:super:une tite pose ouf
:hello: désolé je vais vous avouez j en et bien marre aussi dans kel log je dois virer tous ce ki et ft et orange merci
Bonsoir alain77310 :hello: :super:
Faut reconnaitre c est la Totale !!
Un Aspect Positif il s est mis a jour Hier XP SP3
une Adresse utile pour Toi scarface1307
www.zabra.org… tu verras impec !!
Bonne soirée
:super:
:hello:
:hello: bonjour j ai virer toute les choses de FT et orange et je fait koi avec cette adresse 
:jap:
bon alors tu en est ou avec les pub ?
j en et toujour j ai suprimer tout ce qui etait de orange dans le panneau de configuration il n y a qu une seul chose ki ne ve pas ce suprimer c orange logiciels internet il me met erreur sur le script et kan je clik pour le suprimer ca me met une page toute blanche et ca bloque tout
bonjour je ne c plus koi faire donc je penser refaire completement mon pc mais kan j ai acheter le pc je n avait pas de cd avec on ma donner seulement une etiquette avec la licence dessus comment faire
:jap:
Repost un nouveau loghijackthis stp
Tu veut formatter et ta pas le cd?
A la limite trouve un copain qu’a le cd original…
Logfile of HijackThis v1.99.1
Scan saved at 11:24:18, on 18/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\systray\systrayapp.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HERSE\Bureau\fichier mika\hijackthis_hijackthis_1.99.1_anglais_17891.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d’Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM…\Run: [SkyTel] SkyTel.EXE
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM…\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKLM…\Run: [COMODO Firewall Pro] “C:\Program Files\COMODO\Firewall\cfp.exe” -s
O4 - HKLM…\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\MSN Messenger\msnmsgr.exe” /background
O4 - HKCU…\Run: [helpmeal] C:\DOCUME~1\HERSE\APPLIC~1\NEW4MA~1\bird anti heck.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: www.orange.fr…
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - webscanner.kaspersky.fr…
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com…
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - security.symantec.com…
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - www.ca.com…
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - pcpitstop.com…
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
si tu ne fais pas ce que on te dit ça va durer longtemps
1°) Utilise cette version de hijackthis et met le sur le bureau et non en dossier temporaire
2°) Copie l’intégralité du log !!!
3°) Repost un log combofix
4°)Fait ce que t’a dit alain77310
Je vois pas pourquoi tu lui a fait fixer [quote=""] O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe [/quote] Ce sont des entrer légitime ;) Edité le 18/08/2008 à 12:55
la ligne 020 erreur de ma part dll légitime et liée à Comodo firewall.
les autres servtce logitec qui bouffent pas mal de memoire
et au bout de 5 pages !!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:37:24, on 18/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HERSE\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d’Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM…\Run: [SkyTel] SkyTel.EXE
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM…\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKLM…\Run: [COMODO Firewall Pro] “C:\Program Files\COMODO\Firewall\cfp.exe” -s
O4 - HKLM…\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\MSN Messenger\msnmsgr.exe” /background
O4 - HKCU…\Run: [helpmeal] C:\DOCUME~1\HERSE\APPLIC~1\NEW4MA~1\bird anti heck.exe
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: www.orange.fr…
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - webscanner.kaspersky.fr…
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com…
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - security.symantec.com…
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - www.ca.com…
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - pcpitstop.com…
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
–
End of file - 6075 bytes
ComboFix 08-08-14.05 - HERSE 2008-08-18 16:26:31.5 - NTFSx86 MINIMAL Endroit: C:\Documents and Settings\HERSE\Bureau\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N’EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
((((((((((((((((((((((((((((( Fichiers cr??s 2008-07-18 to 2008-08-18 ))))))))))))))))))))))))))))))))))))
.
2008-08-18 06:09 . 2008-08-18 06:09 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-08-18 05:26 . 2008-08-18 05:54 d-------- C:\WINDOWS\BDOSCAN8
2008-08-18 03:16 . 2008-08-18 03:16 d-------- C:\Program Files\PCPitstop
2008-08-18 02:47 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-17 16:33 . 2008-08-17 16:33 d-------- C:\Program Files\TomCat Soft
2008-08-17 05:04 . 2008-08-17 13:24 1,113 --a------ C:\rollback.ini
2008-08-17 04:00 . 2008-08-17 14:09 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-08-17 04:00 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-08-17 04:00 . 2008-08-17 14:08 4,212 —h----- C:\WINDOWS\system32\zllictbl.dat
2008-08-17 03:58 . 2008-08-17 15:06 d-------- C:\WINDOWS\Internet Logs
2008-08-17 02:59 . 2008-08-17 02:59 d-------- C:\Program Files\Panda Security
2008-08-17 02:02 . 1996-08-20 20:37 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
2008-08-17 02:02 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
2008-08-17 02:02 . 2008-08-17 02:02 3,120 --a------ C:\WINDOWS\system32\118290.54
2008-08-17 02:02 . 2008-08-17 02:02 3,120 --a------ C:\WINDOWS\118294.78
2008-08-17 02:02 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
2008-08-16 04:20 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS[u]0[/u]00001_.tmp
2008-08-15 17:08 . 2008-06-14 19:33 272,768 -----c— C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-15 17:08 . 2008-05-08 16:02 203,136 -----c— C:\WINDOWS\system32\dllcache\rmcast.sys
2008-08-15 16:55 . 2008-04-13 19:33 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
2008-08-15 16:55 . 2008-04-13 19:33 1,306,624 -----c— C:\WINDOWS\system32\dllcache\msxml6.dll
2008-08-15 16:55 . 2008-04-13 19:04 93,184 --------- C:\WINDOWS\system32\msxml6r.dll
2008-08-15 16:55 . 2008-04-13 19:04 93,184 -----c— C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-08-15 16:51 . 2008-08-15 16:55 d-------- C:\WINDOWS\ServicePackFiles
2008-08-15 16:47 . 2008-04-13 09:34 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-08-15 16:45 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS[u]0[/u]02811_.tmp
2008-08-15 14:31 . 2008-08-15 14:31 d-------- C:\VundoFix Backups
2008-08-15 00:08 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-08-15 00:08 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-08-15 00:07 . 2008-08-15 00:08 d-------- C:\Program Files\Trojan Remover
2008-08-15 00:07 . 2008-08-15 00:07 d-------- C:\Documents and Settings\HERSE\Application Data\Simply Super Software
2008-08-15 00:07 . 2008-08-15 00:07 d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-08-14 23:49 . 2008-08-14 23:49 d-------- C:\Program Files\Trend Micro
2008-08-14 15:30 . 2008-08-14 15:30 d-------- C:\Program Files\CCleaner
2008-08-14 15:25 . 2008-08-14 15:25 d-------- C:\Documents and Settings\HERSE\Application Data\Grisoft
2008-08-14 15:25 . 2008-08-14 15:25 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-08-14 15:25 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-08-13 18:41 . 2008-08-15 00:15 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-13 17:44 . 2008-08-13 17:44 d-------- C:\Program Files\COMODO
2008-08-13 17:44 . 2008-08-13 17:44 d-------- C:\Documents and Settings\HERSE\Application Data\Comodo
2008-08-13 17:44 . 2008-08-13 17:48 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-08-13 17:44 . 2008-08-13 17:44 79,096 --a------ C:\WINDOWS\system32\drivers\cmdGuard.sys
2008-08-13 17:44 . 2008-08-13 17:44 23,672 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-08-13 16:20 . 2008-04-11 21:05 691,712 -----c— C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-13 15:45 . 2008-08-13 17:50 1,894 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-08-13 15:28 . 2008-08-13 15:28 d-------- C:\Program Files\AskBarDis
2008-08-11 17:51 . 2008-08-13 17:44 139,008 --a------ C:\WINDOWS\system32\guard32.dll
2008-08-11 16:39 . 2008-08-11 16:39 d-------- C:\Documents and Settings\HERSE\Application Data\PCToolsFirewallPlus
2008-08-11 04:51 . 2008-08-11 04:51 d-------- C:\Program Files\Windows Media Connect 2
2008-08-11 04:49 . 2008-08-11 17:27 d-------- C:\WINDOWS\system32\LogFiles
2008-08-11 04:49 . 2008-08-13 16:35 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-08-10 01:43 . 2008-08-10 01:43 d-------- C:\Documents and Settings\HERSE\Application Data\Malwarebytes
2008-08-08 17:10 . 2008-08-08 17:10 3,932,214 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-08-08 17:10 . 2008-08-08 17:10 52,191 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-08-08 17:09 . 2008-08-08 17:10 4,833 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-08-08 17:08 . 2008-08-08 17:08 d-------- C:\WINDOWS\BricoPacks
2008-08-08 16:32 . 2007-03-12 23:34 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-08-08 16:32 . 2007-03-12 23:34 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-08-08 16:32 . 2007-03-12 23:34 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-08-05 22:03 . 2008-08-05 22:03 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-08-03 18:27 . 2008-08-03 18:27 d-------- C:\Documents and Settings\All Users\Application Data\SweetIM
2008-08-03 02:48 . 2008-08-03 02:48 d-------- C:\Language
2008-08-03 02:48 . 2001-03-19 15:25 722,192 --a------ C:\WINDOWS\system32\VB40032.DLL
2008-08-03 02:48 . 2001-03-19 15:25 203,576 --a------ C:\WINDOWS\system32\RICHTX32.OCX
2008-08-03 02:48 . 2001-03-19 15:25 200,704 --a------ C:\WINDOWS\system32\THREED32.OCX
2008-08-03 02:48 . 2001-03-19 15:25 140,288 --a------ C:\WINDOWS\system32\COMDLG32.OCX
2008-08-03 02:48 . 2001-03-19 15:25 61,952 --a------ C:\WINDOWS\ST4UNST.EXE
2008-08-03 02:48 . 2001-03-19 15:25 37,376 --a------ C:\WINDOWS\system32\ven2232.olb
2008-08-03 02:48 . 2001-03-19 15:25 35,136 --a------ C:\WINDOWS\system32\VB4FR32.DLL
2008-08-03 02:48 . 2008-08-03 02:48 8,192 --a------ C:\WINDOWS\system32\dmfafr49.Ock
2008-08-03 02:46 . 2008-08-03 02:49 4,096 --a------ C:\WINDOWS\system32\dmfafr49.Dlk
2008-08-02 14:42 . 2008-08-16 05:54 d-------- C:\Program Files\Navilog1
2008-08-02 00:09 . 2008-05-15 17:51 322 --a------ C:\boot.ini.comodofirewall
2008-07-28 06:42 . 2002-01-05 20:48 974,848 --a------ C:\WINDOWS\mfc70.dll
2008-07-28 06:42 . 2002-01-05 20:36 964,608 --a------ C:\WINDOWS\mfc70u.dll
2008-07-28 06:42 . 2002-01-05 19:40 487,424 --a------ C:\WINDOWS\msvcp70.dll
2008-07-28 06:42 . 2003-02-21 20:42 348,160 --a------ C:\WINDOWS\msvcr71.dll
2008-07-28 06:42 . 2002-01-05 19:37 344,064 --a------ C:\WINDOWS\msvcr70.dll
2008-07-28 06:42 . 2002-09-10 06:53 323,072 --a------ C:\WINDOWS\msvcrt.dll
2008-07-27 17:03 . 2008-07-27 17:03 d-------- C:\Program Files\Avira
2008-07-27 17:03 . 2008-07-27 17:03 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-27 15:26 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-27 15:20 . 2008-07-27 15:20 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-27 15:18 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-27 15:16 . 2008-07-31 00:47 d-------- C:\Program Files\Malwarebytes’ Anti-Malware
2008-07-27 14:59 . 2008-07-27 17:13 d-------- C:\Program Files\Ascentive
2008-07-27 14:58 . 2007-10-17 10:19 1,066,176 --a------ C:\WINDOWS\system32\mscomctl.ocx
2008-07-27 14:58 . 2007-10-17 10:19 20,480 --a------ C:\WINDOWS\system32\SysRestore.dll
2008-07-27 14:57 . 2008-04-17 16:22 208,896 --a------ C:\WINDOWS\system32\ConTest.dll
2008-07-26 01:58 . 2008-07-26 01:58 d-------- C:\Documents and Settings\HERSE\Application Data\TuneUp Software
2008-07-26 01:57 . 2008-07-26 01:57 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-07-26 01:54 . 2008-07-26 01:54 424 --a------ C:\WINDOWS\zipgenius.xml
2008-07-25 21:19 . 2008-07-25 21:19 244 --ah----- C:\sqmnoopt00.sqm
2008-07-25 21:19 . 2008-07-25 21:19 232 --ah----- C:\sqmdata00.sqm
2008-07-24 05:25 . 2008-07-24 05:31 2,632 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-24 01:19 . 2008-07-24 06:05 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-07-23 22:56 . 2008-08-17 03:42 d-------- C:\Documents and Settings\HERSE.housecall6.6
2008-07-23 22:47 . 2008-07-23 22:47 40 --a------ C:\WINDOWS\TSC.INI
2008-07-23 22:40 . 2008-07-23 22:44 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-07-23 22:39 . 2008-07-23 22:44 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-07-23 22:39 . 2008-07-23 22:44 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-07-22 03:08 . 2008-07-23 22:07 44,061 —hs---- C:\WINDOWS\system32\iqswoptv.ini
2008-07-22 03:02 . 2008-07-22 03:02 d-------- C:\Program Files\Spamihilator
2008-07-22 02:59 . 2008-07-26 05:07 d-------- C:\Program Files\a-squared Free
2008-07-21 17:39 . 2008-07-21 18:41 1,712 --a------ C:\WINDOWS\wininit.ini
2008-07-21 17:17 . 2008-08-13 15:20 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-21 16:58 . 2008-07-22 02:24 43,701 —hs---- C:\WINDOWS\system32\kwtsqanq.ini
2008-07-20 02:14 . 2008-07-31 00:52 d-------- C:\Documents and Settings\HERSE\Application Data\dvdcss
2008-07-18 00:37 . 2008-07-22 05:40 d-------- C:\Documents and Settings\HERSE\Application Data\Player Orange
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-17 03:14 --------- d-----w C:\Documents and Settings\HERSE\Application Data\New4manager
2008-08-17 00:42 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-08-17 00:32 --------- d-----w C:\Program Files\MSN Messenger
2008-08-17 00:32 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-08-16 13:05 --------- d-----w C:\Documents and Settings\HERSE\Application Data\LimeWire
2008-08-15 22:52 --------- d-----w C:\Documents and Settings\HERSE\Application Data\OpenOffice.org2
2008-08-15 14:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-14 14:05 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-08-13 10:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\File dvd base road
2008-08-10 00:08 --------- d-----w C:\Program Files\Java
2008-07-30 22:52 --------- d-----w C:\Program Files\Orange
2008-07-30 22:52 --------- d-----w C:\Program Files\AskTBar
2008-07-30 22:47 --------- d-----w C:\Program Files\LimeWire
2008-07-15 05:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\VirtualFarm
2008-07-15 03:57 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media
2008-07-12 16:42 --------- d-----w C:\Program Files\CIMW
2008-07-10 21:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\sentinel
2008-07-10 20:31 --------- d-----w C:\Documents and Settings\LocalService\Application Data\agi
2008-07-10 20:30 --------- d-----w C:\Documents and Settings\HERSE\Application Data\agi
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
Note les ?l?ments vides & les ?l?ments initiaux l?gitimes ne sont pas list?s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2008-04-13 19:34 15360]
“msnmsgr”=“C:\Program Files\MSN Messenger\msnmsgr.exe” [2007-01-19 12:55 5674352]
“helpmeal”=“C:\DOCUME~1\HERSE\APPLIC~1\NEW4MA~1\bird anti heck.exe” [2008-08-13 12:26 503296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“HotKeysCmds”=“C:\WINDOWS\system32\hkcmd.exe” [2006-10-06 06:13 114688]
“Persistence”=“C:\WINDOWS\system32\igfxpers.exe” [2006-10-06 06:10 94208]
“avgnt”=“C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” [2007-08-31 12:25 249896]
“COMODO Firewall Pro”=“C:\Program Files\COMODO\Firewall\cfp.exe” [2008-08-13 17:44 1481984]
“!AVG Anti-Spyware”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-11 11:25 6731312]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe” [2008-06-10 04:27 144784]
“SkyTel”=“SkyTel.EXE” [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
“RTHDCPL”=“RTHDCPL.EXE” [2006-09-12 10:58 16264192 C:\WINDOWS\RTHDCPL.EXE]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2008-04-13 19:34 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
“LogitechQuickCamRibbon”=“C:\Program Files\Logitech\QuickCam\Quickcam.exe” /hide
“LogitechCommunicationsManager”=“C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe”
“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe”
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusOverride”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\Orange\Connectivity\ConnectivityManager.exe”=
“C:\Program Files\Messenger\msmsgs.exe”=
“C:\Program Files\LimeWire\LimeWire.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“C:\Program Files\DNA\btdna.exe”=
“C:\kav\kis8.0\french\setup.exe”=
“C:\Program Files\CIMW\CIMW.exe”=
“C:\Program Files\MSN Messenger\msnmsgr.exe”=
“C:\Program Files\MSN Messenger\livecall.exe”=
S0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
S1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-08-13 17:44]
S1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-08-13 17:44]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-07-23 20:09]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{6f7c9333-2274-11dd-98f2-8db3afff1b03}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{6f7c9334-2274-11dd-98f2-8db3afff1b03}]
\Shell\AutoRun\command - I:\EXPLORER.EXE
\Shell\explore\Command - I:\EXPLORER.EXE
\Shell\open\Command - I:\EXPLORER.EXE
.
Contenu du dossier ‘Scheduled Tasks/T?ches planifi?es’
2008-08-18 C:\WINDOWS\Tasks\AA1E8393938138F3.job
- c:\docume~1\herse\applic~1\new4ma~1\Sect Four Mode.exe [2008-08-13 12:36]
2008-08-15 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe []
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\HERSE\Application Data\Mozilla\Firefox\Profiles[u]0[/u]1alkuaf.default
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2008-08-18 16:31:00
Windows 5.1.2600 Service Pack 3 NTFS
Balayage processus cach?s …
Balayage cach? autostart entries …
Balayage des fichiers cach?s …
Scan termin? avec succ?s
Les fichiers cach?s: 0
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
.
.
Temps d’accomplissement: 2008-08-18 16:34:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-18 14:34:03
ComboFix2.txt 2008-08-18 14:22:30
ComboFix3.txt 2008-08-16 03:34:20
Pre-Run: 129,791,496,192 octets libres
Post-Run: 129,778,581,504 octets libres
228 — E O F — 2008-08-16 12:07:55
je fait au fur et a mesure tout ce ke l on me dit c koi ke j ai oublier merci