA GAMES
2008-04-04 21:21 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-03-31 14:55 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-03-31 14:55 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-29 11:22 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-29 11:22 . 2007-07-30 20:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-29 11:22 . 2007-07-30 20:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-28 20:57 . 2008-03-28 20:57 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-03-28 20:57 . 2008-03-28 20:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-03-28 20:56 . 2008-03-28 20:57 <REP> d-------- C:\Program Files\Windows Live Toolbar
2008-03-28 19:37 . 2008-03-28 19:37 34 --a------ C:\WINDOWS\Kit.ini
2008-03-27 18:40 . 2004-08-04 01:54 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-03-27 18:40 . 2004-08-03 23:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-27 18:40 . 2001-08-23 18:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-03-24 19:06 . 2005-05-27 11:23 2,180,096 -ra------ C:\WINDOWS\system32\drivers\lvsvf2.sys
2008-03-24 19:06 . 2004-08-04 00:10 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2008-03-24 19:06 . 2004-08-04 00:10 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2008-03-24 19:06 . 2004-08-04 00:10 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2008-03-24 19:06 . 2004-08-04 01:55 16,384 --a------ C:\WINDOWS\system32\ipsink.ax
2008-03-24 19:06 . 2004-08-04 00:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2008-03-24 19:06 . 2004-08-04 00:10 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2008-03-24 19:06 . 2004-08-04 00:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008-03-24 19:06 . 2004-08-03 23:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-03-24 19:00 . 2008-03-24 19:00 <REP> d-------- C:\Program Files\Fichiers communs\FotoWire
2008-03-24 19:00 . 2008-03-24 19:00 <REP> d-------- C:\Documents and Settings\parison michel\Application Data\FotoWire
2008-03-24 19:00 . 2005-07-19 18:31 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
2008-03-24 18:59 . 2008-03-24 18:59 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2008-03-24 18:58 . 2008-03-24 18:58 81,920 -r------- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
2008-03-24 18:57 . 2008-03-24 19:00 <REP> d-------- C:\Program Files\Logitech

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 11:42 --------- d-----w C:\Program Files\Wanadoo
2008-04-13 09:51 --------- d-----w C:\Program Files\Hijackthis Version Française
2008-04-06 13:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-24 16:56 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-03-23 10:58 --------- d-----w C:\Program Files\Windows Live
2008-03-23 10:57 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-23 10:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-23 10:43 --------- d-----w C:\Program Files\Alwil Software
2008-03-23 10:35 --------- d-----w C:\Program Files\Wanadoo Messager
2008-03-23 10:33 --------- d-----w C:\Program Files\SAGEM
2008-03-23 10:10 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-23 10:08 --------- d-----w C:\Program Files\Services en ligne
.

------- Sigcheck -------

2008-02-16 11:02 663552 c9218cd3cd93586ffe9ae789282cae63 C:\WINDOWS\SoftwareDistribution\Download\58762acf47a35def24a27c268dd31801\sp2gdr\wininet.dll
2008-02-16 11:32 670208 dcb8a9f102663d962be60cde38a6c1d7 C:\WINDOWS\SoftwareDistribution\Download\58762acf47a35def24a27c268dd31801\sp2qfe\wininet.dll
2007-12-07 03:07 663552 c5a40de381481d288addee45fc67f652 C:\WINDOWS\SoftwareDistribution\Download\b2fae1d88b9f406a2afb1c850ba6f5a0\sp2gdr\wininet.dll
2007-12-07 02:47 670208 c057d734b1951393fd07e2607513d4d9 C:\WINDOWS\SoftwareDistribution\Download\b2fae1d88b9f406a2afb1c850ba6f5a0\sp2qfe\wininet.dll
2007-10-11 08:13 663552 d2fd027e5d3af96dee6c5cc225079df0 C:\WINDOWS\SoftwareDistribution\Download\e4818ecd57ac16436508f06dc02ac643\sp2gdr\wininet.dll
2007-10-11 07:59 670208 0465cde31add22f6233ffb4fe4af01cf C:\WINDOWS\SoftwareDistribution\Download\e4818ecd57ac16436508f06dc02ac643\sp2qfe\wininet.dll
2004-08-05 14:00 694784 f6ad4c0f992b3b51c044ad74d9e2e854 C:\WINDOWS\system32\wininet.dll

2004-08-05 14:00 978432 9f3b76c8cf787449a47f05abab4e13e6 C:\WINDOWS\explorer.exe
2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2gdr\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2qfe\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-04-13_15.23.00.46 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-13 13:18:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-14 08:55:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-14 08:55:51 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_430.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00C74933-8FD8-4B45-8DCA-8A970D930A1E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{16B435F6-B6CE-4F24-A568-944B27ED919C}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{177ec23e-9034-4a18-83e7-8c926acce858}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F58D4C4-0786-41C0-B887-773F9965BB19}]
2008-04-07 17:49 40960 --------- C:\WINDOWS\system32\opnkkhge.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5263447D-3A1C-4161-BBEE-1FC6D804AA85}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76699443-0B0C-4198-A2D2-55EEE69F5F04}]
2008-04-14 10:44 288768 --a------ C:\WINDOWS\system32\ljjkkljk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A531FBF-A639-4A57-AB06-78683AB1F78B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{870202f9-24e1-47db-ae77-d88cdb1b8367}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8BDE876E-B57C-4178-A713-4806150A413A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B6C0F506-BA69-4739-A994-96FEF9B30BE7}]
2008-04-07 17:54 288256 --------- C:\WINDOWS\system32\iifdaxvu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e405994e-8fb3-4790-b0bc-3ab9ddf95588}]
2008-04-13 15:33 95808 --a------ C:\WINDOWS\system32\cfxrkrhm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9D8DB4A-B035-44F4-BA9D-2B015767379E}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"88056540"="C:\WINDOWS\system32\dtjdlokw.dll" [2008-04-14 10:50 91200]
"BM8b3656dc"="C:\WINDOWS\system32\vjqotosk.dll" [2008-04-14 10:44 93248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4F58D4C4-0786-41C0-B887-773F9965BB19}"= C:\WINDOWS\system32\opnkkhge.dll [2008-04-07 17:49 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnkkhge]
opnkkhge.dll 2008-04-07 17:49 40960 C:\WINDOWS\system32\opnkkhge.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^parison michel^Menu Démarrer^Programmes^Démarrage^DW_Start.lnk]
path=C:\Documents and Settings\parison michel\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
backup=C:\WINDOWS\pss\DW_Start.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^parison michel^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk]
path=C:\Documents and Settings\parison michel\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^parison michel^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk]
path=C:\Documents and Settings\parison michel\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk
backup=C:\WINDOWS\pss\RocketDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^parison michel^Menu Démarrer^Programmes^Démarrage^TransBar.lnk]
path=C:\Documents and Settings\parison michel\Menu Démarrer\Programmes\Démarrage\TransBar.lnk
backup=C:\WINDOWS\pss\TransBar.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^parison michel^Menu Démarrer^Programmes^Démarrage^UberIcon.lnk]
path=C:\Documents and Settings\parison michel\Menu Démarrer\Programmes\Démarrage\UberIcon.lnk
backup=C:\WINDOWS\pss\UberIcon.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^parison michel^Menu Démarrer^Programmes^Démarrage^Y'z Shadow.lnk]
path=C:\Documents and Settings\parison michel\Menu Démarrer\Programmes\Démarrage\Y'z Shadow.lnk
backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\88056540]
C:\WINDOWS\system32\iacrcskq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2008-03-29 19:37 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
C:\Program Files\Softwin\BitDefender10\bdagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]
C:\Program Files\Softwin\BitDefender10\bdmcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM8b3656dc]
C:\WINDOWS\system32\fayyfcxe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAMP SHIM EXIT HECK]
--a------ 2008-04-11 16:09 2940928 C:\Documents and Settings\All Users\Application Data\That Face Camp Shim\media tick.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-05 14:00 15360 C:\WINDOWS\system32\CTFMON.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
--a------ 2004-01-14 03:10 409600 C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2008-03-24 18:59 20480 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 15:44 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 16:24 458752 C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 16:14 217088 C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-07-19 18:32 221184 C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PostSetupCheck]
C:\WINDOWS\system32\atgban.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Roamvc]
--a------ 2008-03-23 13:03 413184 C:\DOCUME~1\PARISO~1\APPLIC~1\META32~1\SiteMeow.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-10-27 15:49 73728 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
--a------ 2004-08-23 15:50 122880 C:\PROGRA~1\Wanadoo\Shell.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
--a------ 2004-10-14 17:55 32768 C:\PROGRA~1\Wanadoo\GestMaj.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
--a------ 2004-08-23 15:49 20480 C:\PROGRA~1\Wanadoo\Watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{56-65-5E-EF-DW}]
C:\WINDOWS\system32\Rtmp\cegmgr76.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
S3 cwbwdm_device;Pilote du codec audio Crystal WDM;C:\WINDOWS\system32\drivers\cwbwdm.sys [2001-08-17 21:19]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca686ff2-063f-11dd-89f3-00195b5e04dd}]
\Shell\Auto\command - F:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6202aaa-f8cb-11dc-89c7-00195b5e04dd}]
\Shell\Auto\command - F:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-13 13:00:00 C:\WINDOWS\Tasks\AD0CA1AC919B5690.job"
- c:\docume~1\pariso~1\applic~1\meta32~1\extrabarbteam.exe
"2008-04-10 19:27:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-13 12:18:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"

voila merci d'avance pr ta reponse

Forum XP.Net -Sécurité Informatique-

problemes de virus

Qui est en ligne ?