Se connecter / S'enregistrer
Votre question

Page Publicitaire intempestive

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
1 Novembre 2008 20:14:34

Bonsoir à tous, voila mon problème.
Depuis quelques temps des fenêtres de pubs intempestives s'affichent quand je démarre internet. Sachant très peu d'ou peut provenir le problème, j'ai donc fais un rapport hijackthis, le voici:




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:57:27, on 01/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\robin\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [CRBroadCasting] C:\Program Files\CardReader2.0\CRBroadCasting.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [a43d6a30] rundll32.exe "C:\WINDOWS\system32\xcxlshuh.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe /background
O4 - HKCU\..\Run: [Settings second] C:\DOCUME~1\robin\APPLIC~1\EACHSU~1\Active mfcd.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O20 - AppInit_DLLs: sivqdq.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OTi Card Reader Service - Unknown owner - C:\Program Files\CardReader2.0\OTiReader.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 5800 bytes



Merci d'avance de me guider afin de supprimer ces pubs.

Autres pages sur : page publicitaire intempestive

a c 268 8 Sécurité
a b , Internet Explorer
1 Novembre 2008 20:16:42

Salut,

Du Lop et du Vundo.

  • Télécharge Lop S&D sur ton Bureau.
  • Double-clique dessus pour lancer l'installation.
  • Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau.
  • Sélectionne la langue souhaitée, puis choisis l'option 1 (Recherche).
  • Patiente jusqu'à la fin du scan.
  • Poste le rapport généré (C:\lopR.txt).
    1 Novembre 2008 21:11:16

    Bonjour,

    Poste pour suivre.

    ;) 
    Contenus similaires
    1 Novembre 2008 22:22:03

    Voila le rapport:



    --------------------\\ Lop S&D 4.2.4-9c XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.40GHz )
    BIOS : Default System BIOS
    USER : robin ( Administrator )
    BOOT : Normal boot
    Antivirus : Bitdefender Antivirus 8.0 (Activated)
    A:\ (USB)
    C:\ (Local Disk) - NTFS - Total:189 Go (Free:180 Go)
    H:\ (CD or DVD)

    "C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
    Option : [1] ( 01/11/2008|20:45 )

    --------------------\\ Listing des dossiers dans APPLIC~1

    [10/08/2008|19:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender
    [10/10/2008|22:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    [28/10/2008|19:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [14/09/2008|18:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\pixelStorm
    [18/10/2008|08:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wait Find Browse New
    [17/08/2008|20:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

    [10/08/2008|19:02] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

    [10/08/2008|19:02] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
    [11/08/2008|17:44] C:\DOCUME~1\LOCALS~1\APPLIC~1\Xfire

    [19/10/2008|17:46] C:\DOCUME~1\NETWOR~1\APPLIC~1\each support bird
    [19/10/2008|17:45] C:\DOCUME~1\NETWOR~1\APPLIC~1\Macromedia
    [10/08/2008|19:02] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
    [11/08/2008|17:45] C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire

    [11/08/2008|19:04] C:\DOCUME~1\robin\APPLIC~1\Adobe
    [10/08/2008|19:15] C:\DOCUME~1\robin\APPLIC~1\Bitdefender
    [28/09/2008|14:31] C:\DOCUME~1\robin\APPLIC~1\dvdcss
    [18/10/2008|08:17] C:\DOCUME~1\robin\APPLIC~1\each support bird
    [10/08/2008|19:11] C:\DOCUME~1\robin\APPLIC~1\Identities
    [11/08/2008|15:33] C:\DOCUME~1\robin\APPLIC~1\InterTrust
    [11/08/2008|18:26] C:\DOCUME~1\robin\APPLIC~1\Macromedia
    [12/10/2008|20:49] C:\DOCUME~1\robin\APPLIC~1\Microsoft
    [25/10/2008|23:51] C:\DOCUME~1\robin\APPLIC~1\mIRC
    [28/08/2008|07:55] C:\DOCUME~1\robin\APPLIC~1\Mozilla
    [19/08/2008|09:31] C:\DOCUME~1\robin\APPLIC~1\RayV
    [11/08/2008|17:01] C:\DOCUME~1\robin\APPLIC~1\Talkback
    [27/10/2008|09:41] C:\DOCUME~1\robin\APPLIC~1\teamspeak2
    [28/08/2008|07:55] C:\DOCUME~1\robin\APPLIC~1\Thunderbird
    [18/08/2008|21:17] C:\DOCUME~1\robin\APPLIC~1\vlc
    [23/08/2008|21:20] C:\DOCUME~1\robin\APPLIC~1\WinRAR
    [01/11/2008|19:15] C:\DOCUME~1\robin\APPLIC~1\Xfire

    --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

    [01/11/2008 20:00][--ah-----] C:\WINDOWS\tasks\AB38D74E918B4D5E.job
    [01/11/2008 19:13][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    ( AB38D74E918B4D5E.job )=( c:\docume~1\robin\applic~1\eachsu~1\LoveDrvView.exe )

    --------------------\\ Listing des dossiers dans C:\Program Files

    [11/08/2008|15:33] C:\Program Files\Adobe
    [10/08/2008|19:14] C:\Program Files\BitDefender
    [11/08/2008|15:36] C:\Program Files\CardReader2.0
    [28/10/2008|01:10] C:\Program Files\Circle Developement
    [11/08/2008|15:52] C:\Program Files\Common Files
    [10/08/2008|18:57] C:\Program Files\ComPlus Applications
    [11/08/2008|15:27] C:\Program Files\D-Link
    [14/10/2008|17:48] C:\Program Files\Dofus
    [18/10/2008|08:16] C:\Program Files\each support bird
    [17/08/2008|20:32] C:\Program Files\Fichiers communs
    [11/08/2008|15:55] C:\Program Files\InstallShield Installation Information
    [12/10/2008|14:30] C:\Program Files\Internet Explorer
    [10/09/2008|15:01] C:\Program Files\Messenger
    [10/10/2008|22:31] C:\Program Files\Messenger Plus! Live
    [10/09/2008|15:01] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [10/08/2008|19:02] C:\Program Files\microsoft frontpage
    [25/10/2008|23:44] C:\Program Files\mIRC
    [10/08/2008|18:58] C:\Program Files\Movie Maker
    [01/11/2008|20:05] C:\Program Files\Mozilla Firefox
    [19/10/2008|18:07] C:\Program Files\Mozilla Thunderbird
    [11/08/2008|18:37] C:\Program Files\MSN
    [10/08/2008|18:56] C:\Program Files\MSN Gaming Zone
    [11/08/2008|18:46] C:\Program Files\MSN Toolbar
    [10/08/2008|18:59] C:\Program Files\NetMeeting
    [10/08/2008|18:56] C:\Program Files\Online Services
    [10/08/2008|18:59] C:\Program Files\Outlook Express
    [11/08/2008|18:26] C:\Program Files\RayV
    [10/08/2008|19:00] C:\Program Files\Services en ligne
    [11/08/2008|15:55] C:\Program Files\Sony
    [01/11/2008|19:13] C:\Program Files\Steam
    [11/08/2008|17:08] C:\Program Files\Teamspeak2_RC2
    [28/10/2008|00:46] C:\Program Files\TeamSpeak3
    [10/08/2008|19:11] C:\Program Files\Uninstall Information
    [11/08/2008|18:28] C:\Program Files\VideoLAN
    [17/10/2008|22:01] C:\Program Files\Wakfu
    [17/08/2008|20:33] C:\Program Files\Windows Live
    [24/10/2008|19:22] C:\Program Files\Windows Media Connect 2
    [25/10/2008|09:17] C:\Program Files\Windows Media Player
    [10/08/2008|18:56] C:\Program Files\Windows NT
    [10/08/2008|19:00] C:\Program Files\WindowsUpdate
    [23/08/2008|21:20] C:\Program Files\WinRAR
    [27/10/2008|22:49] C:\Program Files\Wolfenstein - Enemy Territory
    [10/08/2008|19:02] C:\Program Files\xerox
    [01/11/2008|19:15] C:\Program Files\Xfire

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [11/08/2008|15:34] C:\Program Files\Fichiers communs\Adobe
    [10/08/2008|19:15] C:\Program Files\Fichiers communs\BitDefender
    [11/08/2008|15:55] C:\Program Files\Fichiers communs\InstallShield
    [17/08/2008|20:33] C:\Program Files\Fichiers communs\Microsoft Shared
    [10/08/2008|18:59] C:\Program Files\Fichiers communs\MSSoap
    [10/08/2008|20:47] C:\Program Files\Fichiers communs\ODBC
    [10/08/2008|18:59] C:\Program Files\Fichiers communs\Services
    [11/08/2008|15:55] C:\Program Files\Fichiers communs\Sony Shared
    [10/08/2008|20:47] C:\Program Files\Fichiers communs\SpeechEngines
    [10/08/2008|18:58] C:\Program Files\Fichiers communs\System
    [17/08/2008|20:33] C:\Program Files\Fichiers communs\WindowsLiveInstaller

    --------------------\\ Process

    ( 35 Processes )

    iexplore.exe ~ [PID:1864]
    iexplore.exe ~ [PID:2348]

    --------------------\\ Recherche avec S_Lop

    C:\DOCUME~1\robin\LOCALS~1\Temp\bisB3.exe

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wait Find Browse New
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wait Find Browse New\Copy Up.exe
    C:\DOCUME~1\NETWOR~1\APPLIC~1\eachsu~1
    C:\DOCUME~1\NETWOR~1\APPLIC~1\eachsu~1\Active mfcd.exe
    C:\DOCUME~1\robin\APPLIC~1\eachsu~1
    C:\DOCUME~1\robin\APPLIC~1\eachsu~1\Active mfcd.exe
    C:\DOCUME~1\robin\APPLIC~1\eachsu~1\bprzlprb.exe
    C:\DOCUME~1\robin\APPLIC~1\eachsu~1\gnkadwgu.exe
    C:\DOCUME~1\robin\APPLIC~1\eachsu~1\LoveDrvView.exe
    C:\DOCUME~1\robin\APPLIC~1\eachsu~1\oxesmaqs.exe
    C:\DOCUME~1\robin\APPLIC~1\eachsu~1\Real Comp Platform Nurb.exe
    C:\Program Files\eachsu~1
    C:\DOCUME~1\robin\LOCALS~1\Temp\nsa61.tmp
    C:\DOCUME~1\robin\LOCALS~1\Temp\nsk5F.tmp
    C:\DOCUME~1\robin\LOCALS~1\Temp\nsoBB.tmp
    C:\DOCUME~1\robin\LOCALS~1\Temp\nsr1D.tmp
    C:\DOCUME~1\robin\LOCALS~1\Temp\nsu2F.tmp
    C:\DOCUME~1\robin\LOCALS~1\Temp\nsu5E.tmp
    C:\DOCUME~1\robin\LOCALS~1\Temp\nsz5D.tmp
    C:\Program Files\Circle Developement
    C:\DOCUME~1\robin\Cookies\robin@adin.bigpoint[1].txt
    C:\DOCUME~1\robin\Cookies\robin@bigpoint[2].txt
    C:\DOCUME~1\robin\Cookies\robin@fr.seafight.bigpoint[1].txt
    C:\DOCUME~1\robin\Cookies\robin@fr.xblaster.bigpoint[1].txt
    C:\DOCUME~1\robin\Cookies\robin@adopt.euroclick[2].txt
    C:\DOCUME~1\robin\Cookies\robin@pacificpoker[1].txt
    C:\DOCUME~1\robin\Cookies\robin@fr.seafight.bigpoint[1].txt
    C:\WINDOWS\Tasks\AB38D74E918B4D5E.job

    --------------------\\ Verification du Registre

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Settings second"="C:\\DOCUME~1\\robin\\APPLIC~1\\EACHSU~1\\Active mfcd.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE


    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-01 21:01:28
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------\\ Recherche d'autres infections

    C:\WINDOWS\system32\NWyIRqss.ini
    C:\WINDOWS\system32\NWyIRqss.ini2
    C:\WINDOWS\system32\ssqRIyWN.dll
    ==> VUNDO <==



    [F:996][D:95]-> C:\DOCUME~1\robin\LOCALS~1\Temp
    [F:115][D:0]-> C:\DOCUME~1\robin\Cookies
    [F:2715][D:4]-> C:\DOCUME~1\robin\LOCALS~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - 01/11/2008|21:06 - Option : [1]

    --------------------\\ Fin du rapport a 21:06:27
    a c 268 8 Sécurité
    a b , Internet Explorer
    1 Novembre 2008 22:54:58

  • Relance Lop S&D.
  • Choisis cette fois-ci l'option 2 (Suppression).
  • Ne ferme pas la fenêtre lors de la suppression !
  • Poste le rapport généré (C:\lopR.txt).
    2 Novembre 2008 23:02:41

    Voila le rapport (désolé de cette réponse tardive j'avais un petit soucis de connexion)




    --------------------\\ Lop S&D 4.2.4-9c XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.40GHz )
    BIOS : Default System BIOS
    USER : robin ( Administrator )
    BOOT : Normal boot
    Antivirus : Bitdefender Antivirus 8.0 (Activated)
    A:\ (USB)
    C:\ (Local Disk) - NTFS - Total:189 Go (Free:175 Go)
    H:\ (CD or DVD)

    "C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
    Option : [2] ( 02/11/2008|20:57 )


    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wait Find Browse New\Copy Up.exe
    Supprime! - C:\DOCUME~1\NETWOR~1\APPLIC~1\eachsu~1\Active mfcd.exe
    Supprime! - C:\DOCUME~1\robin\APPLIC~1\eachsu~1\Active mfcd.exe
    Supprime! - C:\DOCUME~1\robin\APPLIC~1\eachsu~1\bprzlprb.exe
    Supprime! - C:\DOCUME~1\robin\APPLIC~1\eachsu~1\gnkadwgu.exe
    Supprime! - C:\DOCUME~1\robin\APPLIC~1\eachsu~1\LoveDrvView.exe
    Supprime! - C:\DOCUME~1\robin\APPLIC~1\eachsu~1\oxesmaqs.exe
    Supprime! - C:\DOCUME~1\robin\APPLIC~1\eachsu~1\Real Comp Platform Nurb.exe
    Supprime! - C:\DOCUME~1\robin\LOCALS~1\Temp\nsa61.tmp
    Supprime! - C:\DOCUME~1\robin\LOCALS~1\Temp\nsk5F.tmp
    Supprime! - C:\DOCUME~1\robin\LOCALS~1\Temp\nsoBB.tmp
    Supprime! - C:\DOCUME~1\robin\LOCALS~1\Temp\nsr1D.tmp
    Supprime! - C:\DOCUME~1\robin\LOCALS~1\Temp\nsu2F.tmp
    Supprime! - C:\DOCUME~1\robin\LOCALS~1\Temp\nsu5E.tmp
    Supprime! - C:\DOCUME~1\robin\LOCALS~1\Temp\nsz5D.tmp
    Supprime! - C:\DOCUME~1\robin\Cookies\robin@adin.bigpoint[1].txt
    Supprime! - C:\DOCUME~1\robin\Cookies\robin@bigpoint[2].txt
    Supprime! - C:\DOCUME~1\robin\Cookies\robin@fr.seafight.bigpoint[1].txt
    Supprime! - C:\DOCUME~1\robin\Cookies\robin@fr.xblaster.bigpoint[1].txt
    Supprime! - C:\DOCUME~1\robin\Cookies\robin@adopt.euroclick[2].txt
    Supprime! - C:\DOCUME~1\robin\Cookies\robin@pacificpoker[1].txt
    Supprime! - C:\WINDOWS\Tasks\AB38D74E918B4D5E.job
    Supprime! - C:\DOCUME~1\robin\LOCALS~1\Temp\bisB3.exe
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wait Find Browse New
    Supprime! - C:\DOCUME~1\NETWOR~1\APPLIC~1\eachsu~1
    Supprime! - C:\DOCUME~1\robin\APPLIC~1\eachsu~1
    Supprime! - C:\Program Files\eachsu~1
    Supprime! - C:\Program Files\Circle Developement

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


    --------------------\\ Listing des dossiers dans APPLIC~1

    [10/08/2008|19:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender
    [10/10/2008|22:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    [28/10/2008|19:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [14/09/2008|18:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\pixelStorm
    [17/08/2008|20:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

    [10/08/2008|19:02] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

    [10/08/2008|19:02] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
    [11/08/2008|17:44] C:\DOCUME~1\LOCALS~1\APPLIC~1\Xfire

    [19/10/2008|17:45] C:\DOCUME~1\NETWOR~1\APPLIC~1\Macromedia
    [10/08/2008|19:02] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
    [11/08/2008|17:45] C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire

    [11/08/2008|19:04] C:\DOCUME~1\robin\APPLIC~1\Adobe
    [10/08/2008|19:15] C:\DOCUME~1\robin\APPLIC~1\Bitdefender
    [28/09/2008|14:31] C:\DOCUME~1\robin\APPLIC~1\dvdcss
    [10/08/2008|19:11] C:\DOCUME~1\robin\APPLIC~1\Identities
    [11/08/2008|15:33] C:\DOCUME~1\robin\APPLIC~1\InterTrust
    [11/08/2008|18:26] C:\DOCUME~1\robin\APPLIC~1\Macromedia
    [12/10/2008|20:49] C:\DOCUME~1\robin\APPLIC~1\Microsoft
    [25/10/2008|23:51] C:\DOCUME~1\robin\APPLIC~1\mIRC
    [28/08/2008|07:55] C:\DOCUME~1\robin\APPLIC~1\Mozilla
    [19/08/2008|09:31] C:\DOCUME~1\robin\APPLIC~1\RayV
    [11/08/2008|17:01] C:\DOCUME~1\robin\APPLIC~1\Talkback
    [27/10/2008|09:41] C:\DOCUME~1\robin\APPLIC~1\teamspeak2
    [28/08/2008|07:55] C:\DOCUME~1\robin\APPLIC~1\Thunderbird
    [18/08/2008|21:17] C:\DOCUME~1\robin\APPLIC~1\vlc
    [23/08/2008|21:20] C:\DOCUME~1\robin\APPLIC~1\WinRAR
    [02/11/2008|20:57] C:\DOCUME~1\robin\APPLIC~1\Xfire

    --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

    [02/11/2008 20:33][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    --------------------\\ Listing des dossiers dans C:\Program Files

    [11/08/2008|15:33] C:\Program Files\Adobe
    [10/08/2008|19:14] C:\Program Files\BitDefender
    [11/08/2008|15:36] C:\Program Files\CardReader2.0
    [11/08/2008|15:52] C:\Program Files\Common Files
    [10/08/2008|18:57] C:\Program Files\ComPlus Applications
    [11/08/2008|15:27] C:\Program Files\D-Link
    [14/10/2008|17:48] C:\Program Files\Dofus
    [17/08/2008|20:32] C:\Program Files\Fichiers communs
    [11/08/2008|15:55] C:\Program Files\InstallShield Installation Information
    [12/10/2008|14:30] C:\Program Files\Internet Explorer
    [10/09/2008|15:01] C:\Program Files\Messenger
    [10/10/2008|22:31] C:\Program Files\Messenger Plus! Live
    [10/09/2008|15:01] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [10/08/2008|19:02] C:\Program Files\microsoft frontpage
    [25/10/2008|23:44] C:\Program Files\mIRC
    [10/08/2008|18:58] C:\Program Files\Movie Maker
    [02/11/2008|20:47] C:\Program Files\Mozilla Firefox
    [19/10/2008|18:07] C:\Program Files\Mozilla Thunderbird
    [11/08/2008|18:37] C:\Program Files\MSN
    [10/08/2008|18:56] C:\Program Files\MSN Gaming Zone
    [11/08/2008|18:46] C:\Program Files\MSN Toolbar
    [10/08/2008|18:59] C:\Program Files\NetMeeting
    [10/08/2008|18:56] C:\Program Files\Online Services
    [10/08/2008|18:59] C:\Program Files\Outlook Express
    [11/08/2008|18:26] C:\Program Files\RayV
    [10/08/2008|19:00] C:\Program Files\Services en ligne
    [11/08/2008|15:55] C:\Program Files\Sony
    [02/11/2008|20:35] C:\Program Files\Steam
    [11/08/2008|17:08] C:\Program Files\Teamspeak2_RC2
    [28/10/2008|00:46] C:\Program Files\TeamSpeak3
    [10/08/2008|19:11] C:\Program Files\Uninstall Information
    [11/08/2008|18:28] C:\Program Files\VideoLAN
    [17/10/2008|22:01] C:\Program Files\Wakfu
    [17/08/2008|20:33] C:\Program Files\Windows Live
    [24/10/2008|19:22] C:\Program Files\Windows Media Connect 2
    [25/10/2008|09:17] C:\Program Files\Windows Media Player
    [10/08/2008|18:56] C:\Program Files\Windows NT
    [10/08/2008|19:00] C:\Program Files\WindowsUpdate
    [23/08/2008|21:20] C:\Program Files\WinRAR
    [27/10/2008|22:49] C:\Program Files\Wolfenstein - Enemy Territory
    [10/08/2008|19:02] C:\Program Files\xerox
    [01/11/2008|19:15] C:\Program Files\Xfire

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [11/08/2008|15:34] C:\Program Files\Fichiers communs\Adobe
    [10/08/2008|19:15] C:\Program Files\Fichiers communs\BitDefender
    [11/08/2008|15:55] C:\Program Files\Fichiers communs\InstallShield
    [17/08/2008|20:33] C:\Program Files\Fichiers communs\Microsoft Shared
    [10/08/2008|18:59] C:\Program Files\Fichiers communs\MSSoap
    [10/08/2008|20:47] C:\Program Files\Fichiers communs\ODBC
    [10/08/2008|18:59] C:\Program Files\Fichiers communs\Services
    [11/08/2008|15:55] C:\Program Files\Fichiers communs\Sony Shared
    [10/08/2008|20:47] C:\Program Files\Fichiers communs\SpeechEngines
    [10/08/2008|18:58] C:\Program Files\Fichiers communs\System
    [17/08/2008|20:33] C:\Program Files\Fichiers communs\WindowsLiveInstaller

    --------------------\\ Process

    ( 36 Processes )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    C:\DOCUME~1\robin\Cookies\robin@banner.cotedazurpalace[2].txt
    C:\DOCUME~1\robin\Cookies\robin@cotedazurpalace[2].txt
    C:\DOCUME~1\robin\Cookies\robin@www.cotedazurpalace[1].txt

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE


    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-02 21:13:47
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------\\ Recherche d'autres infections

    C:\WINDOWS\system32\NWyIRqss.ini
    C:\WINDOWS\system32\NWyIRqss.ini2
    C:\WINDOWS\system32\ssqRIyWN.dll
    ==> VUNDO <==



    [F:1009][D:98]-> C:\DOCUME~1\robin\LOCALS~1\Temp
    [F:128][D:0]-> C:\DOCUME~1\robin\Cookies
    [F:155][D:4]-> C:\DOCUME~1\robin\LOCALS~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - 01/11/2008|21:06 - Option : [1]
    2 - "C:\Lop SD\LopR_2.txt" - 02/11/2008|21:18 - Option : [2]

    --------------------\\ Fin du rapport a 21:18:13
    a c 268 8 Sécurité
    a b , Internet Explorer
    2 Novembre 2008 23:04:48

    Ok bien, on va s'occuper de Vundo.

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparait à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : Les rapports sont sauvegardés dans le dossier C:\rsit
    3 Novembre 2008 13:22:02

    Voila le rapport log.txt:


    Logfile of random's system information tool 1.04 (written by random/random)
    Run by robin at 2008-11-03 13:16:35
    Microsoft Windows XP Édition familiale Service Pack 2
    System drive C: has 180 GB (92%) free of 194 GB
    Total RAM: 1023 MB (46% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:16:57, on 03/11/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CardReader2.0\OTiReader.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
    C:\Program Files\CardReader2.0\CRBroadCasting.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
    C:\Program Files\Xfire\xfire.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Dofus\dofus.dll
    C:\PROGRA~1\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\robin\Bureau\RSIT.exe
    C:\Documents and Settings\robin\Bureau\robin.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {584AA69A-F2AB-4155-A7EB-EC5DCB011B14} - C:\WINDOWS\system32\ssqRIyWN.dll
    O2 - BHO: (no name) - {62D1390B-75E8-445C-A99D-3340E08FD4C5} - C:\WINDOWS\system32\xxyawtTj.dll (file missing)
    O2 - BHO: {c12a5960-7a26-13d8-a764-0850eb24df97} - {79fd42be-0580-467a-8d31-62a70695a21c} - C:\WINDOWS\system32\mwaxzr.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
    O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
    O4 - HKLM\..\Run: [CRBroadCasting] C:\Program Files\CardReader2.0\CRBroadCasting.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - S-1-5-18 Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User 'Default user')
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
    O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213....
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O20 - AppInit_DLLs: mwaxzr.dll
    O20 - Winlogon Notify: xxyawtTj - xxyawtTj.dll (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: OTi Card Reader Service - Unknown owner - C:\Program Files\CardReader2.0\OTiReader.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe

    --
    End of file - 6717 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{584AA69A-F2AB-4155-A7EB-EC5DCB011B14}]
    C:\WINDOWS\system32\ssqRIyWN.dll [2008-10-24 317440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62D1390B-75E8-445C-A99D-3340E08FD4C5}]
    C:\WINDOWS\system32\xxyawtTj.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79fd42be-0580-467a-8d31-62a70695a21c}]
    C:\WINDOWS\system32\mwaxzr.dll [2008-11-02 123904]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll [2008-08-11 86016]
    {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Barre d'outils MSN - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll [2005-02-07 203464]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "BDAgent"=C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe [2008-09-16 368640]
    "CRBroadCasting"=C:\Program Files\CardReader2.0\CRBroadCasting.exe [2004-02-26 24576]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-08-02 7110656]
    "nwiz"=nwiz.exe /install []
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-08-02 86016]
    "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-06-20 77824]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]
    "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
    "Steam"=C:\Program Files\Steam\Steam.exe [2008-10-11 1410296]
    "RayV"=C:\Program Files\RayV\RayV\RayV.exe [2008-08-31 3708200]

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    D-Link AirPlus G+ Wireless Adapter Utility.lnk - C:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE

    C:\Documents and Settings\robin\Menu Démarrer\Programmes\Démarrage
    Xfire.lnk - C:\Program Files\Xfire\xfire.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="mwaxzr.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyawtTj]
    xxyawtTj.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{62D1390B-75E8-445C-A99D-3340E08FD4C5}"=C:\WINDOWS\system32\xxyawtTj.dll []

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "authentication packages"=msv1_0
    C:\WINDOWS\system32\ssqRIyWN

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
    "C:\Program Files\Wolfenstein - Enemy Territory\ET.exe"="C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET"
    "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
    "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"
    "C:\Program Files\RayV\RayV\RayV.exe"="C:\Program Files\RayV\RayV\RayV.exe:*:Enabled:RayV"
    "C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    ======List of files/folders created in the last 1 months======

    2008-11-03 13:16:35 ----D---- C:\rsit
    2008-11-02 20:37:46 ----SH---- C:\WINDOWS\system32\sdttiikk.ini
    2008-11-02 20:37:45 ----A---- C:\WINDOWS\system32\kkiittds.dll
    2008-11-02 20:36:41 ----A---- C:\WINDOWS\system32\mwaxzr.dll
    2008-11-02 20:36:36 ----A---- C:\WINDOWS\system32\nhxyeffj.dll
    2008-11-02 19:18:57 ----A---- C:\WINDOWS\system32\xnpqws.dll
    2008-11-02 19:18:57 ----A---- C:\WINDOWS\system32\tueadcox.dll
    2008-11-02 19:15:57 ----SH---- C:\WINDOWS\system32\tnwljugl.ini
    2008-11-01 20:44:08 ----A---- C:\lopR.txt
    2008-11-01 20:42:09 ----D---- C:\Lop SD
    2008-11-01 19:16:06 ----A---- C:\WINDOWS\system32\ujtioepm.dll
    2008-11-01 19:16:06 ----A---- C:\WINDOWS\system32\sivqdq.dll
    2008-11-01 19:14:40 ----SH---- C:\WINDOWS\system32\huhslxcx.ini
    2008-10-28 19:16:21 ----A---- C:\WINDOWS\system32\qeiule.dll
    2008-10-28 19:16:21 ----A---- C:\WINDOWS\system32\lqvynxox.dll
    2008-10-28 16:18:09 ----A---- C:\WINDOWS\system32\gphlkowk.exe
    2008-10-28 16:16:47 ----SH---- C:\WINDOWS\system32\vxflcjxc.ini
    2008-10-28 16:16:39 ----A---- C:\WINDOWS\system32\cxjclfxv.dll
    2008-10-28 14:46:06 ----SH---- C:\WINDOWS\system32\euciswfg.ini
    2008-10-28 14:43:02 ----A---- C:\WINDOWS\system32\xqfslrnx.dll
    2008-10-28 14:43:02 ----A---- C:\WINDOWS\system32\qjpdmv.dll
    2008-10-28 14:40:00 ----A---- C:\WINDOWS\system32\ofahejoa.exe
    2008-10-28 00:46:10 ----D---- C:\Program Files\TeamSpeak3
    2008-10-27 14:45:55 ----SH---- C:\WINDOWS\system32\xsgatdoa.ini
    2008-10-27 14:45:45 ----A---- C:\WINDOWS\system32\aodtagsx.dll
    2008-10-27 14:38:29 ----A---- C:\WINDOWS\system32\ghzous.dll
    2008-10-27 14:38:25 ----A---- C:\WINDOWS\system32\uuggvghq.dll
    2008-10-27 10:01:36 ----SH---- C:\WINDOWS\system32\grhlodrs.ini
    2008-10-27 10:01:36 ----A---- C:\WINDOWS\system32\srdolhrg.dll
    2008-10-27 09:58:35 ----A---- C:\WINDOWS\system32\rkncabll.exe
    2008-10-27 09:55:36 ----A---- C:\WINDOWS\system32\uqfgiohc.dll
    2008-10-27 09:55:36 ----A---- C:\WINDOWS\system32\dvyhwj.dll
    2008-10-26 09:57:59 ----A---- C:\WINDOWS\system32\tgamjhru.exe
    2008-10-26 09:55:19 ----SH---- C:\WINDOWS\system32\rpkiptdw.ini
    2008-10-26 09:53:28 ----A---- C:\WINDOWS\system32\btcwoo.dll
    2008-10-26 09:53:26 ----A---- C:\WINDOWS\system32\rvbdhisg.dll
    2008-10-25 09:26:37 ----SH---- C:\WINDOWS\system32\fkghaktt.ini
    2008-10-25 09:26:37 ----A---- C:\WINDOWS\system32\ttkahgkf.dll
    2008-10-25 09:23:39 ----A---- C:\WINDOWS\system32\fljmex.dll
    2008-10-25 09:23:38 ----A---- C:\WINDOWS\system32\kvakwagy.dll
    2008-10-24 23:23:40 ----SH---- C:\WINDOWS\system32\gsixibcj.ini
    2008-10-24 23:21:53 ----A---- C:\WINDOWS\system32\yheinfgh.dll
    2008-10-24 23:21:53 ----A---- C:\WINDOWS\system32\qvhbej.dll
    2008-10-24 23:21:23 ----A---- C:\WINDOWS\system32\af1eae4e-.txt
    2008-10-24 23:20:36 ----ASH---- C:\WINDOWS\system32\NWyIRqss.ini2
    2008-10-24 23:20:36 ----ASH---- C:\WINDOWS\system32\NWyIRqss.ini
    2008-10-24 23:20:31 ----A---- C:\WINDOWS\system32\ssqRIyWN.dll
    2008-10-24 23:15:23 ----A---- C:\WINDOWS\system32\~.exe
    2008-10-24 19:23:35 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
    2008-10-24 19:23:06 ----N---- C:\WINDOWS\system32\spmsg.dll
    2008-10-24 19:23:05 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
    2008-10-24 19:22:36 ----D---- C:\Program Files\Windows Media Connect 2
    2008-10-24 19:21:50 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
    2008-10-24 19:17:36 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
    2008-10-24 19:16:16 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
    2008-10-14 18:05:31 ----D---- C:\WINDOWS\system32\CatRoot_bak
    2008-10-10 23:11:50 ----D---- C:\Program Files\Wakfu
    2008-10-10 22:32:51 ----D---- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-10-10 22:31:32 ----D---- C:\Program Files\Messenger Plus! Live
    2008-10-09 01:47:12 ----A---- C:\WINDOWS\system32\xfcodec.dll
    2008-10-04 08:18:39 ----D---- C:\WINDOWS\ie7updates
    2008-10-04 08:17:30 ----D---- C:\WINDOWS\WBEM
    2008-10-04 08:17:27 ----D---- C:\WINDOWS\system32\fr-fr
    2008-10-04 08:14:19 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
    2008-10-04 08:13:59 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
    2008-10-04 08:13:06 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
    2008-10-04 08:13:03 ----N---- C:\WINDOWS\system32\xmllite.dll
    2008-10-04 08:10:55 ----A---- C:\WINDOWS\system32\MRT.exe
    2008-10-04 08:10:40 ----D---- C:\WINDOWS\network diagnostic
    2008-10-04 08:10:39 ----HDC---- C:\WINDOWS\$NtUninstallKB914440$
    2008-10-04 08:10:18 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$

    ======List of files/folders modified in the last 1 months======

    2008-11-03 13:16:35 ----D---- C:\WINDOWS\Prefetch
    2008-11-03 13:15:59 ----D---- C:\WINDOWS\Temp
    2008-11-03 13:13:22 ----D---- C:\Program Files\Mozilla Firefox
    2008-11-03 12:32:50 ----D---- C:\WINDOWS\system32
    2008-11-03 11:02:16 ----D---- C:\Program Files\Steam
    2008-11-02 23:03:28 ----A---- C:\WINDOWS\SchedLgU.Txt
    2008-11-02 23:03:14 ----A---- C:\WINDOWS\bdagent.INI
    2008-11-02 20:58:31 ----RD---- C:\Program Files
    2008-11-02 20:58:26 ----SD---- C:\WINDOWS\Tasks
    2008-11-02 20:57:10 ----D---- C:\Documents and Settings\robin\Application Data\Xfire
    2008-11-02 20:52:38 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
    2008-11-02 15:42:26 ----D---- C:\WINDOWS\system32\CatRoot2
    2008-11-01 19:15:23 ----SD---- C:\Program Files\Xfire
    2008-10-28 19:58:46 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
    2008-10-28 19:58:04 ----HD---- C:\WINDOWS\inf
    2008-10-27 22:49:30 ----D---- C:\Program Files\Wolfenstein - Enemy Territory
    2008-10-27 09:41:47 ----D---- C:\Documents and Settings\robin\Application Data\teamspeak2
    2008-10-26 09:54:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2008-10-25 23:51:15 ----D---- C:\Documents and Settings\robin\Application Data\mIRC
    2008-10-25 23:44:14 ----D---- C:\Program Files\mIRC
    2008-10-25 09:17:50 ----D---- C:\WINDOWS
    2008-10-25 09:17:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2008-10-25 09:17:04 ----D---- C:\WINDOWS\AppPatch
    2008-10-25 09:17:04 ----D---- C:\Program Files\Windows Media Player
    2008-10-24 19:23:11 ----A---- C:\WINDOWS\imsins.BAK
    2008-10-24 19:22:49 ----A---- C:\WINDOWS\win.ini
    2008-10-24 19:22:14 ----D---- C:\WINDOWS\Help
    2008-10-24 19:18:17 ----D---- C:\WINDOWS\system32\drivers
    2008-10-24 19:16:25 ----D---- C:\WINDOWS\system32\LogFiles
    2008-10-19 18:07:45 ----D---- C:\Program Files\Mozilla Thunderbird
    2008-10-14 18:31:10 ----D---- C:\WINDOWS\system32\CatRoot
    2008-10-14 18:05:31 ----D---- C:\WINDOWS\Debug
    2008-10-14 17:48:24 ----D---- C:\Program Files\Dofus
    2008-10-12 20:49:04 ----SD---- C:\Documents and Settings\robin\Application Data\Microsoft
    2008-10-12 14:30:51 ----D---- C:\Program Files\Internet Explorer
    2008-10-12 10:13:04 ----D---- C:\WINDOWS\Media
    2008-10-04 08:18:22 ----HD---- C:\WINDOWS\$hf_mig$
    2008-10-04 08:17:37 ----D---- C:\WINDOWS\system32\config

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 bdftdif;bdftdif; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys []
    R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-05 40320]
    R2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\system32\DRIVERS\nvcap.sys [2002-06-27 106044]
    R2 nvTUNEP;nVidia WDM TVTuner; C:\WINDOWS\system32\DRIVERS\nvtunep.sys [2002-06-27 16064]
    R2 nvtvSND;nVidia WDM TVAudio Crossbar; C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys [2002-06-27 14048]
    R2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2002-06-27 10398]
    R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-06-20 2324480]
    R3 bdfsfltr;bdfsfltr; 730079007300740065006D00330032005C0044005200490056004500520053005C00620064006600730066006C00740072002E007300790073000000 []
    R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys []
    R3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-08-02 3199328]
    R3 odysseyIM3;Odyssey Network Services Miniport; C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2004-08-20 62865]
    R3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
    R3 TNET1130;D-Link AirPlus G+ Wireless Adapter; C:\WINDOWS\system32\DRIVERS\GPlus.sys [2004-05-21 283392]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-05 26624]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]
    R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 26496]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-05 20480]
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
    S3 Profos;Profos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys []
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
    S3 Trufos;Trufos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys []
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
    S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe [2008-08-11 1155072]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-08-02 127043]
    R2 OTi Card Reader Service;OTi Card Reader Service; C:\Program Files\CardReader2.0\OTiReader.exe [2004-03-04 131177]
    R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-08-11 66872]
    R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe [2008-09-15 1261568]
    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336]
    R2 XCOMM;BitDefender Communicator; C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe [2008-08-11 86016]
    R3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2004-08-05 14336]
    R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
    S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]
    S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]
    S3 SPTISRV;Sony SPTI Service; C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]



    Voila le rapport info.txt:


    info.txt logfile of random's system information tool 1.04 2008-11-03 13:17:00

    ======Uninstall list======

    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll"
    Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
    Barre d'outils MSN-->C:\Program Files\MSN Toolbar\01.01.2607.0\fr\mtbs.exe c
    BitDefender Antivirus 2008-->MsiExec.exe /I{2B8F0284-D162-4F6A-B5CB-4ACD0B251457}
    Correctif pour Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
    Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240
    D-Link AirPlus G+ Wireless Adapter Utility-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A2F67EA3-0721-4E0D-A7B9-AE8F321303AF}\Setup.exe" -l0x9
    Dofus 1.24.0-->C:\Program Files\Dofus\uninstall.exe
    Dofus 1.25.0-->C:\Program Files\Dofus\uninstall.exe
    HijackThis 2.0.2-->"C:\Documents and Settings\robin\Bureau\HijackThis.exe" /uninstall
    Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
    Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Messenger Plus! Live & Sponsor (CiD)-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
    Mise à jour de sécurité pour Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Mozilla Firefox (2.0.0.17)-->C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
    Mozilla Thunderbird (2.0.0.16)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
    NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
    NVIDIA WDM Drivers-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B023185F-F1EF-4F97-B0BD-AE6D802226D1}\Setup.exe"
    OpenMG Secure Module 4.7.00-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL
    OTiCardReader -->C:\Program Files\CardReader2.0\AdvDrvIns.exe -u "C:\Program Files\CardReader2.0"
    RayV-->C:\Program Files\RayV\RayV\uninstall.exe
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Steam(TM)-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
    TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
    TeamSpeak Client-->"C:\Program Files\TeamSpeak3\unins000.exe"
    VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    Wakfu-->C:\Program Files\Wakfu\uninstall.exe
    Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
    Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
    Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Wolfenstein - Enemy Territory-->C:\PROGRA~1\WOLFEN~1\Uninstall\Unwise.exe /u C:\PROGRA~1\WOLFEN~1\Uninstall\Install.log
    Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"

    ======Security center information======

    AV: Bitdefender Antivirus

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel
    "PROCESSOR_REVISION"=0403
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP

    -----------------EOF-----------------
    a c 268 8 Sécurité
    a b , Internet Explorer
    3 Novembre 2008 17:11:46

    Je te réponds un peu plus tard ;) 
    a c 268 8 Sécurité
    a b , Internet Explorer
    3 Novembre 2008 21:25:48

    Merci de visiter ce lien pour savoir comment installer et exécuter ComboFix :

    http://www.bleepingcomputer.com/combofix/fr/comment-uti...

    Cela inclut l'installation de la console de récupération windows si jamais elle n'est pas déjà été installée sur le PC. Il est vivement recommandé d'installer la console de récupération windows, car elle permet d'avoir accès à un très grand nombre de fonctionnalités dans le cas où le PC ne redémarrerait plus. C'est une sécurité supplémentaire en quelque sorte.

    Une fois la console de récupération installée, vous aurez le choix au démarrage entre votre windows habituel et la console de récupération. Lancez votre windows habituel, puisque nous n'avons pas besoin d'utiliser la console de récupération, qui ne sert qu'en cas de problèmes. Par défaut, votre OS est sélectionné et il se lance automatiquement au bout de deux secondes. C'est normal :) 

    Merci de me poster dans ta prochaine réponse le rapport de combofix.

    ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS