Recherche :

11 utilisateurs inconnus

Mot : Pseudo : Filtrer
Bas de page
Auteur	Sujet : [RESOLU] Erreur 0xc0000005 + ordi surinfecté

mecsympadu74

Bonjour,

Hier ma collègue m'appelle car sa session Windows (XP) ne s'ouvre plus. Je vais donc voir, et effectivement lorsqu'on se connecte, un message d'erreur "Inituser.exe - L'application n'a pas réussi à s'initialiser correctement (0xc0000005). Cliquez sur OK pour arrêter l'application" apparaît. En cliquant sur ok le message revient à nouveau, il faut cliquer une 2ème fois pour que celui ci disparaisse. Le hic c'est que plus rien ne se charge, mise à part le papier peint du bureau, rien d'autre n'apparaît à l'écran.

J'ai l'idée de lancer le gestionnaire des tâches par CTRL + ALT + DELETE, et de lancer une nouvelle tâche explorer.exe. Là ça marche tout réapparaît, mais une succession de message d'erreur survient toujours avec le même message, sauf que ce n'est plus Inituser mais cmd.exe, runddl32.exe...

Je décide donc de chercher sur Internet ce que cela peut signifier, et là je suis bombardé de pop-ups et je me dit tout de suite "ça sent les spywares à plein nez". J'avais raison puisqu'après de nombreux scans avec Ad-Aware, Spybot S&D, A2 Squared free, ces 3 logiciels trouveront chacun plus d'une 100taine de spywares, adwares, trojans... :ouch:

Le problème est que même après suppression de toutes ces salop*****, il y a toujours quelques pop-up qui reviennent (surtout une pour un test d'amour en allemand "der blindes test" un truc dans le genre)...

J'ai fais hijackthis, qui a trouvé quelques méchantes lignes que j'ai supprimé, mais le problème reste le même, toujours ces pops-up, et ce message d'erreur qui empêche de travailler correctement (impossible d'installer Firefox par exemple (même erreur qu'au départ mais avec setup.exe), d'aller dans les paramètres systèmes pour désactiver la restauration du système par exemple (même erreur qu'au départ mais avec Rundll32.exe)...

Après un ultime scan avec Spybot, celui-ci détecte le spyware Zango.ShoppingReport mais n'arrive pas à le supprimer...

Après recherche sur ce forum, j'ai vu qu'on renvoyait sur ce topic.

J'ai donc commencé par essayer combofix puisque la personne dit avoir résolu son problème avec ce logiciel. Mais si je suis les étapes de ce tutoriel, au moment où je veux lancer combofix, j'ai toujours cette foutu erreur qui revient avec différents noms de fichiers, le 1er étant Rundll32.exe, ensuite cmd.exe, ensuite find.exe, puis ensuite à nouveau Rundll32.exe, cmd.exe et find.exe. En cliquant une nouvelle fois sur "ok" pour le dernier find.exe, cette fois j'ai un message d'erreur de combofix qui me dit "OS incompatible. Combofix ne fonctionne que pour Windows 2000 et XP", alors que pourtant l'ordinateur infecté possède Windows XP...

Vu que Combofix ne veut pas marcher, j'ai décidé d'essayer la méthode décrire par papyber sur l'autre forum. Comme pour actaris51, SDFix ne marche pas, même erreur que lui en mode sans échec.

J'essaye donc la suite, à savoir eScan Antivirus Toolkit, mais au moment de le lancer, là encore ça ne fonctionne pas, j'ai un message d'erreur qui me dit "Virus Database is older than 30-days!" et qui m'invite à visiter le site officiel pour acheter ce logiciel (http://www.mwti.net/)...

Donc je ne sais plus quoi faire et c'est pourquoi je viens à vous pour trouvez de l'aide !! Le message d'erreur que j'ai est sûrement lié à un de ces spywares... Mais comment le supprimer ? Comment rendre cet ordinateur propre ?

Voici le log d'hijackthis que j'ai fais ce matin :

Citation :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:41:50, on 06.08.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sesam\Security\SPISLMGR.exe
C:\Program Files\Sesam\Servers\LicSrv.exe
C:\Program Files\Sesam\Security\SvcCtrl.exe
C:\Program Files\Sesam\Servers\UsrMgmS.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\PDF Complete\pdfsty.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Windows Live\Contrôle parental\fssui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\documents and settings\yd\local settings\application data\bdsmbf.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\yd\Mes documents\SetPoint\SetPoint.exe
C:\PVSW\Bin\W3DBSMGR.EXE
C:\Program Files\Sesam\Servers\LicMon.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.ch/0SEFRCH/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.fr.msn.ch/0SEFRCH/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.ch/0SEFRCH/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {32341E7E-C319-46DE-91D0-E30BB1A3CABA} - (no file)
O2 - BHO: {eb7a2301-070d-7438-a044-bc39fe2b1064} - {4601b2ef-93cb-440a-8347-d0701032a7be} - C:\WINDOWS\system32\jajvml.dll
O2 - BHO: (no name) - {721DD6AA-A7DC-42BA-8D2F-31B2380A9C46} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [SDMSSplash] "C:\Program Files\HP_SDMS\SDMSSplash\launcher.exe" "launchdir=C:\Program Files\HP_SDMS\SDMSSplash"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
O4 - HKLM\..\Run: [68249cf9] rundll32.exe "C:\WINDOWS\system32\bdfpaqnb.dll",b
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA9444] command /c del "C:\Documents and Settings\yd\Application Data\ShoppingReport\cs\dwld\WhiteList.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2565] cmd /c del "C:\Documents and Settings\yd\Application Data\ShoppingReport\cs\dwld\WhiteList.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3851] command /c del "C:\WINDOWS\system32\xxyAssSL.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5969] cmd /c del "C:\WINDOWS\system32\xxyAssSL.dll_old"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [bdsmbf] c:\documents and settings\yd\local settings\application data\bdsmbf.exe bdsmbf
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingD8271] cmd /c del "C:\Documents and Settings\yd\Application Data\ShoppingReport\cs\dwld\WhiteList.xip"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3491] command /c del "C:\WINDOWS\system32\xxyAssSL.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\Bin\W3DBSMGR.EXE
O4 - Global Startup: SAGE SESAM Service Monitor.lnk = C:\Program Files\Sesam\Servers\LicMon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = verifid.ch
O17 - HKLM\Software\..\Telephony: DomainName = verifid.ch
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = verifid.ch
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = verifid.ch
O18 - Protocol: bw+0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: bykkgmkl.dll jajvml.dll
O20 - Winlogon Notify: iifGvSkL - C:\WINDOWS\
O20 - Winlogon Notify: __c0047E27 - C:\WINDOWS\
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAGE SESAM manager de licence (SESAM Licence Manager) - Sage Sesam Ltd - C:\Program Files\Sesam\Security\SPISLMGR.exe
O23 - Service: SAGE SESAM serveur de licence (SESAM Licence Server) - Sage Sesam Ltd - C:\Program Files\Sesam\Servers\LicSrv.exe
O23 - Service: SAGE SESAM Service Agent (SESAM Service Agent) - Sage Sesam Ltd - C:\Program Files\Sesam\Security\SvcCtrl.exe
O23 - Service: SAGE SESAM server des utilisateurs et des droits (SESAM User Management Server) - Sage Sesam Ltd - C:\Program Files\Sesam\Servers\UsrMgmS.exe

--
End of file - 26942 bytes

Et voilà le rapport d'un scan que j'ai fais hier après-midi sur l'antivirus Kasperksy en ligne :

lien yousendit contenant le fichier word du rapport Kasperksy

Merci d'avance pour vos réponses !! :jap:

Bonne journée ! :hello:

Message édité par mecsympadu74 le 07-08-2008 à 10:13:11

---------------
Venez lire toutes mes reviews de concerts !

Visitez et votez pour mon blog sur les illusions d'optique !

Mr_Jo

:hello:
Puisque tu as fait un scan hitjackthis pour le comprendre sert toi de:
http://www.zebulon.fr/dossiers/43-hijackthis.html
et de google.
fait maigrir la liste des processus au démarrage
http://www.malwarebytes.org/startuplite.php
Dans aide système cela a été la semaine dernière

Avec hitjackthis Fixe les lignes en 017 et 018

les lignes suivantes posent problème:
O4 - HKLM\..\RunOnce: [SpybotDeletingC2565] cmd /c del "C:\Documents and Settings\yd\Application Data\ShoppingReport\cs\dwld\WhiteList.xip"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3851] command /c del "C:\WINDOWS\system32\xxyAssSL.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5969] cmd /c del "C:\WINDOWS\system32\xxyAssSL.dll_old"

O4 - HKCU\..\RunOnce: [SpybotDeletingD8271] cmd /c del "C:\Documents and Settings\yd\Application Data\ShoppingReport\cs\dwld\WhiteList.xip

Essaie d' éliminer ShoppingReport avec Mbam
télécharge :
http://www.malwarebytes.org/mbam.php

Message édité par Mr_Jo le 06-08-2008 à 16:07:29

---------------
[:mr_jo]

mecsympadu74

Ok merci, Hijackthis c'est ok, et maintenant je lance un scan complet de Malwaebytes'.

Je te tiens au courant !

---------------
Venez lire toutes mes reviews de concerts !

Visitez et votez pour mon blog sur les illusions d'optique !

mecsympadu74

Excellent ton logiciel !! Il a détecté pleins de trucs, a tout supprimé (un redémarrage était cependant nécessaire) et apparemment ça a résolu le problème de l'erreur Oxc0000005 !

J'ai pas eu le temps de voir si y'avait toujours des pop-up, je verrais demain, mais je pense que ça devrait être tout bon !

Pour info voilà le résultat du scan :

Citation :

Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1028
Windows 5.1.2600 Service Pack 2

17:28:15 06.08.2008
mbam-log-8-6-2008 (17-27-30).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 110366
Temps écoulé: 26 minute(s), 6 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 12
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 8
Fichier(s) infecté(s): 54

Processus mémoire infecté(s):
C:\documents and settings\yd\local settings\application data\bdsmbf.exe (Adware.Navipromo) -> No action taken.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\jajvml.dll (Trojan.Vundo) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4601b2ef-93cb-440a-8347-d0701032a7be} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4601b2ef-93cb-440a-8347-d0701032a7be} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32341e7e-c319-46de-91d0-e30bb1a3caba} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\568267acfc5644dab06f058006ddbae3 (Adware.Zango) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0047e27 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\68249cf9 (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{32341e7e-c319-46de-91d0-e30bb1a3caba} (Trojan.Vundo) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> No action taken.
C:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> No action taken.
C:\Program Files\ShoppingReport\Bin\2.0.24 (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\yd\Application Data\ShoppingReport (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\yd\Application Data\ShoppingReport\Application Data (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\yd\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\yd\Application Data\ShoppingReport\cs\res2 (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\yd\Application Data\ShoppingReport\cs\yd (Adware.Shopping.Report) -> No action taken.

Fichier(s) infecté(s):
C:\WINDOWS\system32\jajvml.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\bdfpaqnb.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\bnqapfdb.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\kabruuty.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ytuurbak.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\qlhatxmv.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\vmxtahlq.ini (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\yd\Local Settings\Application Data\bdsmbf_navps.dat (Adware.Navipromo) -> No action taken.
C:\Documents and Settings\yd\Local Settings\Application Data\bdsmbf_nav.dat (Adware.Navipromo) -> No action taken.
C:\Documents and Settings\yd\Local Settings\Application Data\bdsmbf.dat (Adware.Navipromo) -> No action taken.
C:\Documents and Settings\yd\Local Settings\Application Data\bdsmbf.exe (Adware.Navipromo) -> No action taken.
C:\Documents and Settings\mc\Local Settings\Temp\puirmcgl.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\mc\Local Settings\Temporary Internet Files\Content.IE5\JLY4HE6R\kb456456[1] (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP244\A0023389..dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP262\A0025062..dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP263\A0025161..dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP265\A0025379..dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP265\A0025446..dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP266\A0025515..dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP267\A0025589..dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP271\A0025934..dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP271\A0025935..dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP271\A0025958..DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP271\A0025978..EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP271\A0025980..EXE (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP272\A0027060..dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP272\A0027064..dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP272\A0027065..dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP272\A0027066..dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP272\A0027067..dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP272\A0027068..dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP272\A0027069..dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP272\A0027070..dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP272\A0027071..dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP272\A0027072..dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP272\A0027073..dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP272\A0027074..dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP272\A0027075..dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP272\A0027076..dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP272\A0027077..dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP272\A0027078..dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP272\A0027062..dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\armouchg.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ejvduhlh.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\hbmfma.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\lnloieet.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rdwvykqh.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\turpza.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\yd\Application Data\ShoppingReport\cs\res2\WhiteList.dbs (Adware.Shopping.Report) -> No action taken.
C:\WINDOWS\cookies.ini (Malware.Trace) -> No action taken.
C:\WINDOWS\BM6b17af65.xml (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BM6b17af65.txt (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ (Trojan.Agent) -> No action taken.

C'est quand même impressionnant toutes les mer*** qu'elle a attrapé ! J'en revient pas... Je sais vraiment pas où elle est allée trainer pour avoir tout ça...

Par contre y'a maintenant un petit bug... En fait Spybot lorsqu'il détectait quelque chose mais n'arrivait pas à le supprimer, proposait de redémarrer l'ordi, et de se lancer au démarrage pour être plus efficace. Le truc c'est qu'une fois que je l'ai fais, il se lançait à chaque redémarrage !

Je l'ai donc désinstallé, mais maintenant j'ai un message d'erreur comme quoi C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe est introuvable...

J'ai regardé dans msconfig pour voir s'il était programmé pour se lancer au démarrage, mais je n'ai rien vu...

Comment résoudre ce problème ? Nettoyer le registre (je n'ai pas non plus encore eu le temps de le faire ce soir) ?

En tout cas merci !! :jap:

Message édité par mecsympadu74 le 06-08-2008 à 20:23:38

---------------
Venez lire toutes mes reviews de concerts !

Visitez et votez pour mon blog sur les illusions d'optique !

Mr_Jo

:hello:
J'espère que tu as lancé: Supprimer la sélection
Pour plus de sécurité refais un scan en mode sans échec
http://www.infos-du-net.com/forum/ [...] lware-mbam

Tu as relancer CCleaner pour essayer de résoudre ton prob de Spybot ?
et startuplitle
Si non pose le problème dans : Aide système

Message édité par Mr_Jo le 07-08-2008 à 09:36:56

---------------
[:mr_jo]

mecsympadu74

Oui oui c'est tout bon, j'ai fais CC Cleaner et Startuplite ce matin et tout est bon. Apparemment plus rien à signaler !

Je marque ce topic comme résolu

Merci encore pour ton aide très utile !

Bonne journée !

---------------
Venez lire toutes mes reviews de concerts !

Visitez et votez pour mon blog sur les illusions d'optique !

Mr_Jo

Aux vues de ton scan kaspersky je ne pense pas que Mbam soit suffisant.
Comme tu vois, les lignes infectées sont marquées et localisées dans les dossiers temporaires, sauf les dll
J'ai pas la rigueur de synthexe pour te conseiller
mais tu peux essayer en mode sans echec
Il faut vider les dossiers temporary internet files et temp avec ATF-Cleaner et vérifier dans les dossiers
en haut d'un dossier: outils/options des dossiers/affichage/cocher afficher les dossiers cachés et pour avoir temporary int files, en dessous, décocher:
masquer les fichiers protégés du système d'exploitation (opération inverse après coup )
C: /Documents and settings /dossier au nom de l'utilisateur admi /local settings
Il ne faudra pas oublier de purger la restauration système
Clic droit sur Poste de travail/ onglet restauration système cocher:
Désactiver la restau sur tout les lecteurs, quand la fenêtre aura disparu clique à nouveau et active la restauration un nouveau point se crée .
Virtumonde est coriace : http://www.site-naheulbeuk.com/vundo.php

Aprés tu refais un scan en ligne avec kaspersky pour voir s'il reste des trucs.

---------------
[:mr_jo]

mecsympadu74

J'avais tout vidé avec CC Cleaner, internet Explorer, + rechercher fichiers ou dossiers *tmp tout ce qui était fichiers temporaires. En ce qui concerne la restauration système je l'ai fais également.

Je vais refaire un scan en ligne avec Kaspersky alors pour être sûr, mais en tout cas y'a plus de pop-up, ni de messages d'erreurs, donc Mbam a bien fait son boulot

Message édité par mecsympadu74 le 07-08-2008 à 15:37:14

---------------
Venez lire toutes mes reviews de concerts !

Visitez et votez pour mon blog sur les illusions d'optique !

synthexe

Anti-Malware Power

Bonjour à tous les 2 :hello:

Tout est vraiment résolu ?? (je pose la question car Vundo est vraiment très accrocheur, même si MBAM travaille très bien dessus.

Pourrais-tu faire un petit DSS comme demandé dans la procédure de prénettoyage.

Bonne soirée.

---------------
¤¤ Kaspersky WebScanner ¤¤¤¤¤¤¤ AVG AntiSpyware ¤¤
¤¤¤¤¤¤ CCleaner ¤¤¤¤¤¤

mecsympadu74

Salut !

Tout est résolu je sais pas, mais en tout cas le gros du problème l'est, plus de message d'erreur qui empêchait de bosser, plus de pop-up qui s'ouvrent à chaque instant...

Mais je ferais quand même ton DSS si je parviens à trouver un moment (j'ai pas été engagé pour ça moi à la base !)...

Entre temps j'ai trouvé un nouveau pc attaqué (ces collègues on se demande ce qu'ils font franchement ?!)... Bon déjà moins que celui-là (j'avais franchement jamais vu aussi infecté que ça !), y'a pas de pop-up ni de messages d'erreurs, mais l'ordinateur utilisait énormément de bande-passante (190 alors que d'hab on tourne autours des 30 ! J'ose pas imaginer à combien était celui de ce topic...) en étant simplement allumé, sans même qu'il n'y ai quelqu'un dessus...

Et effectivement après des scans avec Ad-Aware, Spybot, A2, Hijackthis, Mbam (maintenant que je le connais suila je l'utiliserai à chaque fois vu le bon boulot qu'il a fait ! ) y'a eu plusieurs infections trouvées... mais pas eu de difficultés particulières à supprimer l'une ou l'autre.

Je sais pas d'ailleurs si j'ai tout virer m'enfin ça a l'air déjà d'aller mieux et le dernier scan que j'ai fais y'avait quazi rien... Par contre y'a un problème avec IE, il reste bloqué au chargement de la page d'accueil, je ne sais pas si ça a un rapport... d'un autre côté c'est pas plus mal comme ça le type utilise Firefox ou Opera

Je ferais aussi un DSS sur ce pc (c'est quoi d'ailleurs ce DSS ?) et je laisserai tes yeux d'experts me dire si tout est bon

Bonne soirée !

Message édité par mecsympadu74 le 12-08-2008 à 20:12:06

---------------
Venez lire toutes mes reviews de concerts !

Visitez et votez pour mon blog sur les illusions d'optique !

mecsympadu74

Hello !

Voilà le rapport de DSS. En passant, le lien fournit dans la procédure de nettoyage pour le télécharger ne fonctionne plus On arrive sur une erreur 404.

Voilà le contenu du fichier main.txt :

Citation :

Deckard's System Scanner v20071014.68
Run by yd on 2008-08-13 11:12:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
6: 2008-08-13 09:12:48 UTC - RP6 - Deckard's System Scanner Restore Point
5: 2008-08-11 07:48:15 UTC - RP5 - Point de vérification système
4: 2008-08-07 07:32:49 UTC - RP4 - Avira AntiVir Personal - 07.08.2008 09:32
3: 2008-08-07 07:30:49 UTC - RP3 - Supprimé McAfee VirusScan Enterprise
2: 2008-08-07 07:19:44 UTC - RP2 - Pilote d'imprimante Microsoft Office Document Image Wr installé

-- First Restore Point --
1: 2008-08-06 15:37:58 UTC - RP1 - Point de vérification système

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as yd.exe) --------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:42, on 13.08.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sesam\Security\SPISLMGR.exe
C:\Program Files\Sesam\Servers\LicSrv.exe
C:\Program Files\Sesam\Security\SvcCtrl.exe
C:\Program Files\Sesam\Servers\UsrMgmS.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\PDF Complete\pdfsty.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Windows Live\Contrôle parental\fssui.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\yd\Mes documents\SetPoint\SetPoint.exe
C:\PVSW\Bin\W3DBSMGR.EXE
C:\Program Files\Sesam\Servers\LicMon.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\yd\Bureau\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\yd.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.ch/0SEFRCH/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.fr.msn.ch/0SEFRCH/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.ch/0SEFRCH/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {32341E7E-C319-46DE-91D0-E30BB1A3CABA} - (no file)
O2 - BHO: (no name) - {4601b2ef-93cb-440a-8347-d0701032a7be} - (no file)
O2 - BHO: (no name) - {721DD6AA-A7DC-42BA-8D2F-31B2380A9C46} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [SDMSSplash] "C:\Program Files\HP_SDMS\SDMSSplash\launcher.exe" "launchdir=C:\Program Files\HP_SDMS\SDMSSplash"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\Bin\W3DBSMGR.EXE
O4 - Global Startup: SAGE SESAM Service Monitor.lnk = C:\Program Files\Sesam\Servers\LicMon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = verifid.ch
O17 - HKLM\Software\..\Telephony: DomainName = verifid.ch
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = verifid.ch
O18 - Protocol: bw+0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A8779599-10EA-415D-B253-EA867190ADAB} - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: bykkgmkl.dll jajvml.dll
O20 - Winlogon Notify: iifGvSkL - C:\WINDOWS\
O20 - Winlogon Notify: __c0047E27 - C:\WINDOWS\
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAGE SESAM manager de licence (SESAM Licence Manager) - Sage Sesam Ltd - C:\Program Files\Sesam\Security\SPISLMGR.exe
O23 - Service: SAGE SESAM serveur de licence (SESAM Licence Server) - Sage Sesam Ltd - C:\Program Files\Sesam\Servers\LicSrv.exe
O23 - Service: SAGE SESAM Service Agent (SESAM Service Agent) - Sage Sesam Ltd - C:\Program Files\Sesam\Security\SvcCtrl.exe
O23 - Service: SAGE SESAM server des utilisateurs et des droits (SESAM User Management Server) - Sage Sesam Ltd - C:\Program Files\Sesam\Servers\UsrMgmS.exe

--
End of file - 24388 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080805-141047-631 O20 - Winlogon Notify: __c0047E27 - C:\WINDOWS\system32\__c0047E27.dat (file missing)
backup-20080805-141047-633 O4 - HKCU\..\RunOnce: [SpybotDeletingB6829] command /c del "C:\Documents and Settings\yd\Application Data\ShoppingReport\cs\dwld\WhiteList.xip"
backup-20080805-141047-663 O4 - HKLM\..\RunOnce: [SpybotDeletingA9444] command /c del "C:\Documents and Settings\yd\Application Data\ShoppingReport\cs\dwld\WhiteList.xip"
backup-20080805-141047-761 O20 - Winlogon Notify: iifGvSkL - iifGvSkL.dll (file missing)
backup-20080805-141047-768 O8 - Extra context menu item: &Search - ?p=ZCxdm490YYCH
backup-20080805-141047-779 O2 - BHO: (no name) - {32341E7E-C319-46DE-91D0-E30BB1A3CABA} - C:\WINDOWS\system32\iifGvSkL.dll (file missing)
backup-20080805-141047-873 O4 - HKLM\..\RunOnce: [SpybotDeletingC2565] cmd /c del "C:\Documents and Settings\yd\Application Data\ShoppingReport\cs\dwld\WhiteList.xip"
backup-20080805-141047-883 O2 - BHO: (no name) - {721DD6AA-A7DC-42BA-8D2F-31B2380A9C46} - C:\WINDOWS\system32\xxyAssSL.dll (file missing)
backup-20080805-141047-900 O4 - HKCU\..\RunOnce: [SpybotDeletingD8271] cmd /c del "C:\Documents and Settings\yd\Application Data\ShoppingReport\cs\dwld\WhiteList.xip"
backup-20080806-163843-175 O4 - HKLM\..\RunOnce: [SpybotDeletingC2565] cmd /c del "C:\Documents and Settings\yd\Application Data\ShoppingReport\cs\dwld\WhiteList.xip"
backup-20080806-163843-452 O4 - HKCU\..\RunOnce: [SpybotDeletingD8271] cmd /c del "C:\Documents and Settings\yd\Application Data\ShoppingReport\cs\dwld\WhiteList.xip"
backup-20080806-163843-609 O4 - HKLM\..\RunOnce: [SpybotDeletingA3851] command /c del "C:\WINDOWS\system32\xxyAssSL.dll_old"
backup-20080806-164045-304 O4 - HKLM\..\RunOnce: [SpybotDeletingA3851] command /c del "C:\WINDOWS\system32\xxyAssSL.dll_old"
backup-20080806-164045-419 O4 - HKLM\..\RunOnce: [SpybotDeletingC2565] cmd /c del "C:\Documents and Settings\yd\Application Data\ShoppingReport\cs\dwld\WhiteList.xip"
backup-20080806-164045-571 O4 - HKCU\..\RunOnce: [SpybotDeletingD8271] cmd /c del "C:\Documents and Settings\yd\Application Data\ShoppingReport\cs\dwld\WhiteList.xip"
backup-20080806-164045-605 O4 - HKLM\..\RunOnce: [SpybotDeletingC5969] cmd /c del "C:\WINDOWS\system32\xxyAssSL.dll_old"

-- File Associations -----------------------------------------------------------

[COLOR=red].reg - regfile - shell\open\command - regedit.exe "%1" %*[/COLOR]

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (Avira AntiVir Personal – Free Antivirus Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 SESAM Licence Manager (SAGE SESAM manager de licence) - c:\program files\sesam\security\spislmgr.exe <Not Verified; Sage Sesam Ltd; Licence Manager>
R2 SESAM Licence Server (SAGE SESAM serveur de licence) - c:\program files\sesam\servers\licsrv.exe <Not Verified; Sage Sesam Ltd; SAGE SESAM Licence Server>
R2 SESAM Service Agent (SAGE SESAM Service Agent) - c:\program files\sesam\security\svcctrl.exe <Not Verified; Sage Sesam Ltd; Service Agent>
R2 SESAM User Management Server (SAGE SESAM server des utilisateurs et des droits) - c:\program files\sesam\servers\usrmgms.exe <Not Verified; Sage Sesam Ltd; UsrMgmS Module>

S2 PCA (PC Angel) - c:\windows\sminst\pcangel.exe <Not Verified; SoftThinks; PCAngel Application>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-08-13 10:49:00 256 --a------ C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
2008-08-13 08:20:00 432 --a------ C:\WINDOWS\Tasks\RegCure Program Check.job
2008-08-11 18:24:08 300 --a------ C:\WINDOWS\Tasks\WebReg .job
2008-06-05 14:07:55 366 --a------ C:\WINDOWS\Tasks\RegCure.job

-- Files created between 2008-07-13 and 2008-08-13 -----------------------------

2008-08-13 11:12:39 0 d-------- U:\Deckard
2008-08-12 08:14:25 118784 --a------ C:\WINDOWS\system32\chg.exe <Not Verified; SoftThinks; Launch>
2008-08-07 09:33:03 0 d-------- C:\Program Files\Avira
2008-08-07 09:33:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-08-07 09:07:48 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-07 09:07:46 0 d-------- C:\Documents and Settings\yd\Application Data\Mozilla
2008-08-06 17:38:58 0 d-------- C:\WINDOWS\pss
2008-08-06 16:42:10 0 d-------- C:\Documents and Settings\yd\Application Data\Malwarebytes
2008-08-06 16:42:06 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-06 16:42:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-05 15:54:59 0 dr-h----- C:\Documents and Settings\yd\Recent
2008-08-05 15:51:50 0 d-------- C:\Program Files\CCleaner
2008-08-05 15:31:50 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-08-05 15:25:52 0 d-------- C:\Program Files\RegCleaner
2008-08-05 14:11:36 0 d-------- C:\Program Files\a-squared Free
2008-08-05 13:57:41 0 d-------- C:\Program Files\Trend Micro
2008-08-05 10:11:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-05 09:28:35 0 d-------- C:\Program Files\Lavasoft
2008-08-05 09:28:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-05 09:23:32 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-07-30 11:27:08 94720 --a------ C:\WINDOWS\system32\ukbpki.dll
2008-07-30 11:27:06 94720 --a------ C:\WINDOWS\system32\cnlpqudd.dll
2008-07-29 11:24:21 95232 --a------ C:\WINDOWS\system32\zaognq.dll
2008-07-29 11:24:19 95232 --a------ C:\WINDOWS\system32\qnbknejw.dll
2008-07-28 10:18:37 0 d-------- C:\Documents and Settings\pc\Application Data\InstallShield
2008-07-28 10:18:37 0 d-------- C:\Documents and Settings\pc\Application Data\Identities
2008-07-28 10:18:36 0 d--h----- C:\Documents and Settings\pc\Voisinage réseau
2008-07-28 10:18:36 0 d--h----- C:\Documents and Settings\pc\Voisinage d'impression
2008-07-28 10:18:36 0 dr-h----- C:\Documents and Settings\pc\SendTo
2008-07-28 10:18:36 0 dr-h----- C:\Documents and Settings\pc\Recent
2008-07-28 10:18:36 3407872 --ah----- C:\Documents and Settings\pc\NTUSER.DAT
2008-07-28 10:18:36 0 d--h----- C:\Documents and Settings\pc\Modèles
2008-07-28 10:18:36 0 dr------- C:\Documents and Settings\pc\Mes documents
2008-07-28 10:18:36 0 dr------- C:\Documents and Settings\pc\Menu Démarrer
2008-07-28 10:18:36 0 d--h----- C:\Documents and Settings\pc\Local Settings
2008-07-28 10:18:36 0 dr------- C:\Documents and Settings\pc\Favoris
2008-07-28 10:18:36 0 d--hs---- C:\Documents and Settings\pc\Cookies
2008-07-28 10:18:36 0 d-------- C:\Documents and Settings\pc\Bureau
2008-07-28 10:18:36 0 dr-h----- C:\Documents and Settings\pc\Application Data
2008-07-28 10:18:36 0 d-------- C:\Documents and Settings\pc\Application Data\Symantec
2008-07-28 10:18:36 0 d-------- C:\Documents and Settings\pc\Application Data\SampleView
2008-07-28 10:18:36 0 d---s---- C:\Documents and Settings\pc\Application Data\Microsoft
2008-07-28 10:07:17 0 d-------- C:\Documents and Settings\mc\Application Data\Identities
2008-07-28 10:07:16 0 d-------- C:\Documents and Settings\mc\Application Data\InstallShield
2008-07-28 10:07:15 0 dr------- C:\Documents and Settings\mc\Favoris
2008-07-28 10:07:15 0 d--hs---- C:\Documents and Settings\mc\Cookies
2008-07-28 10:07:15 0 d-------- C:\Documents and Settings\mc\Bureau
2008-07-28 10:07:15 0 dr-h----- C:\Documents and Settings\mc\Application Data
2008-07-28 10:07:15 0 d-------- C:\Documents and Settings\mc\Application Data\Symantec
2008-07-28 10:07:15 0 d-------- C:\Documents and Settings\mc\Application Data\SampleView
2008-07-28 10:07:15 0 d---s---- C:\Documents and Settings\mc\Application Data\Microsoft
2008-07-28 10:07:14 0 d--h----- C:\Documents and Settings\mc\Local Settings
2008-07-28 10:07:13 0 d--h----- C:\Documents and Settings\mc\Voisinage réseau
2008-07-28 10:07:13 0 d--h----- C:\Documents and Settings\mc\Voisinage d'impression
2008-07-28 10:07:13 0 dr-h----- C:\Documents and Settings\mc\SendTo
2008-07-28 10:07:13 0 dr-h----- C:\Documents and Settings\mc\Recent
2008-07-28 10:07:13 0 d--h----- C:\Documents and Settings\mc\Modèles
2008-07-28 10:07:13 0 dr------- C:\Documents and Settings\mc\Mes documents
2008-07-28 10:07:13 0 dr------- C:\Documents and Settings\mc\Menu Démarrer
2008-07-28 10:07:12 3407872 --ah----- C:\Documents and Settings\mc\NTUSER.DAT
2008-07-25 08:33:26 94208 --a------ C:\WINDOWS\system32\kbffyj.dll
2008-07-25 08:33:19 94208 --a------ C:\WINDOWS\system32\kphsrckv.dll
2008-07-24 08:32:01 96768 --a------ C:\WINDOWS\system32\wmwjdd.dll
2008-07-24 08:31:58 96768 --a------ C:\WINDOWS\system32\kjetqvbk.dll
2008-07-23 08:29:53 96256 --a------ C:\WINDOWS\system32\nvdouc.dll
2008-07-23 08:29:45 96256 --a------ C:\WINDOWS\system32\xjbldefu.dll

-- Find3M Report ---------------------------------------------------------------

2008-08-13 08:23:56 448484 --a------ C:\WINDOWS\system32\perfh00C.dat
2008-08-13 08:23:55 65042 --a------ C:\WINDOWS\system32\perfc00C.dat
2008-08-13 08:20:48 0 d-------- C:\Documents and Settings\yd\Application Data\OpenOffice.org2
2008-08-07 09:32:17 0 d-------- C:\Program Files\Fichiers communs
2008-08-05 10:28:34 1755 --ahs---- C:\WINDOWS\system32\LSssAyxx.ini2
2008-08-05 09:27:41 0 d-------- C:\Program Files\Java
2008-07-21 12:13:15 0 d-------- C:\Program Files\GeTaxPM2007

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{32341E7E-C319-46DE-91D0-E30BB1A3CABA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4601b2ef-93cb-440a-8347-d0701032a7be}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{721DD6AA-A7DC-42BA-8D2F-31B2380A9C46}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [07.01.2005 17:07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [04.07.2006 17:26 C:\WINDOWS\RTHDCPL.exe]
"PDF Complete"="C:\Program Files\PDF Complete\pdfsty.exe" [13.04.2007 09:44]
"SDMSSplash"="C:\Program Files\HP_SDMS\SDMSSplash\launcher.exe" [10.03.2006 01:53]
"SetRefresh"="C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" [20.11.2003 20:01]
"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [12.05.2006 12:50]
"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [24.04.2006 10:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10.06.2008 04:27]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [23.01.2007 15:44 C:\WINDOWS\KHALMNPR.Exe]
"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [17.01.2006 14:12]
"fssui"="C:\Program Files\Windows Live\Contrôle parental\fssui.exe" []
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [23.01.2007 15:44 C:\WINDOWS\KHALMNPR.Exe]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [07.08.2008 09:38]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06.07.2007 08:10]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18.10.2007 12:34]
"LDM"="C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [07.08.2007 10:47]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02.03.2006 04:00]

C:\Documents and Settings\yd\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [02.02.2007 16:54:56]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23.04.2008 03:38:16]
Logitech Desktop Messenger.lnk - C:\Documents and Settings\yd\Mes documents\Desktop Messenger\8876480\Program\LDMConf.exe [07.08.2007 10:47:11]
Logitech SetPoint.lnk - C:\Documents and Settings\yd\Mes documents\SetPoint\SetPoint.exe [17.09.2007 09:19:09]
Pervasive.SQL Workgroup Engine.lnk - C:\PVSW\Bin\W3DBSMGR.EXE [16.05.2007 17:11:15]
SAGE SESAM Service Monitor.lnk - C:\Program Files\Sesam\Servers\LicMon.exe [27.07.2004 14:19:36]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifGvSkL]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c0047E27]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=bykkgmkl.dll jajvml.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\xxyAssSL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##Veadmin#Data]
AutoRun\command- setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##Veadmin#PGM]
AutoRun\command- setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8940 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-08-13 11:14:05 ------------

Je poste le contenu de extra.txt dans un autre post, car là j'ai pas la place apparemment de tout mettre.

Message édité par mecsympadu74 le 13-08-2008 à 11:23:29

---------------
Venez lire toutes mes reviews de concerts !

Visitez et votez pour mon blog sur les illusions d'optique !

mecsympadu74

Et maintenant extra.txt comme prévu :

Citation :

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professionnel (build 2600) SP 2.0
Architecture: X86; Language: French

CPU 0: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
CPU 1: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
Percentage of Memory in Use: 40%
Physical Memory (total/avail): 1015.23 MiB / 599.29 MiB
Pagefile Memory (total/avail): 2442.5 MiB / 2069.16 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.85 MiB

C: is Fixed (NTFS) - 139.03 GiB total, 126.91 GiB free.
D: is Fixed (NTFS) - 10 GiB total, 8.34 GiB free.
E: is CDROM (CDFS)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
P: is Network (NTFS)
U: is Network (NTFS)
Y: is Network (NTFS)
Z: is Network (NTFS)

\\.\PHYSICALDRIVE0 - ST3160812AS - 149.05 GiB - 2 partitions
\PARTITION0 (bootable) - Système de fichiers installable - 139.03 GiB - C:
\PARTITION1 - Système de fichiers installable - 10 GiB - D:

\\.\PHYSICALDRIVE1 - Generic- Compact Flash USB Device

\\.\PHYSICALDRIVE4 - Generic- MS/MS-Pro USB Device

\\.\PHYSICALDRIVE3 - Generic- SD/MMC USB Device

\\.\PHYSICALDRIVE2 - Generic- SM/xD-Picture USB Device

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Avira AntiVir PersonalEdition v8.0.1.26 (Avira GmbH) [COLOR=RED]Disabled[/COLOR]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\PVSW\\Bin\\W3DBSMGR.EXE"="C:\\PVSW\\Bin\\W3DBSMGR.EXE:*:Enabledatabase Service Manager"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Documents and Settings\\yd\\Mes documents\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Documents and Settings\\yd\\Mes documents\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe:*:Enabled:Framework Service"
"C:\\Kaspersky\\kavupd.exe"="C:\\Kaspersky\\kavupd.exe:*isabled:kavupd"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\SMINST\\Scheduler.exe"="C:\\WINDOWS\\SMINST\\Scheduler.exe:*:Enabled:Scheduler "
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Documents and Settings\\yd\\Mes documents\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Documents and Settings\\yd\\Mes documents\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*isabled:Logitech Desktop Messenger"
"C:\\PVSW\\Bin\\W3DBSMGR.EXE"="C:\\PVSW\\Bin\\W3DBSMGR.EXE:*:Enabledatabase Service Manager"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\yd\Application Data
CLASSPATH=C:\PVSW\BIN\PVJDBC2X.JAR;C:\PVSW\BIN\PVJDBC2.JAR
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=HP15915379810
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=U:
HOMEPATH=\
HOMESHARE=\\veadmin\users$\yd
LOGONSERVER=\\VEADMIN
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\PVSW\BIN;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\yd\LOCALS~1\Temp
TMP=C:\DOCUME~1\yd\LOCALS~1\Temp
USERDNSDOMAIN=VERIFID.CH
USERDOMAIN=VERIFID
USERNAME=yd
USERPROFILE=C:\Documents and Settings\yd
VSL=C:\PVSW\BIN
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI

-- User Profiles ---------------------------------------------------------------

Administrateur [I](admin)[/I]
mb
mc
pc [I](new local, net ready)[/I]
yd [I](admin)[/I]
stb

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
a-squared Free 3.5 --> "C:\Program Files\a-squared Free\unins000.exe"
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.1.0 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A71000000002}
Assistant de connexion Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Avira AntiVir Personal - Free Antivirus --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Barre d'outils Outlook de Windows Live (Wi

FORUM AideOnline

Aide Sécurité

[RESOLU] Erreur 0xc0000005 + ordi surinfecté

[RESOLU] Erreur 0xc0000005 + ordi surinfecté