Hijackthis et Trojan Remover rapportRésolu/Fermé

Question

Bonjour

qqu'un peut-il interpréter ces rapport 
merci

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:00:34, on 23/08/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe"  /startintray
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: Registration-Studio 8 SE.lnk = C:\Program Files\Pinnacle\Studio 8\Register\RegTool.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Readereader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{446B2E5B-E73A-4FAE-A43C-CA0C7B4BBB3A}: NameServer = 85.255.114.69,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DDA94AF-F8A0-483C-8DBF-A63271A4156F}: NameServer = 85.255.114.69,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D204219-723A-4270-A87D-55F41CAB72C2}: NameServer = 85.255.114.69,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF733837-0193-46DD-89E8-B312955D5F91}: NameServer = 85.255.114.69,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\..\{E16A0E6C-548C-4E2E-B43E-1ABC4C56DB69}: NameServer = 85.255.114.69,85.255.112.167
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.69 85.255.112.167
O17 - HKLM\System\CS1\Services\Tcpip\..\{446B2E5B-E73A-4FAE-A43C-CA0C7B4BBB3A}: NameServer = 85.255.114.69,85.255.112.167
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.69 85.255.112.167
O17 - HKLM\System\CS2\Services\Tcpip\..\{446B2E5B-E73A-4FAE-A43C-CA0C7B4BBB3A}: NameServer = 85.255.114.69,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.69 85.255.112.167
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

moK´s@ · Answer

salut seb,

Télécharge FixWareout d'un de ces deux sites sur le bureau:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

*Poste (Copie/colle) le contenu du rapport qui va s'afficher à l'écran (report.txt) avec un nouveau rapport HijackThis! dans ta prochaine réponse.

seb26 · Answer

Bonjour

voici les logs:

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.5.9, Build 2457. For information, email simplysupsupport@aol.com
[Unregistered version]
Scan started at: 23/08/2007 20:56:31
Using Database v6759
Operating System: Windows XP Professional Service Pack 1 (Build 2600)
Using data directory: C:\Documents and Settings\Administrateur\Application Data\Simply Super Software\Trojan Remover\
Logfile directory:    C:\Documents and Settings\Administrateur\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Running with Administrator privileges


**************************************************
Checking Registry exefile command for modifications
Checking Registry comfile command for modifications
Checking Registry piffile command for modifications
Checking Registry batfile command for modifications
Checking Registry regfile command for modifications
Checking Registry cmdfile command for modifications
Checking Registry scrfile command for modifications

******************************
20:56:31: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

******************************
20:56:31: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

******************************
20:56:31: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

******************************
20:56:32: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Explorer.exe - this entry has been left in place
----------
This key's "Userinit" value calls the following program(s):
C:\WINDOWS\system32\userinit.exe - this entry has been left in place
----------
This key's "System" value appears to be blank
----------
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name = load
The Data Value for this entry appears to be blank
--------------------
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = AdaptecDirectCD
Value Data = C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe - this command has been left in place
--------------------
Value Name = NeroFilterCheck
Value Data = C:\WINDOWS\system32\NeroCheck.exe - this command has been left in place
--------------------
Value Name = NeroCheck
Value Data = C:\WINDOWS\system32\NeroCheck.exe - this command has been left in place
--------------------
Value Name = HPDJ Taskbar Utility
Value Data = C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe - this command has been left in place
--------------------
Value Name = HPHUPD05
Value Data = C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe - this command has been left in place
--------------------
Value Name = HP Component Manager
Value Data = C:\Program Files\HP\hpcoretech\hpcmpmgr.exe - this command has been left in place
--------------------
Value Name = HP Software Update
Value Data = C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe - this command has been left in place
--------------------
Value Name = HPHmon05
Value Data = C:\WINDOWS\System32\hphmon05.exe - this command has been left in place
--------------------
Value Name = mmtask
Value Data = C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe - this command has been left in place
--------------------
Value Name = avast!
Value Data = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe - this command has been left in place
--------------------
Value Name = Adobe Photo Downloader
Value Data = C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe - this command has been left in place
--------------------
Value Name = Picasa Media Detector
Value Data = C:\Program Files\Picasa2\PicasaMediaDetector.exe - this command has been left in place
--------------------
Value Name = SoundMan
Value Data = SOUNDMAN.EXE - this command has been left in place
--------------------
Value Name = TrojanScanner
Value Data = C:\Program Files\Trojan Remover\Trjscan.exe - this program is Trojan Remover's own scan file
--------------------
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = WOOKIT
Value Data = C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx - this command has been left in place [file not found to scan]
--------------------
Value Name = LDM
Value Data = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe - this command has been left in place
--------------------
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty

******************************
20:56:35: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File:      shell32.dll - this file is expected and has been left in place
----------

******************************
20:56:35: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Registry Run Keys Hidden Entries found
----------

******************************
20:56:35: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

******************************
20:56:35: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Checking the StubPath calls in the Active Setup\Installed Components registry keys:
Key=>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
StubPath=C:\WINDOWS\inf\unregmp2.exe - this reference has been left in place
----------
Key=>{26923b43-4d38-484f-9b9e-de460746276c}
StubPath=C:\WINDOWS\system32\shmgrate.exe - this reference has been left in place
----------
Key=>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
StubPath=C:\WINDOWS\system32\shmgrate.exe - this reference has been left in place
----------
Key={2C7339CF-2B09-4501-B3F3-F3508C9228ED}
StubPath=C:\WINDOWS\system32egsvr32.exe - this reference has been left in place
----------
Key={44BBA840-CC51-11CF-AAFA-00AA00B6015C}
StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
----------
Key={7790769C-0471-11d2-AF11-00C04FA35D02}
StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4340}
StubPath=regsvr32.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4383}
StubPath=C:\WINDOWS\system32\ie4uinit.exe - this reference has been left in place
----------

******************************
20:56:37: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Checking DLL files called from the CurrentControlSet\Services Keys:
--------------------
Key=6to4
ServiceDLL=%SystemRoot%\System32\6to4svc.dll - this reference has been left in place
--------------------
Key=Alerter
ServiceDLL=%SystemRoot%\system32\alrsvc.dll - this reference has been left in place
--------------------
Key=AppMgmt
ServiceDLL=%SystemRoot%\System32\appmgmts.dll - this reference has been left in place
--------------------
Key=AudioSrv
ServiceDLL=%SystemRoot%\System32\audiosrv.dll - this reference has been left in place
--------------------
Key=BITS
ServiceDLL=C:\WINDOWS\System32\qmgr.dll - this reference has been left in place
--------------------
Key=Browser
ServiceDLL=%SystemRoot%\System32\browser.dll - this reference has been left in place
--------------------
Key=CryptSvc
ServiceDLL=%SystemRoot%\System32\cryptsvc.dll - this reference has been left in place
--------------------
Key=Dhcp
ServiceDLL=%SystemRoot%\System32\dhcpcsvc.dll - this reference has been left in place
--------------------
Key=dmserver
ServiceDLL=%SystemRoot%\System32\dmserver.dll - this reference has been left in place
--------------------
Key=Dnscache
ServiceDLL=%SystemRoot%\System32\dnsrslvr.dll - this reference has been left in place
--------------------
Key=ERSvc
ServiceDLL=%SystemRoot%\System32\ersvc.dll - this reference has been left in place
--------------------
Key=EventSystem
ServiceDLL=C:\WINDOWS\System32\es.dll - this reference has been left in place
--------------------
Key=FastUserSwitchingCompatibility
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=helpsvc
ServiceDLL=%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll - this reference has been left in place
--------------------
Key=HidServ
ServiceDLL=%SystemRoot%\System32\hidserv.dll - this file is globally excluded (file cannot be found)
--------------------
Key=lanmanserver
ServiceDLL=%SystemRoot%\System32\srvsvc.dll - this reference has been left in place
--------------------
Key=lanmanworkstation
ServiceDLL=%SystemRoot%\System32\wkssvc.dll - this reference has been left in place
--------------------
Key=LmHosts
ServiceDLL=%SystemRoot%\System32\lmhsvc.dll - this reference has been left in place
--------------------
Key=Messenger
ServiceDLL=%SystemRoot%\System32\msgsvc.dll - this reference has been left in place
--------------------
Key=Netman
ServiceDLL=%SystemRoot%\System32
etman.dll - this reference has been left in place
--------------------
Key=Nla
ServiceDLL=%SystemRoot%\System32\mswsock.dll - this reference has been left in place
--------------------
Key=NtmsSvc
ServiceDLL=%SystemRoot%\system32
tmssvc.dll - this reference has been left in place
--------------------
Key=NwSapAgent
ServiceDLL=%SystemRoot%\System32\ipxsap.dll - this reference has been left in place
--------------------
Key=RasAuto
ServiceDLL=%SystemRoot%\System32asauto.dll - this reference has been left in place
--------------------
Key=RasMan
ServiceDLL=%SystemRoot%\System32asmans.dll - this reference has been left in place
--------------------
Key=RemoteAccess
ServiceDLL=%SystemRoot%\System32\mprdim.dll - this reference has been left in place
--------------------
Key=RemoteRegistry
ServiceDLL=%SystemRoot%\system32egsvc.dll - this reference has been left in place
--------------------
Key=RpcSs
ServiceDLL=%SystemRoot%\system32pcss.dll - this reference has been left in place
--------------------
Key=Schedule
ServiceDLL=%SystemRoot%\system32\schedsvc.dll - this reference has been left in place
--------------------
Key=seclogon
ServiceDLL=%SystemRoot%\System32\seclogon.dll - this reference has been left in place
--------------------
Key=SENS
ServiceDLL=%SystemRoot%\system32\sens.dll - this reference has been left in place
--------------------
Key=SharedAccess
ServiceDLL=%SystemRoot%\System32\ipnathlp.dll - this reference has been left in place
--------------------
Key=ShellHWDetection
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=srservice
ServiceDLL=C:\WINDOWS\System32\srsvc.dll - this reference has been left in place
--------------------
Key=SSDPSRV
ServiceDLL=%SystemRoot%\System32\ssdpsrv.dll - this reference has been left in place
--------------------
Key=stisvc
ServiceDLL=%SystemRoot%\system32\wiaservc.dll - this reference has been left in place
--------------------
Key=TapiSrv
ServiceDLL=%SystemRoot%\System32	apisrv.dll - this reference has been left in place
--------------------
Key=TermService
ServiceDLL=%SystemRoot%\System32	ermsrv.dll - this reference has been left in place
--------------------
Key=Themes
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=TrkWks
ServiceDLL=%SystemRoot%\system32	rkwks.dll - this reference has been left in place
--------------------
Key=uploadmgr
ServiceDLL=%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll - this reference has been left in place
--------------------
Key=upnphost
ServiceDLL=%SystemRoot%\System32\upnphost.dll - this reference has been left in place
--------------------
Key=W32Time
ServiceDLL=C:\WINDOWS\System32\w32time.dll - this reference has been left in place
--------------------
Key=WebClient
ServiceDLL=%SystemRoot%\System32\webclnt.dll - this reference has been left in place
--------------------
Key=winmgmt
ServiceDLL=%SystemRoot%\system32\wbem\WMIsvc.dll - this reference has been left in place
--------------------
Key=WmdmPmSN
ServiceDLL=C:\WINDOWS\System32\MsPMSNSv.dll - this reference has been left in place
--------------------
Key=Wmi
ServiceDLL=%SystemRoot%\System32\advapi32.dll - this reference has been left in place
--------------------
Key=wuauserv
ServiceDLL=C:\WINDOWS\System32\wuauserv.dll - this reference has been left in place
--------------------
Key=WZCSVC
ServiceDLL=%SystemRoot%\System32\wzcsvc.dll - this reference has been left in place

******************************
20:56:45: Scanning ----- SERVICES REGISTRY KEYS -----
Checking files called from the CurrentControlSet\Services Keys:
Key=61883
ImagePath=System32\DRIVERS\61883.sys - this reference has been left in place
----------
Key=aawservice
ImagePath="C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe" - this reference has been left in place
----------
Key=ACPI
ImagePath=System32\DRIVERS\ACPI.sys - this reference has been left in place
----------
Key=aec
ImagePath=system32\drivers\aec.sys - this reference has been left in place
----------
Key=AFD
ImagePath=\SystemRoot\System32\drivers\afd.sys - this reference has been left in place
----------
Key=ALCXWDM
ImagePath=system32\drivers\ALCXWDM.SYS - this reference has been left in place
----------
Key=ALG
ImagePath=%SystemRoot%\System32\alg.exe - this reference has been left in place
----------
Key=AmdK7
ImagePath=System32\DRIVERS\amdk7.sys - this reference has been left in place
----------
Key=Arp1394
ImagePath=System32\DRIVERS\arp1394.sys - this reference has been left in place
----------
Key=Aspi32
ImagePath=System32\drivers\aspi32.sys - this reference has been left in place
----------
Key=aswUpdSv
ImagePath="C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" - this reference has been left in place
----------
Key=AsyncMac
ImagePath=System32\DRIVERS\asyncmac.sys - this reference has been left in place
----------
Key=atapi
ImagePath=System32\DRIVERS\atapi.sys - this reference has been left in place
----------
Key=Atmarpc
ImagePath=System32\DRIVERS\atmarpc.sys - this reference has been left in place
----------
Key=audstub
ImagePath=System32\DRIVERS\audstub.sys - this reference has been left in place
----------
Key=avast! Antivirus
ImagePath="C:\Program Files\Alwil Software\Avast4\ashServ.exe" - this reference has been left in place
----------
Key=avast! Mail Scanner
ImagePath="C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service - this reference has been left in place
----------
Key=avast! Web Scanner
ImagePath="C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service - this reference has been left in place
----------
Key=Avc
ImagePath=System32\DRIVERS\avc.sys - this reference has been left in place
----------
Key=Bridge
ImagePath=System32\DRIVERS\bridge.sys - this reference has been left in place
----------
Key=BridgeMP
ImagePath=System32\DRIVERS\bridge.sys - this reference has been left in place
----------
Key=CCDECODE
ImagePath=System32\DRIVERS\CCDECODE.sys - this reference has been left in place
----------
Key=Cdrom
ImagePath=System32\DRIVERS\cdrom.sys - this reference has been left in place
----------
Key=CiSvc
ImagePath=%SystemRoot%\system32\cisvc.exe - this reference has been left in place
----------
Key=ClipSrv
ImagePath=%SystemRoot%\system32\clipsrv.exe - this reference has been left in place
----------
Key=cmuda
ImagePath=system32\drivers\cmuda.sys - this reference has been left in place [file not found to scan]
----------
Key=COMSysApp
ImagePath=C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} - this reference has been left in place
----------
Key=Disk
ImagePath=System32\DRIVERS\disk.sys - this reference has been left in place
----------
Key=dmadmin
ImagePath=%SystemRoot%\System32\dmadmin.exe /com - this reference has been left in place
----------
Key=dmboot
ImagePath=System32\drivers\dmboot.sys - this reference has been left in place
----------
Key=dmio
ImagePath=System32\drivers\dmio.sys - this reference has been left in place
----------
Key=dmload
ImagePath=System32\drivers\dmload.sys - this reference has been left in place
----------
Key=DMusic
ImagePath=system32\drivers\DMusic.sys - this reference has been left in place
----------
Key=drmkaud
ImagePath=system32\drivers\drmkaud.sys - this reference has been left in place
----------
Key=Eventlog
ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place
----------
Key=FA312
ImagePath=System32\DRIVERS\FA312nd5.sys - this reference has been left in place
----------
Key=Fdc
ImagePath=System32\DRIVERS\fdc.sys - this reference has been left in place
----------
Key=FETND5BV
ImagePath=System32\DRIVERS\fetnd5bv.sys - this reference has been left in place
----------
Key=Flpydisk
ImagePath=System32\DRIVERS\flpydisk.sys - this reference has been left in place
----------
Key=Ftdisk
ImagePath=System32\DRIVERS\ftdisk.sys - this reference has been left in place
----------
Key=gameenum
ImagePath=System32\DRIVERS\gameenum.sys - this reference has been left in place
----------
Key=Gpc
ImagePath=System32\DRIVERS\msgpc.sys - this reference has been left in place
----------
Key=gusvc
ImagePath="C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" - this reference has been left in place
----------
Key=HidUsb
ImagePath=System32\DRIVERS\hidusb.sys - this reference has been left in place
----------
Key=HPZid412
ImagePath=System32\DRIVERS\HPZid412.sys - this reference has been left in place
----------
Key=HPZipr12
ImagePath=System32\DRIVERS\HPZipr12.sys - this reference has been left in place
----------
Key=HPZius12
ImagePath=System32\DRIVERS\HPZius12.sys - this reference has been left in place
----------
Key=i8042prt
ImagePath=System32\DRIVERS\i8042prt.sys - this reference has been left in place
----------
Key=Imapi
ImagePath=System32\DRIVERS\imapi.sys - this reference has been left in place
----------
Key=ImapiService
ImagePath=C:\WINDOWS\System32\imapi.exe - this reference has been left in place
----------
Key=IpFilterDriver
ImagePath=System32\DRIVERS\ipfltdrv.sys - this reference has been left in place
----------
Key=IpInIp
ImagePath=System32\DRIVERS\ipinip.sys - this reference has been left in place
----------
Key=IpNat
ImagePath=System32\DRIVERS\ipnat.sys - this reference has been left in place
----------
Key=IPSec
ImagePath=System32\DRIVERS\ipsec.sys - this reference has been left in place
----------
Key=IRENUM
ImagePath=System32\DRIVERS\irenum.sys - this reference has been left in place
----------
Key=isapnp
ImagePath=System32\DRIVERS\isapnp.sys - this reference has been left in place
----------
Key=Kbdclass
ImagePath=System32\DRIVERS\kbdclass.sys - this reference has been left in place
----------
Key=kmixer
ImagePath=system32\drivers\kmixer.sys - this reference has been left in place
----------
Key=L8042Kbd
ImagePath=System32\DRIVERS\L8042Kbd.sys - this reference has been left in place
----------
Key=L8042mou
ImagePath=System32\DRIVERS\L8042mou.Sys - this reference has been left in place
----------
Key=LMouKE
ImagePath=System32\DRIVERS\LMouKE.Sys - this reference has been left in place
----------
Key=mnmsrvc
ImagePath=C:\WINDOWS\System32\mnmsrvc.exe - this reference has been left in place
----------
Key=MODEMCSA
ImagePath=system32\drivers\MODEMCSA.sys - this reference has been left in place
----------
Key=Mouclass
ImagePath=System32\DRIVERS\mouclass.sys - this reference has been left in place
----------
Key=mouhid
ImagePath=System32\DRIVERS\mouhid.sys - this reference has been left in place
----------
Key=MRxDAV
ImagePath=System32\DRIVERS\mrxdav.sys - this reference has been left in place
----------
Key=MRxSmb
ImagePath=System32\DRIVERS\mrxsmb.sys - this reference has been left in place
----------
Key=MSDTC
ImagePath=C:\WINDOWS\System32\msdtc.exe - this reference has been left in place
----------
Key=MSDV
ImagePath=System32\DRIVERS\msdv.sys - this reference has been left in place
----------
Key=MSIServer
ImagePath=C:\WINDOWS\System32\msiexec.exe /V - this reference has been left in place
----------
Key=MSKSSRV
ImagePath=system32\drivers\MSKSSRV.sys - this reference has been left in place
----------
Key=MSPCLOCK
ImagePath=system32\drivers\MSPCLOCK.sys - this reference has been left in place
----------
Key=MSPQM
ImagePath=system32\drivers\MSPQM.sys - this reference has been left in place
----------
Key=MSTEE
ImagePath=system32\drivers\MSTEE.sys - this reference has been left in place
----------
Key=ms_mpu401
ImagePath=system32\drivers\msmpu401.sys - this reference has been left in place
----------
Key=NABTSFEC
ImagePath=System32\DRIVERS\NABTSFEC.sys - this reference has been left in place
----------
Key=NdisIP
ImagePath=System32\DRIVERS\NdisIP.sys - this reference has been left in place
----------
Key=NdisTapi
ImagePath=System32\DRIVERS
distapi.sys - this reference has been left in place
----------
Key=Ndisuio
ImagePath=System32\DRIVERS
disuio.sys - this reference has been left in place
----------
Key=NdisWan
ImagePath=System32\DRIVERS
diswan.sys - this reference has been left in place
----------
Key=NetBIOS
ImagePath=System32\DRIVERS
etbios.sys - this reference has been left in place
----------
Key=NetBT
ImagePath=System32\DRIVERS
etbt.sys - this reference has been left in place
----------
Key=NetDDE
ImagePath=%SystemRoot%\system32
etdde.exe - this reference has been left in place
----------
Key=NetDDEdsdm
ImagePath=%SystemRoot%\system32
etdde.exe - this reference has been left in place
----------
Key=Netlogon
ImagePath=%SystemRoot%\System32\lsass.exe - this reference has been left in place
----------
Key=NIC1394
ImagePath=System32\DRIVERS
ic1394.sys - this reference has been left in place
----------
Key=nm
ImagePath=System32\DRIVERS\NMnt.sys - this reference has been left in place
----------
Key=NtLmSsp
ImagePath=%SystemRoot%\System32\lsass.exe - this reference has been left in place
----------
Key=nv
ImagePath=System32\DRIVERS
v4_mini.sys - this reference has been left in place
----------
Key=NwlnkFlt
ImagePath=System32\DRIVERS
wlnkflt.sys - this reference has been left in place
----------
Key=NwlnkFwd
ImagePath=System32\DRIVERS
wlnkfwd.sys - this reference has been left in place
----------
Key=NwlnkIpx
ImagePath=System32\DRIVERS
wlnkipx.sys - this reference has been left in place
----------
Key=NwlnkNb
ImagePath=System32\DRIVERS
wlnknb.sys - this reference has been left in place
----------
Key=NwlnkSpx
ImagePath=System32\DRIVERS
wlnkspx.sys - this reference has been left in place
----------
Key=ohci1394
ImagePath=System32\DRIVERS\ohci1394.sys - this reference has been left in place
----------
Key=Parport
ImagePath=System32\DRIVERS\parport.sys - this reference has been left in place
----------
Key=PCAMPR5
ImagePath=\??\C:\WINDOWS\System32\PCAMPR5.SYS - this reference has been left in place [file not found to scan]
----------
Key=PCANDIS5
ImagePath=\??\C:\WINDOWS\System32\PCANDIS5.SYS - this reference has been left in place
----------
Key=PCI
ImagePath=System32\DRIVERS\pci.sys - this reference has been left in place
----------
Key=PCIIde
ImagePath=System32\DRIVERS\pciide.sys - this reference has been left in place
----------
Key=pfc
ImagePath=system32\drivers\pfc.sys - this reference has been left in place
----------
Key=PlugPlay
ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place
----------
Key=Pml Driver HPZ12
ImagePath=C:\WINDOWS\System32\HPZipm12.exe - this reference has been left in place
----------
Key=PolicyAgent
ImagePath=%SystemRoot%\System32\lsass.exe - this reference has been left in place
----------
Key=PptpMiniport
ImagePath=System32\DRIVERSaspptp.sys - this reference has been left in place
----------
Key=ProtectedStorage
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=PSched
ImagePath=System32\DRIVERS\psched.sys - this reference has been left in place
----------
Key=Ptilink
ImagePath=System32\DRIVERS\ptilink.sys - this reference has been left in place
----------
Key=PxHelp20
ImagePath=System32\Drivers\PxHelp20.sys - this reference has been left in place
----------
Key=RasAcd
ImagePath=System32\DRIVERSasacd.sys - this reference has been left in place
----------
Key=Rasl2tp
ImagePath=System32\DRIVERSasl2tp.sys - this reference has been left in place
----------
Key=RasPppoe
ImagePath=System32\DRIVERSaspppoe.sys - this reference has been left in place
----------
Key=Raspti
ImagePath=System32\DRIVERSaspti.sys - this reference has been left in place
----------
Key=Rdbss
ImagePath=System32\DRIVERSdbss.sys - this reference has been left in place
----------
Key=RDPCDD
ImagePath=System32\DRIVERS\RDPCDD.sys - this reference has been left in place
----------
Key=rdpdr
ImagePath=System32\DRIVERSdpdr.sys - this reference has been left in place
----------
Key=RDSessMgr
ImagePath=C:\WINDOWS\system32\sessmgr.exe - this reference has been left in place
----------
Key=redbook
ImagePath=System32\DRIVERSedbook.sys - this reference has been left in place
----------
Key=RpcLocator
ImagePath=%SystemRoot%\System32\locator.exe - this reference has been left in place
----------
Key=RSVP
ImagePath=%SystemRoot%\System32svp.exe - this reference has been left in place
----------
Key=rtl8139
ImagePath=System32\DRIVERS\RTL8139.SYS - this reference has been left in place
----------
Key=SamSs
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=SCardDrv
ImagePath=%SystemRoot%\System32\SCardSvr.exe - this reference has been left in place
----------
Key=SCardSvr
ImagePath=%SystemRoot%\System32\SCardSvr.exe - this reference has been left in place
----------
Key=Secdrv
ImagePath=System32\DRIVERS\secdrv.sys - this reference has been left in place
----------
Key=serenum
ImagePath=System32\DRIVERS\serenum.sys - this reference has been left in place
----------
Key=Serial
ImagePath=System32\DRIVERS\serial.sys - this reference has been left in place
----------
Key=sisagp
ImagePath=System32\DRIVERS\sisagp.sys - this reference has been left in place
----------
Key=SLIP
ImagePath=System32\DRIVERS\SLIP.sys - this reference has been left in place
----------
Key=SONYPVU1
ImagePath=System32\DRIVERS\SONYPVU1.SYS - this reference has been left in place
----------
Key=splitter
ImagePath=system32\drivers\splitter.sys - this reference has been left in place
----------
Key=Spooler
ImagePath=%SystemRoot%\system32\spoolsv.exe - this reference has been left in place
----------
Key=sr
ImagePath=System32\DRIVERS\sr.sys - this reference has been left in place
----------
Key=Srv
ImagePath=System32\DRIVERS\srv.sys - this reference has been left in place
----------
Key=streamip
ImagePath=System32\DRIVERS\StreamIP.sys - this reference has been left in place
----------
Key=swenum
ImagePath=System32\DRIVERS\swenum.sys - this reference has been left in place
----------
Key=swmidi
ImagePath=system32\drivers\swmidi.sys - this reference has been left in place
----------
Key=SwPrv
ImagePath=C:\WINDOWS\System32\dllhost.exe /Processid:{4E5115DF-FB26-458A-8919-086025D90C6C} - this reference has been left in place
----------
Key=sysaudio
ImagePath=system32\drivers\sysaudio.sys - this reference has been left in place
----------
Key=SysmonLog
ImagePath=%SystemRoot%\system32\smlogsvc.exe - this reference has been left in place
----------
Key=Tcpip
ImagePath=System32\DRIVERS	cpip.sys - this reference has been left in place
----------
Key=Tcpip6
ImagePath=System32\DRIVERS	cpip6.sys - this reference has been left in place
----------
Key=TermDD
ImagePath=System32\DRIVERS	ermdd.sys - this reference has been left in place
----------
Key=TlntSvr
ImagePath=C:\WINDOWS\System32	lntsvr.exe - this reference has been left in place
----------
Key=UMWdf
ImagePath=C:\WINDOWS\System32\wdfmgr.exe - this reference has been left in place
----------
Key=Update
ImagePath=System32\DRIVERS\update.sys - this reference has been left in place
----------
Key=UPS
ImagePath=%SystemRoot%\System32\ups.exe - this reference has been left in place
----------
Key=usbccgp
ImagePath=System32\DRIVERS\usbccgp.sys - this reference has been left in place
----------
Key=usbhub
ImagePath=System32\DRIVERS\usbhub.sys - this reference has been left in place
----------
Key=usbohci
ImagePath=System32\DRIVERS\usbohci.sys - this reference has been left in place
----------
Key=usbprint
ImagePath=System32\DRIVERS\usbprint.sys - this reference has been left in place
----------
Key=usbscan
ImagePath=System32\DRIVERS\usbscan.sys - this reference has been left in place
----------
Key=USBSTOR
ImagePath=System32\DRIVERS\USBSTOR.SYS - this reference has been left in place
----------
Key=usnjsvc
ImagePath=C:\Program Files\MSN Messenger\usnsvc.exe - this reference has been left in place
----------
Key=VgaSave
ImagePath=\SystemRoot\System32\drivers\vga.sys - this reference has been left in place
----------
Key=VSS
ImagePath=%SystemRoot%\System32\vssvc.exe - this reference has been left in place
----------
Key=Wanarp
ImagePath=System32\DRIVERS\wanarp.sys - this reference has been left in place
----------
Key=wdmaud
ImagePath=system32\drivers\wdmaud.sys - this reference has been left in place
----------
Key=WmiApSrv
ImagePath=C:\WINDOWS\System32\wbem\wmiapsrv.exe - this reference has been left in place
----------
Key=WSTCODEC
ImagePath=System32\DRIVERS\WSTCODEC.SYS - this reference has been left in place
----------

******************************
20:58:49: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:
VxD Key = JAVASUP
Vxd = JAVASUP.VXD - this command has been left in place
---------
Checking VMM32 VxD files being loaded

******************************
20:58:50: Scanning ----- WINLOGON\NOTIFY DLLS -----
Checking DLLs called from the Winlogon\Notify key:
Key=crypt32chain
DLLName=crypt32.dll - this reference has been left in place
----------
Key=cryptnet
DLLName=cryptnet.dll - this reference has been left in place
----------
Key=cscdll
DLLName=cscdll.dll - this reference has been left in place
----------
Key=ScCertProp
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=Schedule
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=sclgntfy
DLLName=sclgntfy.dll - this reference has been left in place
----------
Key=SensLogn
DLLName=WlNotify.dll - this reference has been left in place
----------
Key=termsrv
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=wlballoon
DLLName=wlnotify.dll - this reference has been left in place
----------

******************************
20:58:51: Scanning ----- CONTEXTMENUHANDLERS -----
Key = avast
CLSID = {472083B0-C522-11CF-8763-00608CC02F24}
C:\Program Files\Alwil Software\Avast4\ashShell.dll - this ContextMenuHandler has been left in place
----------
Key = Offline Files
CLSID = {750fdf0e-2a26-11d1-a3ea-080036587f03}
%SystemRoot%\System32\cscui.dll - this ContextMenuHandler has been left in place
----------
Key = Open With
CLSID = {09799AFB-AD67-11d1-ABCD-00C04FC30936}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------
Key = Open With EncryptionMenu
CLSID = {A470F8CF-A1E8-4f65-8335-227475AA5C46}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------
Key = Trojan Remover
CLSID = {52B87208-9CCF-42C9-B88E-069281105805}
C:\PROGRA~1\TROJAN~1\Trshlex.dll - this ContextMenuHandler has been left in place
----------
Key = {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------

******************************
20:58:52: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key = {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {24F14F01-7B1C-11d1-838f-0000F80461CF}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {24F14F02-7B1C-11d1-838f-0000F80461CF}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {66742402-F9B9-11D1-A202-0000F81FEDEE}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {F9DB5320-233E-11D1-9F84-707F02C10627}
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll - this Folder\ColumnHandler has been left in place
----------

******************************
20:58:52: Scanning ----- BROWSER HELPER OBJECTS -----
Key = {9030D464-4C02-4ABF-8ECC-5164760863C6}
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - this Browser Helper Object has been left in place
----------
Key = {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
C:\Program Files\Windows Live Toolbar\msntb.dll - this Browser Helper Object has been left in place
----------

******************************
20:58:53: Scanning ----- SHELLSERVICEOBJECTS -----
Key = PostBootReminder
%SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place
----------
Key = CDBurn
%SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place
----------
Key = WebCheck
%SystemRoot%\System32\webcheck.dll - this ShellServiceObject has been left in place
----------
Key = SysTray
C:\WINDOWS\System32\stobject.dll - this ShellServiceObject has been left in place
----------

******************************
20:58:53: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
Value = {438755C2-A8BA-11D1-B96B-00A0C90312E1}
Comment = Pré-chargeur Browseui
File: %SystemRoot%\System32\browseui.dll - this SharedTaskScheduler entry has been left in place
----------
Value = {8C7461EF-2B13-11d2-BE35-3078302C2030}
Comment = Démon de cache des catégories de composant
File: %SystemRoot%\System32\browseui.dll - this SharedTaskScheduler entry has been left in place
----------

******************************
20:58:53: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

******************************
20:58:53: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank

******************************
20:58:53: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
Adobe Gamma Loader.exe.lnk - this links to C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe and has been left in place
--------------------
Adobe Reader Synchronizer.lnk - this links to C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe and has been left in place
--------------------
desktop.ini - this file is expected and has been left in place
--------------------
Démarrage d'Office.lnk - this links to C:\Program Files\Microsoft Office\Office\OSA.EXE and has been left in place
--------------------
InterVideo WinCinema Manager.lnk - this links to C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe and has been left in place
--------------------
Lancement rapide d'Adobe Reader.lnk - this links to C:\Program Files\Adobe\Reader 8.0\Readereader_sl.exe and has been left in place
--------------------
Logitech Desktop Messenger.lnk - this links to C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe and has been left in place
--------------------
Logitech SetPoint.lnk - this links to C:\Program Files\Logitech\SetPoint\SetPoint.exe and has been left in place
--------------------
Microsoft Recherche accélérée.lnk - this links to C:\Program Files\Microsoft Office\Office\FINDFAST.EXE and has been left in place
--------------------

******************************
No User Startup Groups were located to check

******************************
20:58:55: Scanning ----- SCHEDULED TASKS -----

******************************
20:58:55: ----- EXTRA CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------

******************************
20:58:55: Scanning ------ DOWNLOADED PROGRAM FILES ------
The following files are located in the DOWNLOADED PROGRAM FILES directory:
C:\WINDOWS\Downloaded Program Files\desktop.ini - this file is expected and has been left in place
C:\WINDOWS\Downloaded Program Files\erma.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd - this file has been left in place

******************************
20:58:56: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
--------------------
C:\Program Files\Alwil Software\Avast4\ashServ.exe
--------------------
C:\WINDOWS\Explorer.EXE
--------------------
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
--------------------
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
--------------------
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
--------------------
C:\WINDOWS\System32\hphmon05.exe
--------------------
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
--------------------
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
--------------------
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
--------------------
C:\Program Files\Picasa2\PicasaMediaDetector.exe
--------------------
C:\WINDOWS\SOUNDMAN.EXE
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\Program Files\Microsoft Office\Office\OSA.EXE
--------------------
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
--------------------
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
--------------------
C:\Program Files\Logitech\SetPoint\SetPoint.exe
--------------------
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
--------------------
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
--------------------
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\WINDOWS\System32\wdfmgr.exe
--------------------
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
--------------------
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
--------------------
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
--------------------
G:	rsetup.exe
--------------------
C:\Temp\is-8007V.tmp\is-BI6UQ.tmp
--------------------
C:\Program Files\Trojan Remover	rupd.exe
--------------------
C:\Documents and Settings\Administrateur\Application Data\Simply Super Software\Trojan Remover\dor4.exe
FileSize:          1 782 336
[This is a Trojan Remover component]
--------------------

******************************
20:59:06: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

******************************
20:59:06: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\System32
No malicious entries were found in the AUTOEXEC.NT file

******************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.google.fr/?gws_rd=ssl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

******************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 23/08/2007 20:59:06
************************************************************





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:00:34, on 23/08/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe"  /startintray
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: Registration-Studio 8 SE.lnk = C:\Program Files\Pinnacle\Studio 8\Register\RegTool.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Readereader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{446B2E5B-E73A-4FAE-A43C-CA0C7B4BBB3A}: NameServer = 85.255.114.69,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DDA94AF-F8A0-483C-8DBF-A63271A4156F}: NameServer = 85.255.114.69,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D204219-723A-4270-A87D-55F41CAB72C2}: NameServer = 85.255.114.69,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF733837-0193-46DD-89E8-B312955D5F91}: NameServer = 85.255.114.69,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\..\{E16A0E6C-548C-4E2E-B43E-1ABC4C56DB69}: NameServer = 85.255.114.69,85.255.112.167
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.69 85.255.112.167
O17 - HKLM\System\CS1\Services\Tcpip\..\{446B2E5B-E73A-4FAE-A43C-CA0C7B4BBB3A}: NameServer = 85.255.114.69,85.255.112.167
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.69 85.255.112.167
O17 - HKLM\System\CS2\Services\Tcpip\..\{446B2E5B-E73A-4FAE-A43C-CA0C7B4BBB3A}: NameServer = 85.255.114.69,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.69 85.255.112.167
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

moK´s@ · Answer

salut seb26,

Télécharge LSPfix ici :
http://www.cexx.org/LSPFix.exe

Lance LSPfix et agrandis la fenêtre qui, par défaut, est trop petite et fait apparaître les ascenseurs horizontaux et verticaux, masquant un bouton.
Déconnecte toi d'Internet et ferme toutes les instances (fenêtres) Internet Explorer.
Coche la case "I know what I'm doing" ("Je sais ce que je fais" ).
Sélectionne toutes les instances de la dll suivantes :

nwprovau.dll

et fais les glisser du panneau de gauche, appelé "keep" au panneau de droite, appelé "Remove".

Clique sur le bouton [Finish].

Redémarre l'ordinateur. Remet un log Hijack pour vérifier si la ligne 010 à disparue.

@+

seb26 · Answer

merci pour tes réponses
j'essaierais ce soir à la maison
je transmettrais la réponse demain matin car je ne peux plus aller sur le site commentcamarche sur mon pc à la maison
d'autres site comme Orange ne sont plus accessible également
j'espère pouvoir résoudre ce problème
je me demande s'il ne vaut pas mieux formater le disque dur !

moK´s@ · Answer

salut seb,

il ne faut pas desesperer si vite, passe lspfix et post le rapport...

seb26 · Answer

Bonjour,

voici le log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:33:37, on 27/08/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] "C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TrojanScanner] "C:\Program Files\Trojan Remover\Trjscan.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [WOOKIT] "C:\PROGRA~1\Wanadoo\Shell.exe" appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - Startup: Registration-Studio 8 SE.lnk = C:\Program Files\Pinnacle\Studio 8\Register\RegTool.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

seb26 · Answer

apres avoir passer LSPFix, ma connexion Internet ne fonctionne plus !

seb26 · Answer

Bonjour,
qqu'un peut-il analyser ces log

merci d'avance

moK´s@ · Answer

salut seb26,

pour retrouver ta connection passe ceci :

* Télécharge combofix.exe (par sUBs) sur ton Bureau.

http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe     

* Double clique combofix.exe.
* Tape sur la touche 1 (Yes) pour démarrer le scan.
* Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 


NOTE : Le rapport se trouve également ici : C:\Combofix.txt

@+

seb26 · Answer

Bonjour
j'ai retrouvé la connexion hier soir
est-ce que je dois tout de même passer combofix.exe ?

j'ai toujours le même problème, cad google me trouve bien les sites recherchés mais lorsque je séléctionne le site, la page n'apparait pas !
(ex de site: commentca marche, orange ...)

est-ce que ce ne serait pas du à ma connexion, paramètrage de la livebox, internet explorer 6 ?

merci

moK´s@ · Answer

salut seb26,

A mon avis ca n´apas pas grands chose avoir avec la livebox, par contre tu peux passer a la version 7.0 d´internet explorer, ou firefox, pour lutter contre les failles de sécurités...

j´aimerais quand meme que tu passe combofix, il va réignaliser les connextions, tu n´auras apres sont passgae qu´a remettre ta page d´accueil dans tes options internet...

post le rapport une fois terminé...

@+

seb26 · Answer

Bonjour 

voici le log de combofix

[code]
2005-03-18 15:56      535    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\ADMINI~1\Bureau\Internet Explorer.lnk.vir
2007-07-08 21:23      15399    --a------    C:\Qoobox\Quarantine\C\ComboFix\FProps.vbs.vir
2007-08-30 20:31      0    --a------    C:\Qoobox\BackEnv\PROGRAMS.folder.cf
2007-08-30 20:31      0    --a------    C:\Qoobox\BackEnv\START MENU.folder.cf
2007-08-30 20:31      0    --a------    C:\Qoobox\BackEnv\STARTUP.folder.cf
2007-08-30 20:31      0    --a------    C:\Qoobox\BackEnv\TEMPLATES.folder.cf
2007-08-30 20:31      102    --a------    C:\Qoobox\BackEnv\DESKTOP.folder.cf
2007-08-30 20:31      105    --a------    C:\Qoobox\BackEnv\FAVORITES.folder.cf
2007-08-30 20:31      147    --a------    C:\Qoobox\BackEnv\profiles.folder.cf
2007-08-30 20:31      155    --a------    C:\Qoobox\BackEnv\APPDATA.folder.cf
2007-08-30 20:31      160    --a------    C:\Qoobox\BackEnv\LOCAL APPDATA.folder.cf
2007-08-30 20:31      170    --a------    C:\Qoobox\BackEnv\LOCAL SETTINGS.folder.cf
2007-08-30 20:31      215    --a------    C:\Qoobox\BackEnv\CACHE.folder.cf
2007-08-30 20:31      2668    --a------    C:\Qoobox\BackEnv\setpath.bat
2007-08-30 20:31      40    --a------    C:\Qoobox\BackEnv\MY PICTURES.folder.cf
2007-08-30 20:31      62    --a------    C:\Qoobox\BackEnv\PERSONAL.folder.cf
2007-08-30 20:35      1060    --a------    C:\Qoobox\Quarantine\Registry_backups\LEGACY_NWSAPAGENT.reg.cf
2007-08-30 20:35      3634    --a------    C:\Qoobox\Quarantine\Registry_backups\services_NwSapAgent.reg.cf
2007-08-30 20:40      396621    --a------    C:\Qoobox\snapshot_2007-08-30_204027.40.cf


Structure du dossier pour le volume Disque local
Le num‚ro de s‚rie du volume est 71F1E346 0460:846A
C:\QOOBOX
|   snapshot_2007-08-30_204027.40.cf
|   
+---BackEnv
|       APPDATA.folder.cf
|       CACHE.folder.cf
|       DESKTOP.folder.cf
|       FAVORITES.folder.cf
|       LOCAL APPDATA.folder.cf
|       LOCAL SETTINGS.folder.cf
|       MY PICTURES.folder.cf
|       PERSONAL.folder.cf
|       profiles.folder.cf
|       PROGRAMS.folder.cf
|       setpath.bat
|       START MENU.folder.cf
|       STARTUP.folder.cf
|       TEMPLATES.folder.cf
|       
\---Quarantine
    +---C
    |   +---ComboFix
    |   |       FProps.vbs.vir
    |   |       
    |   \---DOCUME~1
    |       \---ADMINI~1
    |           \---Bureau
    |                   Internet Explorer.lnk.vir
    |                   
    \---Registry_backups
            LEGACY_NWSAPAGENT.reg.cf
            services_NwSapAgent.reg.cf
            
[/code]


comment coller une image car j'ai fait une impression d'écran de la zone quarantaine d'Avast mais ke n'arrive pas à la joindre!

j'ai eu une alerte en lançant combofix , avast a trouvé :cfiles.cf  sous C:\combofix  virus Win32:Dadobra-EY [Trj]

les autres virus sont sous C:\Temp     Win32:Small-gen2 [Trj]
et 1 sous C:\System Volume Information    Win32:Downloader-FY [Trj]


merci pour ton analyse

mika903 · Answer

looooooool

moK´s@ · Answer

salut seb

le rapport de combofix n´est pas complet... mais il a bien travaillé apparament

pour realiser une capture d´ecran  :

http://www.archive-host.com/

tu fais une copie d´ecran et tu fais un jpeg sous paint par exemple et tu le host avec archive host...

pour les virus en zone temporaire fais ceci :

nettoie tes fichiers temporaires avec ceci : atf cleaner, regarde le tuto...

https://freewares-tutos.blogspot.com/2006/10/atf-cleaner.html

et pour ceux qui sont dans la restauration system :

¤Désactive ta restauration système:
Clic droit sur poste de travail puis,
propriété, tu clique sur onglet restauration système
tu coche la case désactiver la restauration et applique
puis tu redemarre et fais l´inverse tu la remet 

puis

* télécharge AVG Anti-Spyware (ewido)

https://www.avg.com/en-ww/free-antivirus-download
http://www.infos-du-net.com/telecharger/Ewido-Security-Suite,0301-734.html

* tu l'installes

* lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente
si tu n'arrives pas à le mettre à jour prends ici les màj

http://downloads.ewido.net/avgas-signatures-full-current.exe

Sur la page "analyse":

•- tu choisis d'abord l'onglet "paramètres".
- sous « Comment réagir » clic sur « Actions recommandées » et dans le menu déroulant, choisir « Supprimer » 

Copie Et colle le rapport ici 

Ps : une fois le scan terminé tu supprime bien tout ce qu´il a trouvé

@+

mika903 · Answer

okkkkkkkkkk

moK´s@ · Answer

mika c´est bien de participer, mais pas de cette facon!?!

seb26 · Answer

Bonjour

merci pour les infos je fais tout ça ce soir

@+

seb26 · Answer

Bonjour,

voici le rapport AVG

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	21:38:24 03/09/2007

 + Résultat de l'analyse:	



:mozilla.9:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\inj0zhcd.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.56:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\inj0zhcd.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise.
:mozilla.57:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\inj0zhcd.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise.
:mozilla.55:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\inj0zhcd.default\cookies.txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
:mozilla.29:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\inj0zhcd.default\cookies.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
:mozilla.10:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\inj0zhcd.default\cookies.txt -> TrackingCookie.Paypal : Aucune action entreprise.
:mozilla.30:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\inj0zhcd.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.32:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\inj0zhcd.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.33:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\inj0zhcd.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.34:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\inj0zhcd.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.40:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\inj0zhcd.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.41:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\inj0zhcd.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.46:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\inj0zhcd.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.31:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\inj0zhcd.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.


Fin du rapport

moK´s@ · Answer

salut seb26,

comment ce porte ton pc?

@+

seb26 · Answer

Bonjour,

je ne vois pas trop de changement
je n'arrive toujours pas à aller sur le site de "commentcamarche" ou "orange"
à chaque fois ça commence à charger puis ça se bloque au milieu mais la page n'apparait pas !

@+

moK´s@ · Answer

salut seb26.

desolé j´ai eté absent pas mal de temps...

peux tu emettre un hijack this stp

@+

seb26 · Answer

Bonjour 

voici le log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:44:25, on 11/09/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] "C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] "C:\PROGRA~1\Wanadoo\Shell.exe" appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - Startup: Registration-Studio 8 SE.lnk = C:\Program Files\Pinnacle\Studio 8\Register\RegTool.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

moK´s@ · Answer

salut seb26,

tu as quoi comme modem?

tu l´as bien configuré?

@+

seb26 · Answer

Bonjour
j'ai la livebox connecté par ethernet sur mon pc fixe
peut être faudrait-il la réinstaller ?
ce qui est étrange c'est j'accède sans pb à certains sites mais d'autres la page ne s'ouvre pas alors que ça marché auparavant !

de plus, j'ai égalament un pc portable par wifi et le phénomène est identique !

est-ce qu'il y a un ver sur les 2 pc ou la c'est la config de la live box ?

merci

moK´s@ · Answer

re,

tu as toujours explorer 6.0 essaie de passer a la version 7.0 d´internet explorer...

et essaie de voire pour la configuration de ta live box, google est ton ami...

si ca n´aide pas passe ceci : winsockfix et regarde le tuto (d´ésolé c´est en anglais...)

http://babin.nelly.free.fr/WinsockFix.zip

tuto (merci Mok's@):
https://www.snapfiles.com/get/winsockxpfix.html 

@+

seb26 · Answer

Bonjour
j'ai enlevé IE6, j'ai maintenant FIREFOX
j'ai passé winsockfix je n'ai pas trouvé le tuto

moK´s@ · Answer

salut seb26,

ok pour firefox mais pas ok pour j'ai enlevé IE6 > il faut garder internet explorer ne serait-c´que pour les mises a jours windows...

quand a winsockfix le tuto etait sur le deuxieme lien du post 25... ( il aurait falu sauvegarder la base de registre avant de le passer...)

enfin voila; ca marche mieux maintenant ou toujours des blocages?

@+

seb26 · Answer

salut mok

bon je refais la manip ce weekend
merci pour ton aide, c'est sympa

moK´s@ · Answer

ok,ca serait bien que tu reponde a mes questions quand meme 

bon week end...

@+

seb26 · Answer

Bonjour mok

excusemoi pour la réponse !

j'ai réinstallé IE6 à partir de windows, mais il ne veut pas installé IE7, j'utilise donc Firefox

j'ai refais la manip correctement ce weekend
malheureusement je ne vois pas de changement
je n'arrive toujours pas à aller sur le site de "commentcamarche" et "orange"
après tout ce que tu m'a conseillé de faire, je pense que c'est plutôt dans le paramètrage de la livebox
c'est qd même étrange que ça marche bien pour d'autres sites

@+

moK´s@ · Answer

salut seb,

oui c´est etrange en effet, mais tu dis ne pas pouvoir aller sur le site de comment ca marche, me parle tu a partir d´un autre pc?

livebox :

http://www.aidewindows.net/livebox.php

@+

seb26 · Answer

Bonjour,

oui je te parle du boulot
est-ce que tu penses que j'ai encore un ver ou logiciel espion ?

merci pour le lien je vais l'explorer

@+

moK´s@ · Answer

salut seb26,

exuse pour le retard...

passe ce scan en ligne et colle le rapport ici :

https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr 

@+

seb26 · Answer

Bonjour

ok je passe kapersky ce soir
@+

moK´s@ · Answer

ok

seb26 · Answer

bonjour mok

je n'ai pas réussi à passer kapersky
il passe que avec IE et non avec firefox !
il bloque dans la mise à jour
bizarre car je l'avais déjà utilisé !
j'ai essayé aussi bitdefender mais c'est pareil !

je reessairerai demain !

@+

moK´s@ · Answer

salut seb,

oui il faut le passer avec ie, tu doit l´avoir non?

@+

seb26 · Answer

bonjour

oui j'ai IE
j'essaie ce soir

moK´s@ · Answer

ok

@+

seb26 · Answer

Bonjour

KASPERSKY ON-LINE SCANNER REPORT  
Wednesday, September 26, 2007 8:18:13 PM
Syst&#32813;e d'exploitation : Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Derni&#32818;e mise ?jour de la base antivirus Kaspersky : 26/09/2007
Enregistrements dans la base antivirus Kaspersky : 397930
 
 
Param&#32820;res d'analyse 
Analyser avec la base antivirus suivante standard 
Analyser les archives vrai 
Analyser les bases de messagerie vrai 
 
Cible de l'analyse Zones critiques 
C:\WINDOWS
C:\Temp\  
 
Statistiques de l'analyse 
Total d'objets analys&#36915; 10502 
Nombre de virus trouv&#36915; 0 
Nombre d'objets infect&#36915; 0 / 0 
Nombre d'objets suspects 0 
Dur&#36901; de l'analyse 00:14:55 

Nom de l'objet infect&#36924;/b> Nom du virus Derni&#32818;e action 
C:\WINDOWS\Debug\oakley.log  L'objet est verrouill&#36873;  ignor&#36873;  
 
C:\WINDOWS\Debug\PASSWD.LOG  L'objet est verrouill&#36873;  ignor&#36873;  
 
C:\WINDOWS\SchedLgU.Txt  L'objet est verrouill&#36873;  ignor&#36873;  
 
C:\WINDOWS\Sti_Trace.log  L'objet est verrouill&#36873;  ignor&#36873;  
 
C:\WINDOWS\system32\config\Antivirus.Evt  L'objet est verrouill&#36873;  ignor&#36873;  
 
C:\WINDOWS\system32\config\AppEvent.Evt  L'objet est verrouill&#36873;  ignor&#36873;  
 
C:\WINDOWS\system32\config\default  L'objet est verrouill&#36873;  ignor&#36873;  
 
C:\WINDOWS\system32\config\default.LOG  L'objet est verrouill&#36873;  ignor&#36873;  
 
C:\WINDOWS\system32\config\SAM  L'objet est verrouill&#36873;  ignor&#36873;  
 
C:\WINDOWS\system32\config\SAM.LOG  L'objet est verrouill&#36873;  ignor&#36873;  
 
C:\WINDOWS\system32\config\SecEvent.Evt  L'objet est verrouill&#36873;  ignor&#36873;  
 
C:\WINDOWS\system32\config\SECURITY  L'objet est verrouill&#36873;  ignor&#36873;  
 
C:\WINDOWS\system32\config\SECURITY.LOG  L'objet est verrouill&#36873;  ignor&#36873;  
 
C:\WINDOWS\system32\config\software  L'objet est verrouill&#36873;  ignor&#36873;  
 
C:\WINDOWS\system32\config\software.LOG  L'objet est verrouill&#36873;  ignor&#36873;  
 
C:\WINDOWS\system32\config\SysEvent.Evt  L'objet est verrouill&#36873;  ignor&#36873;  
 
C:\WINDOWS\system32\config\system  L'objet est verrouill&#36873;  ignor&#36873;  
 
C:\WINDOWS\system32\config\system.LOG  L'objet est verrouill&#36873;  ignor&#36873;  
 
C:\WINDOWS\system32\h323log.txt  L'objet est verrouill&#36873;  ignor&#36873;  
 
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR  L'objet est verrouill&#36873;  ignor&#36873;  
 
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA  L'objet est verrouill&#36873;  ignor&#36873;  
 
C:\WINDOWS\Temp\Perflib_Perfdata_47c.dat  L'objet est verrouill&#36873;  ignor&#36873;  
 
C:\WINDOWS\Temp\_avast4_\Webshlock.txt  L'objet est verrouill&#36873;  ignor&#36873;  
 
C:\WINDOWS\Temp\_av_proI.tm~a01908\dld1.tmp  L'objet est verrouill&#36873;  ignor&#36873;  
 
C:\WINDOWS\wiadebug.log  L'objet est verrouill&#36873;  ignor&#36873;  
 
C:\WINDOWS\wiaservc.log  L'objet est verrouill&#36873;  ignor&#36873;  
 
C:\Temp\ mon038.log  L'objet est verrouill&#36873;  ignor&#36873;  
 
Analyse termin&#36901;. 



KASPERSKY ON-LINE SCANNER REPORT  
Wednesday, September 26, 2007 9:10:34 PM
Système d'exploitation : Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 26/09/2007
Enregistrements dans la base antivirus Kaspersky : 397930
 
 
Paramètres d'analyse 
Analyser avec la base antivirus suivante standard 
Analyser les archives vrai 
Analyser les bases de messagerie vrai 
 
Cible de l'analyse Poste de travail 
A:\
C:\
D:\
E:\
F:\
H:\  
 
Statistiques de l'analyse 
Total d'objets analysés 40413 
Nombre de virus trouvés 0 
Nombre d'objets infectés 0 / 0 
Nombre d'objets suspects 0 
Durée de l'analyse 00:50:59 

Nom de l'objet infecté Nom du virus Dernière action 
C:\Documents and Settings\Administrateur\Cookies\index.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\index.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\MSHist012007092620070927\index.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\Administrateur\NTUSER.DAT  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\Administrateur
tuser.dat.LOG  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\LocalService\Cookies\index.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\LocalService\NTUSER.DAT  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\LocalService
tuser.dat.LOG  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\NetworkService\NTUSER.DAT  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\NetworkService
tuser.dat.LOG  L'objet est verrouillé  ignoré  
 
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat  L'objet est verrouillé  ignoré  
 
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db  L'objet est verrouillé  ignoré  
 
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int  L'objet est verrouillé  ignoré  
 
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws  L'objet est verrouillé  ignoré  
 
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log  L'objet est verrouillé  ignoré  
 
C:\Program Files\Alwil Software\Avast4\DATA\log
shield.log  L'objet est verrouillé  ignoré  
 
C:\Program Files\Alwil Software\Avast4\DATAeport\Protection résidente.txt  L'objet est verrouillé  ignoré  
 
C:\Program Files\HP\hpcoretech\hpcmerr.log  L'objet est verrouillé  ignoré  
 
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrateur\Data\chandir.dat  L'objet est verrouillé  ignoré  
 
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrateur\Data\chandir.idx  L'objet est verrouillé  ignoré  
 
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrateur\Data\chn.dat  L'objet est verrouillé  ignoré  
 
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrateur\Data\chn.idx  L'objet est verrouillé  ignoré  
 
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrateur\Data\D0000000.FCS  L'objet est verrouillé  ignoré  
 
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrateur\Data\inuse.txt  L'objet est verrouillé  ignoré  
 
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrateur\Data\L0000004.FCS  L'objet est verrouillé  ignoré  
 
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrateur\Data\main.log  L'objet est verrouillé  ignoré  
 
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrateur\Data\prs.dat  L'objet est verrouillé  ignoré  
 
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrateur\Data\prs.idx  L'objet est verrouillé  ignoré  
 
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrateur\Data\prs_die.dat  L'objet est verrouillé  ignoré  
 
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrateur\Data\prs_die.idx  L'objet est verrouillé  ignoré  
 
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrateur\Data\prs_dnd.dat  L'objet est verrouillé  ignoré  
 
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrateur\Data\prs_dnd.idx  L'objet est verrouillé  ignoré  
 
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrateur\Data\prs_ext.dat  L'objet est verrouillé  ignoré  
 
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrateur\Data\prs_ext.idx  L'objet est verrouillé  ignoré  
 
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrateur\Data\prs_rcv.dat  L'objet est verrouillé  ignoré  
 
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrateur\Data\prs_rcv.idx  L'objet est verrouillé  ignoré  
 
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrateur\Data\storydb.dat  L'objet est verrouillé  ignoré  
 
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Administrateur\Data\storydb.idx  L'objet est verrouillé  ignoré  
 
C:\System Volume Information\_restore{7D04F72C-5147-41EB-8BD8-8B25B877DCD7}\RP4\change.log  L'objet est verrouillé  ignoré  
 
C:\Temp\ mon038.log  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\Debug\oakley.log  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\Debug\PASSWD.LOG  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\SchedLgU.Txt  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\Sti_Trace.log  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\Antivirus.Evt  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\AppEvent.Evt  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\default  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\default.LOG  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\SAM  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\SAM.LOG  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\SecEvent.Evt  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\SECURITY  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\SECURITY.LOG  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\software  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\software.LOG  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\SysEvent.Evt  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\system  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\system.LOG  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\h323log.txt  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\Temp\Perflib_Perfdata_47c.dat  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\Temp\_avast4_\Webshlock.txt  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\Temp\_av_proI.tm~a01908\dld1.tmp  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\wiadebug.log  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\wiaservc.log  L'objet est verrouillé  ignoré  
 
Analyse terminée.

moK´s@ · Answer

bon et bien c´est prometeur, as tu encore des soucis?

vide tes dossiers temporaires avec ceci :

atf cleaner, regarde le tuto...

https://freewares-tutos.blogspot.com/2006/10/atf-cleaner.html

@+

seb26 · Answer

bonjour

oui j'ai tjs les mêmes soucis
je passe atf cleaner ce soir

@+

moK´s@ · Answer

peux tu remettre un hijack this stp

@+

seb26 · Answer

bonjour
j'ai passé atf cleaner
je n'ai pas fait de hijackthis
je le fais ce weekend 

merci 

bon weekend

moK´s@ · Answer

salut seb26,

en meme temps peux tu repasser combofix et poster le rapport complet cette fois...

* Télécharge combofix.exe (par sUBs) sur ton Bureau.

http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe     

* Double clique combofix.exe.
* Tape sur la touche 1 (Yes) pour démarrer le scan.
* Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 


NOTE : Le rapport se trouve également ici : C:\Combofix.txt

bon week end a toi egalement ;-)

@+

seb26 · Answer

bonjour mok

voici le rapport hijackthis avant de passer combofix:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:16:46, on 01/10/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Adobe\Reader 8.0\Readereader_sl.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] "C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [WOOKIT] "C:\PROGRA~1\Wanadoo\Shell.exe" appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - Startup: Registration-Studio 8 SE.lnk = C:\Program Files\Pinnacle\Studio 8\Register\RegTool.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Readereader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\webelated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\webelated.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

moK´s@ · Answer

seb26

peux tu mettre internet explorer a jour > la version 0.7 meme si tu utilise firefox, puis faire les mises a jour windows.

seb26 · Answer

non je n'arrive pas à installé IE7

moK´s@ · Answer

peux tu faire les mises a jour windows?

seb26 · Answer

non plus

moK´s@ · Answer

salut seb,

quand tu cherche a faire les mises a jour, as tu un message d´erreure?

Que ce passe t-il?

seb26 · Answer

ok  la maj à marcher
mais c'est toujours pareil
je vais faire le ménage des DD et tout formater des que ja'aurais un moment 

merci pour ton aide

moK´s@ · Answer

si c´est ton choix, en tout cas pas mon intention...

mais peut etre y a t-il un autre moyen, 

la configuration 

la mise a jour windows t´as permis de mettre internet explorer a jour non?

seb26 · Answer

bonjour

ça y est j'ai enfin solutionner le problème
c'était ma Livebox SAGEM que j'ai remplacé par une LB Inventel
bravo Orange !!!
c'est sur leur forum que j'ai vu des cas similaire !

entre temps j'avais tout formater mon PC pour rien
merci encore Orange !!


merci pour ton aide Mok

Hijackthis et Trojan Remover rapport

54 réponses

Discussions similaires

Newsletters