Virus Facebook + msn
Fermé
Céline9829
Messages postés
24
Date d'inscription
vendredi 3 août 2007
Statut
Membre
Dernière intervention
18 janvier 2008
-
17 janv. 2008 à 19:46
¡El Desaparecido! Messages postés 1521 Date d'inscription mardi 4 octobre 2011 Statut Membre Dernière intervention 23 octobre 2015 - 10 mai 2012 à 21:11
¡El Desaparecido! Messages postés 1521 Date d'inscription mardi 4 octobre 2011 Statut Membre Dernière intervention 23 octobre 2015 - 10 mai 2012 à 21:11
A voir également:
- Virus Facebook + msn
- Compte facebook piraté - Guide
- Qui regarde mon profil facebook - Guide
- Sondage facebook - Guide
- Piratage facebook changer mot de passe - Guide
- Story facebook - Guide
10 réponses
winin
Messages postés
372
Date d'inscription
mercredi 16 janvier 2008
Statut
Membre
Dernière intervention
31 décembre 2008
12
17 janv. 2008 à 19:50
17 janv. 2008 à 19:50
Un scan Hijackthis
- Télécharger Hijackthis :
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html
TUTO :
http://cybersecurite.xooit.com/t142-HijackThis-2-0-2-avec-Firefox.htm#1204
Qui est soigneseument écrit par Bruce Lee.
Poste ton rapport qui sortira sous un fichier TXT.
- Télécharger Hijackthis :
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html
TUTO :
http://cybersecurite.xooit.com/t142-HijackThis-2-0-2-avec-Firefox.htm#1204
Qui est soigneseument écrit par Bruce Lee.
Poste ton rapport qui sortira sous un fichier TXT.
Céline9829
Messages postés
24
Date d'inscription
vendredi 3 août 2007
Statut
Membre
Dernière intervention
18 janvier 2008
17 janv. 2008 à 19:58
17 janv. 2008 à 19:58
sur un autre sujet j'ai vu qu'il fallait faire un scan et nettoyage avec msn fix
je vous mets le rapport
je vais faire un scan Hijackthis et je vous le post
merci pour l'aide
MSNFix 1.633
C:\Documents and Settings\G‚\Bureau\MSNFix\MSNFix
Fix exécuté le 17/01/2008 - 19:49:55,26 By G‚
mode normal
************************ Recherche les fichiers présents
... C:\DOCUME~1\G9E74~1\LOCALS~1\Temp\services.exe
... C:\WINDOWS\17PHolmes1148.exe
... C:\WINDOWS\b???.exe
... C:\WINDOWS\b122.exe
... C:\WINDOWS\mrofinu*.exe
... C:\WINDOWS\mrofinu*.exe.tmp
************************ MSNCHK ***** /!\ beta test /!\
************************ Recherche les dossiers présents
... C:\Program Files\Temporary\
************************ Suppression des fichiers
/!\ ... C:\DOCUME~1\G9E74~1\LOCALS~1\Temp\services.exe
/!\ ... C:\WINDOWS\17PHolmes1148.exe
.. OK ... C:\WINDOWS\b???.exe
.. OK ... C:\WINDOWS\b122.exe
/!\ ... C:\WINDOWS\mrofinu*.exe
/!\ ... C:\WINDOWS\mrofinu*.exe.tmp
************************ Suppression des dossiers
/!\ ... C:\Program Files\Temporary\
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
************************ Suppression des fichiers
.. OK ... C:\DOCUME~1\G9E74~1\LOCALS~1\Temp\services.exe
.. OK ... C:\WINDOWS\17PHolmes1148.exe
.. OK ... C:\WINDOWS\mrofinu*.exe
.. OK ... C:\WINDOWS\mrofinu*.exe.tmp
************************ Fichiers suspects
Aucun Fichier trouvé
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 17012008_19531464.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
je vous mets le rapport
je vais faire un scan Hijackthis et je vous le post
merci pour l'aide
MSNFix 1.633
C:\Documents and Settings\G‚\Bureau\MSNFix\MSNFix
Fix exécuté le 17/01/2008 - 19:49:55,26 By G‚
mode normal
************************ Recherche les fichiers présents
... C:\DOCUME~1\G9E74~1\LOCALS~1\Temp\services.exe
... C:\WINDOWS\17PHolmes1148.exe
... C:\WINDOWS\b???.exe
... C:\WINDOWS\b122.exe
... C:\WINDOWS\mrofinu*.exe
... C:\WINDOWS\mrofinu*.exe.tmp
************************ MSNCHK ***** /!\ beta test /!\
************************ Recherche les dossiers présents
... C:\Program Files\Temporary\
************************ Suppression des fichiers
/!\ ... C:\DOCUME~1\G9E74~1\LOCALS~1\Temp\services.exe
/!\ ... C:\WINDOWS\17PHolmes1148.exe
.. OK ... C:\WINDOWS\b???.exe
.. OK ... C:\WINDOWS\b122.exe
/!\ ... C:\WINDOWS\mrofinu*.exe
/!\ ... C:\WINDOWS\mrofinu*.exe.tmp
************************ Suppression des dossiers
/!\ ... C:\Program Files\Temporary\
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
************************ Suppression des fichiers
.. OK ... C:\DOCUME~1\G9E74~1\LOCALS~1\Temp\services.exe
.. OK ... C:\WINDOWS\17PHolmes1148.exe
.. OK ... C:\WINDOWS\mrofinu*.exe
.. OK ... C:\WINDOWS\mrofinu*.exe.tmp
************************ Fichiers suspects
Aucun Fichier trouvé
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 17012008_19531464.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
Céline9829
Messages postés
24
Date d'inscription
vendredi 3 août 2007
Statut
Membre
Dernière intervention
18 janvier 2008
17 janv. 2008 à 20:01
17 janv. 2008 à 20:01
voilà le scan HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:00:41, on 17/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:00:41, on 17/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
winin
Messages postés
372
Date d'inscription
mercredi 16 janvier 2008
Statut
Membre
Dernière intervention
31 décembre 2008
12
17 janv. 2008 à 20:07
17 janv. 2008 à 20:07
Télécharger comboFix.exe de sUBs et enregistre sur ton bureau :
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/
Double clique dessus et appuis sur 1 et valide.
Ne fais rien tant que le scan n'est pas fini et le bureau va disparaitre plusieurs fois, c'est normal.
Poste le rapport qui va apparaitre sous fichier TXT.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
*** Combofix est détecté par certains antivirus comme une infection, il s'agit d'un "faux positif"
*** N'en tiens pas compte continue la procédure82 message(s) posté(s) depuis le mercredi 16 janvier 2008
--------------------------------------------------------------------------------
Ne jamais laisser tombé !
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/
Double clique dessus et appuis sur 1 et valide.
Ne fais rien tant que le scan n'est pas fini et le bureau va disparaitre plusieurs fois, c'est normal.
Poste le rapport qui va apparaitre sous fichier TXT.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
*** Combofix est détecté par certains antivirus comme une infection, il s'agit d'un "faux positif"
*** N'en tiens pas compte continue la procédure82 message(s) posté(s) depuis le mercredi 16 janvier 2008
--------------------------------------------------------------------------------
Ne jamais laisser tombé !
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Céline9829
Messages postés
24
Date d'inscription
vendredi 3 août 2007
Statut
Membre
Dernière intervention
18 janvier 2008
17 janv. 2008 à 20:30
17 janv. 2008 à 20:30
voilà le rapport
ComboFix 08-01-17.5 - Gé 2008-01-17 20:11:12.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.40 [GMT 1:00]
Running from: C:\Documents and Settings\Gé\Bureau\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Temporary
C:\Program Files\Temporary\kernInst.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-17 to 2008-01-17 ))))))))))))))))))))))))))))))))))))
.
2008-01-17 20:09 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-17 19:59 . 2008-01-17 19:59 <REP> d-------- C:\Program Files\Trend Micro
2008-01-16 16:06 . 2008-01-17 19:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-16 16:06 . 2008-01-16 16:06 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-15 21:58 . 2008-01-15 21:58 <REP> d-------- C:\Documents and Settings\Gé\Application Data\Apple Computer
2008-01-15 21:57 . 2008-01-15 21:57 <REP> d-------- C:\Program Files\iTunes
2008-01-15 21:57 . 2008-01-15 21:57 <REP> d-------- C:\Program Files\iPod
2008-01-15 21:56 . 2008-01-15 21:56 <REP> d-------- C:\Program Files\Bonjour
2008-01-15 21:53 . 2008-01-15 21:56 <REP> d-------- C:\Program Files\QuickTime
2008-01-15 21:52 . 2008-01-15 21:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-15 21:50 . 2008-01-15 21:50 <REP> d-------- C:\Program Files\Apple Software Update
2008-01-15 21:48 . 2008-01-15 21:48 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-01-15 21:48 . 2008-01-15 21:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-13 19:37 . 2008-01-13 19:37 <REP> d---s---- C:\Documents and Settings\Gé\UserData
2008-01-13 19:37 . 2008-01-13 19:37 <REP> d---s---- C:\Documents and Settings\Gé\UserData
2008-01-13 17:10 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-13 17:10 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-13 17:10 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-12 15:05 . 2008-01-13 17:45 <REP> d-------- C:\Documents and Settings\Gé\Contacts
2008-01-12 15:05 . 2008-01-13 17:45 <REP> d-------- C:\Documents and Settings\Gé\Contacts
2008-01-12 15:04 . 2004-08-19 16:10 91,648 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-01-12 15:04 . 2004-08-19 16:10 91,648 --a--c--- C:\WINDOWS\system32\dllcache\kswdmcap.ax
2008-01-12 15:04 . 2004-08-19 16:10 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax
2008-01-12 15:04 . 2004-08-19 16:10 61,952 --a--c--- C:\WINDOWS\system32\dllcache\kstvtune.ax
2008-01-12 15:04 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-01-12 15:04 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-01-12 15:04 . 2004-08-19 16:09 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-01-12 15:04 . 2004-08-19 16:09 54,784 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-01-12 15:04 . 2004-08-19 16:10 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-01-12 15:04 . 2004-08-19 16:10 43,008 --a--c--- C:\WINDOWS\system32\dllcache\ksxbar.ax
2008-01-12 14:12 . 2008-01-12 14:14 <REP> d-------- C:\Program Files\Microsoft LifeCam
2008-01-12 14:10 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-01-12 13:45 . 2008-01-15 21:49 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-12 13:26 . 2008-01-12 13:44 <REP> d-------- C:\Program Files\Windows Live
2008-01-12 13:26 . 2008-01-12 13:42 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-12 13:26 . 2008-01-14 15:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-12 01:10 . 2004-08-19 16:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-01-11 17:52 . 2008-01-11 17:52 <REP> d-------- C:\Documents and Settings\Gé\Application Data\Talkback
2008-01-11 17:52 . 2008-01-11 17:52 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-11 15:48 . 2007-07-09 14:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-11 15:40 . 2007-06-26 14:56 851,968 -----c--- C:\WINDOWS\system32\dllcache\vgx.dll
2008-01-11 15:40 . 2006-03-17 01:38 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2008-01-11 15:38 . 2006-10-13 13:36 145,920 -----c--- C:\WINDOWS\system32\dllcache\nwprovau.dll
2008-01-10 23:16 . 2006-10-20 02:38 716,800 -----c--- C:\WINDOWS\system32\dllcache\sxs.dll
2008-01-10 23:15 . 2007-04-16 16:53 1,049,600 -----c--- C:\WINDOWS\system32\dllcache\kernel32.dll
2008-01-10 23:15 . 2006-05-05 10:41 453,120 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-01-10 23:15 . 2006-05-05 10:47 174,592 -----c--- C:\WINDOWS\system32\dllcache\rdbss.sys
2008-01-10 21:15 . 2008-01-12 22:42 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-01-10 20:48 . 2008-01-10 20:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-10 20:42 . 2008-01-10 20:42 <REP> d-------- C:\Program Files\Sun
2008-01-10 20:42 . 2007-06-14 16:53 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-10 20:40 . 2008-01-10 20:41 <REP> d-------- C:\Program Files\Java
2008-01-10 20:40 . 2008-01-10 20:40 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-01-10 19:36 . 2008-01-10 19:37 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-01-10 19:24 . 2008-01-10 19:24 385 --a------ C:\WINDOWS\ODBC.INI
2008-01-10 19:23 . 2008-01-10 19:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-01-10 19:23 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-01-10 19:20 . 2008-01-10 19:20 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-01-10 19:19 . 2008-01-10 19:19 <REP> d-------- C:\Program Files\Real
2008-01-10 19:18 . 2008-01-10 19:18 <REP> d-------- C:\Program Files\Microsoft.NET
2008-01-10 19:18 . 2008-01-10 19:20 <REP> d-------- C:\Program Files\Fichiers communs\Real
2008-01-10 19:16 . 2008-01-10 19:16 <REP> d-------- C:\Program Files\Microsoft Works
2008-01-10 19:15 . 2008-01-10 19:18 <REP> d-------- C:\WINDOWS\SHELLNEW
2008-01-10 19:13 . 2008-01-17 17:06 <REP> d-------- C:\Program Files\Spyware Doctor
2008-01-10 19:13 . 2008-01-10 19:13 <REP> d-------- C:\Documents and Settings\Gé\Application Data\PC Tools
2008-01-10 19:13 . 2008-01-17 19:55 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-10 19:13 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-01-10 19:13 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-10 19:13 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-10 19:13 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-10 19:13 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-01-10 19:07 . 2008-01-10 19:07 <REP> d-------- C:\Program Files\Picasa2
2008-01-10 19:07 . 2006-10-05 03:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-01-10 19:07 . 2006-10-05 03:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-01-10 19:06 . 2003-03-29 15:45 89,184 -ra------ C:\WINDOWS\system32\drivers\imagedrv.sys
2008-01-10 19:06 . 2003-09-03 17:53 57,344 -ra------ C:\WINDOWS\system32\ImageDrive.cpl
2008-01-10 19:05 . 2008-01-10 19:05 <REP> d-------- C:\Program Files\Norton Security Scan
2008-01-10 19:05 . 2008-01-10 19:05 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2008-01-10 19:05 . 2008-01-10 19:06 <REP> d-------- C:\Program Files\Ahead
2008-01-10 19:05 . 2001-07-06 13:41 569,344 -ra------ C:\WINDOWS\system32\imagr5.dll
2008-01-10 19:05 . 2001-07-06 11:44 544,768 -ra------ C:\WINDOWS\system32\imagx5.dll
2008-01-10 19:05 . 2001-07-06 17:24 283,920 -ra------ C:\WINDOWS\system32\ImagXpr5.dll
2008-01-10 19:05 . 2001-07-09 10:50 155,648 -ra------ C:\WINDOWS\system32\NeroCheck.exe
2008-01-10 19:05 . 2001-06-26 07:15 38,912 -ra------ C:\WINDOWS\system32\picn20.dll
2008-01-10 19:03 . 2008-01-10 19:03 <REP> d-------- C:\Program Files\Yahoo!
2008-01-10 19:03 . 2008-01-10 19:10 <REP> d-------- C:\Program Files\Google
2008-01-10 19:03 . 2008-01-10 19:03 <REP> d-------- C:\Program Files\CCleaner
2008-01-10 19:03 . 2008-01-16 20:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-10 19:02 . 2008-01-10 19:02 <REP> d-------- C:\Program Files\Alwil Software
2008-01-10 19:01 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-10 13:10 . 2008-01-10 13:10 <REP> d-------- C:\Documents and Settings\LocalService\Menu Démarrer
2008-01-10 13:09 . 2008-01-10 13:09 <REP> d---s---- C:\WINDOWS\system32\Microsoft
2008-01-10 13:01 . 2008-01-10 13:01 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-01-10 12:59 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\[u]0[/u]02123_.tmp
2008-01-10 12:58 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-10 12:56 . 2008-01-10 12:56 <REP> d-------- C:\WINDOWS\EHome
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-10 10:36 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-10 10:34 --------- d-----w C:\Program Files\Services en ligne
2008-01-10 10:32 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-10 19:03 68856]
"AdobeUpdater"="C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06 79224]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-10 19:04 1836544]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27 1065288]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-01-10 19:19 185632]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-06-14 18:32 132760]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-06-30 00:54 269104]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-06-30 00:55 707376]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-10 19:03:51]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamSvc.exe" [2006-06-30 00:54]
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-15 20:50:51 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-10 18:05:39 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 20:14:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-17 20:15:57
ComboFix-quarantined-files.txt 2008-01-17 19:15:52
.
2008-01-13 20:26:36 --- E O F ---
ComboFix 08-01-17.5 - Gé 2008-01-17 20:11:12.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.40 [GMT 1:00]
Running from: C:\Documents and Settings\Gé\Bureau\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Temporary
C:\Program Files\Temporary\kernInst.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-17 to 2008-01-17 ))))))))))))))))))))))))))))))))))))
.
2008-01-17 20:09 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-17 19:59 . 2008-01-17 19:59 <REP> d-------- C:\Program Files\Trend Micro
2008-01-16 16:06 . 2008-01-17 19:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-16 16:06 . 2008-01-16 16:06 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-15 21:58 . 2008-01-15 21:58 <REP> d-------- C:\Documents and Settings\Gé\Application Data\Apple Computer
2008-01-15 21:57 . 2008-01-15 21:57 <REP> d-------- C:\Program Files\iTunes
2008-01-15 21:57 . 2008-01-15 21:57 <REP> d-------- C:\Program Files\iPod
2008-01-15 21:56 . 2008-01-15 21:56 <REP> d-------- C:\Program Files\Bonjour
2008-01-15 21:53 . 2008-01-15 21:56 <REP> d-------- C:\Program Files\QuickTime
2008-01-15 21:52 . 2008-01-15 21:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-15 21:50 . 2008-01-15 21:50 <REP> d-------- C:\Program Files\Apple Software Update
2008-01-15 21:48 . 2008-01-15 21:48 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-01-15 21:48 . 2008-01-15 21:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-13 19:37 . 2008-01-13 19:37 <REP> d---s---- C:\Documents and Settings\Gé\UserData
2008-01-13 19:37 . 2008-01-13 19:37 <REP> d---s---- C:\Documents and Settings\Gé\UserData
2008-01-13 17:10 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-13 17:10 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-13 17:10 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-12 15:05 . 2008-01-13 17:45 <REP> d-------- C:\Documents and Settings\Gé\Contacts
2008-01-12 15:05 . 2008-01-13 17:45 <REP> d-------- C:\Documents and Settings\Gé\Contacts
2008-01-12 15:04 . 2004-08-19 16:10 91,648 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-01-12 15:04 . 2004-08-19 16:10 91,648 --a--c--- C:\WINDOWS\system32\dllcache\kswdmcap.ax
2008-01-12 15:04 . 2004-08-19 16:10 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax
2008-01-12 15:04 . 2004-08-19 16:10 61,952 --a--c--- C:\WINDOWS\system32\dllcache\kstvtune.ax
2008-01-12 15:04 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-01-12 15:04 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-01-12 15:04 . 2004-08-19 16:09 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-01-12 15:04 . 2004-08-19 16:09 54,784 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-01-12 15:04 . 2004-08-19 16:10 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-01-12 15:04 . 2004-08-19 16:10 43,008 --a--c--- C:\WINDOWS\system32\dllcache\ksxbar.ax
2008-01-12 14:12 . 2008-01-12 14:14 <REP> d-------- C:\Program Files\Microsoft LifeCam
2008-01-12 14:10 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-01-12 13:45 . 2008-01-15 21:49 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-12 13:26 . 2008-01-12 13:44 <REP> d-------- C:\Program Files\Windows Live
2008-01-12 13:26 . 2008-01-12 13:42 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-12 13:26 . 2008-01-14 15:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-12 01:10 . 2004-08-19 16:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-01-11 17:52 . 2008-01-11 17:52 <REP> d-------- C:\Documents and Settings\Gé\Application Data\Talkback
2008-01-11 17:52 . 2008-01-11 17:52 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-11 15:48 . 2007-07-09 14:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-11 15:40 . 2007-06-26 14:56 851,968 -----c--- C:\WINDOWS\system32\dllcache\vgx.dll
2008-01-11 15:40 . 2006-03-17 01:38 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2008-01-11 15:38 . 2006-10-13 13:36 145,920 -----c--- C:\WINDOWS\system32\dllcache\nwprovau.dll
2008-01-10 23:16 . 2006-10-20 02:38 716,800 -----c--- C:\WINDOWS\system32\dllcache\sxs.dll
2008-01-10 23:15 . 2007-04-16 16:53 1,049,600 -----c--- C:\WINDOWS\system32\dllcache\kernel32.dll
2008-01-10 23:15 . 2006-05-05 10:41 453,120 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-01-10 23:15 . 2006-05-05 10:47 174,592 -----c--- C:\WINDOWS\system32\dllcache\rdbss.sys
2008-01-10 21:15 . 2008-01-12 22:42 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-01-10 20:48 . 2008-01-10 20:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-10 20:42 . 2008-01-10 20:42 <REP> d-------- C:\Program Files\Sun
2008-01-10 20:42 . 2007-06-14 16:53 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-10 20:40 . 2008-01-10 20:41 <REP> d-------- C:\Program Files\Java
2008-01-10 20:40 . 2008-01-10 20:40 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-01-10 19:36 . 2008-01-10 19:37 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-01-10 19:24 . 2008-01-10 19:24 385 --a------ C:\WINDOWS\ODBC.INI
2008-01-10 19:23 . 2008-01-10 19:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-01-10 19:23 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-01-10 19:20 . 2008-01-10 19:20 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-01-10 19:19 . 2008-01-10 19:19 <REP> d-------- C:\Program Files\Real
2008-01-10 19:18 . 2008-01-10 19:18 <REP> d-------- C:\Program Files\Microsoft.NET
2008-01-10 19:18 . 2008-01-10 19:20 <REP> d-------- C:\Program Files\Fichiers communs\Real
2008-01-10 19:16 . 2008-01-10 19:16 <REP> d-------- C:\Program Files\Microsoft Works
2008-01-10 19:15 . 2008-01-10 19:18 <REP> d-------- C:\WINDOWS\SHELLNEW
2008-01-10 19:13 . 2008-01-17 17:06 <REP> d-------- C:\Program Files\Spyware Doctor
2008-01-10 19:13 . 2008-01-10 19:13 <REP> d-------- C:\Documents and Settings\Gé\Application Data\PC Tools
2008-01-10 19:13 . 2008-01-17 19:55 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-10 19:13 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-01-10 19:13 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-10 19:13 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-10 19:13 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-10 19:13 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-01-10 19:07 . 2008-01-10 19:07 <REP> d-------- C:\Program Files\Picasa2
2008-01-10 19:07 . 2006-10-05 03:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-01-10 19:07 . 2006-10-05 03:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-01-10 19:06 . 2003-03-29 15:45 89,184 -ra------ C:\WINDOWS\system32\drivers\imagedrv.sys
2008-01-10 19:06 . 2003-09-03 17:53 57,344 -ra------ C:\WINDOWS\system32\ImageDrive.cpl
2008-01-10 19:05 . 2008-01-10 19:05 <REP> d-------- C:\Program Files\Norton Security Scan
2008-01-10 19:05 . 2008-01-10 19:05 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2008-01-10 19:05 . 2008-01-10 19:06 <REP> d-------- C:\Program Files\Ahead
2008-01-10 19:05 . 2001-07-06 13:41 569,344 -ra------ C:\WINDOWS\system32\imagr5.dll
2008-01-10 19:05 . 2001-07-06 11:44 544,768 -ra------ C:\WINDOWS\system32\imagx5.dll
2008-01-10 19:05 . 2001-07-06 17:24 283,920 -ra------ C:\WINDOWS\system32\ImagXpr5.dll
2008-01-10 19:05 . 2001-07-09 10:50 155,648 -ra------ C:\WINDOWS\system32\NeroCheck.exe
2008-01-10 19:05 . 2001-06-26 07:15 38,912 -ra------ C:\WINDOWS\system32\picn20.dll
2008-01-10 19:03 . 2008-01-10 19:03 <REP> d-------- C:\Program Files\Yahoo!
2008-01-10 19:03 . 2008-01-10 19:10 <REP> d-------- C:\Program Files\Google
2008-01-10 19:03 . 2008-01-10 19:03 <REP> d-------- C:\Program Files\CCleaner
2008-01-10 19:03 . 2008-01-16 20:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-10 19:02 . 2008-01-10 19:02 <REP> d-------- C:\Program Files\Alwil Software
2008-01-10 19:01 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-10 13:10 . 2008-01-10 13:10 <REP> d-------- C:\Documents and Settings\LocalService\Menu Démarrer
2008-01-10 13:09 . 2008-01-10 13:09 <REP> d---s---- C:\WINDOWS\system32\Microsoft
2008-01-10 13:01 . 2008-01-10 13:01 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-01-10 12:59 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\[u]0[/u]02123_.tmp
2008-01-10 12:58 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-10 12:56 . 2008-01-10 12:56 <REP> d-------- C:\WINDOWS\EHome
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-10 10:36 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-10 10:34 --------- d-----w C:\Program Files\Services en ligne
2008-01-10 10:32 --------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-20 05:01 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-10 19:03 68856]
"AdobeUpdater"="C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06 79224]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-10 19:04 1836544]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27 1065288]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-01-10 19:19 185632]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-06-14 18:32 132760]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-06-30 00:54 269104]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-06-30 00:55 707376]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-10 19:03:51]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamSvc.exe" [2006-06-30 00:54]
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-15 20:50:51 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-10 18:05:39 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 20:14:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-17 20:15:57
ComboFix-quarantined-files.txt 2008-01-17 19:15:52
.
2008-01-13 20:26:36 --- E O F ---
Bonsoir! j'ai eu un peu le même problème et j'ai eu ca comme rapport :(
ComboFix 08-01-18.1 - Jessica 2008-01-17 20:39:25.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.113 [GMT 1:00]
Running from: C:\Documents and Settings\Jessica\Local Settings\Temporary Internet Files\Content.IE5\7FH1853A\ComboFix[1].exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wpcap.dll
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\NPF
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-18 to 2008-01-18 ))))))))))))))))))))))))))))))))))))
.
2008-01-17 20:38 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-15 16:15 . 2008-01-15 16:15 <REP> d-------- C:\Documents and Settings\Jessica\chemaxon
2007-12-25 10:12 . 2008-01-18 20:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-25 10:12 . 2007-12-25 10:12 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-25 10:10 . 2007-12-25 10:10 <REP> d-------- C:\Program Files\iTunes
2007-12-25 10:10 . 2007-12-25 10:10 <REP> d-------- C:\Program Files\iPod
2007-12-25 10:09 . 2007-12-25 10:09 <REP> d-------- C:\Program Files\QuickTime
2007-12-25 10:08 . 2007-12-25 10:08 <REP> d-------- C:\Program Files\Apple Software Update
2007-12-25 10:08 . 2007-10-31 14:09 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2007-12-25 10:07 . 2007-12-25 10:07 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-12-25 10:07 . 2007-12-25 10:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-19 19:20 . 2008-01-18 20:47 0 --------- C:\WINDOWS\system32\eRLog.ini
2007-12-19 18:05 . 2007-12-19 18:05 268 --ah----- C:\sqmdata12.sqm
2007-12-19 18:05 . 2007-12-19 18:05 244 --ah----- C:\sqmnoopt12.sqm
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-07 20:02 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-07 19:59 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-07 20:03 114688]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 19:51 53248]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 14:44 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 14:43 688218]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-09 15:17 14743552 C:\WINDOWS\RTHDCPL.EXE]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2005-08-11 11:48 143360]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-08-11 19:21 200704]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-15 10:03 2893824]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2005-08-19 01:28 462848]
"eRecoveryService"="C:\Program Files\Acer\eRecovery\Monitor.exe" [2005-08-18 19:38 352256]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14 155648]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 13:19 69632]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
"LoadAppInit_DLLs"=0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 17:14]
R1 SAVOnAccessControl;SAVOnAccessControl;C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys [2007-09-10 13:09]
R1 SAVOnAccessFilter;SAVOnAccessFilter;C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys [2007-09-10 13:08]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08]
R2 int15.sys;int15.sys;C:\Program Files\Acer\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" []
S3 PAC207;SoC PC-Camer@;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d3cde5c-db9f-11db-b366-00116700923b}]
\Shell\AutoRun\command - F:\LaunchU3.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-11 07:58:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 20:47:01
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.
Completion time: 2008-01-18 20:49:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-18 19:49:30
.
2008-01-09 18:24:02 --- E O F ---
ComboFix 08-01-18.1 - Jessica 2008-01-17 20:39:25.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.113 [GMT 1:00]
Running from: C:\Documents and Settings\Jessica\Local Settings\Temporary Internet Files\Content.IE5\7FH1853A\ComboFix[1].exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wpcap.dll
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\NPF
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-18 to 2008-01-18 ))))))))))))))))))))))))))))))))))))
.
2008-01-17 20:38 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-15 16:15 . 2008-01-15 16:15 <REP> d-------- C:\Documents and Settings\Jessica\chemaxon
2007-12-25 10:12 . 2008-01-18 20:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-25 10:12 . 2007-12-25 10:12 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-25 10:10 . 2007-12-25 10:10 <REP> d-------- C:\Program Files\iTunes
2007-12-25 10:10 . 2007-12-25 10:10 <REP> d-------- C:\Program Files\iPod
2007-12-25 10:09 . 2007-12-25 10:09 <REP> d-------- C:\Program Files\QuickTime
2007-12-25 10:08 . 2007-12-25 10:08 <REP> d-------- C:\Program Files\Apple Software Update
2007-12-25 10:08 . 2007-10-31 14:09 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2007-12-25 10:07 . 2007-12-25 10:07 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-12-25 10:07 . 2007-12-25 10:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-19 19:20 . 2008-01-18 20:47 0 --------- C:\WINDOWS\system32\eRLog.ini
2007-12-19 18:05 . 2007-12-19 18:05 268 --ah----- C:\sqmdata12.sqm
2007-12-19 18:05 . 2007-12-19 18:05 244 --ah----- C:\sqmnoopt12.sqm
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-07 20:02 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-07 19:59 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-07 20:03 114688]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 19:51 53248]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 14:44 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 14:43 688218]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 05:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-09 15:17 14743552 C:\WINDOWS\RTHDCPL.EXE]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2005-08-11 11:48 143360]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-08-11 19:21 200704]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-15 10:03 2893824]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2005-08-19 01:28 462848]
"eRecoveryService"="C:\Program Files\Acer\eRecovery\Monitor.exe" [2005-08-18 19:38 352256]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14 155648]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 13:19 69632]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
"LoadAppInit_DLLs"=0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 17:14]
R1 SAVOnAccessControl;SAVOnAccessControl;C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys [2007-09-10 13:09]
R1 SAVOnAccessFilter;SAVOnAccessFilter;C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys [2007-09-10 13:08]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08]
R2 int15.sys;int15.sys;C:\Program Files\Acer\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" []
S3 PAC207;SoC PC-Camer@;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d3cde5c-db9f-11db-b366-00116700923b}]
\Shell\AutoRun\command - F:\LaunchU3.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-11 07:58:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 20:47:01
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
.
Completion time: 2008-01-18 20:49:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-18 19:49:30
.
2008-01-09 18:24:02 --- E O F ---
Céline9829
Messages postés
24
Date d'inscription
vendredi 3 août 2007
Statut
Membre
Dernière intervention
18 janvier 2008
17 janv. 2008 à 21:23
17 janv. 2008 à 21:23
bonjour lovejess
je pense que tu ferais mieux de te créer un sujet, et quelqu'un prendras ton problème en charge personnellement.
winin merci pour ton aide mais je dois partir je continuerais tes conseils demain soir
merci encore
bonne soirée
à demain
je pense que tu ferais mieux de te créer un sujet, et quelqu'un prendras ton problème en charge personnellement.
winin merci pour ton aide mais je dois partir je continuerais tes conseils demain soir
merci encore
bonne soirée
à demain
voilà ce que ça donne
Au secours aidez-moi !!
Merci d'avance
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:25:54, on 17/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Vista\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Logitech\Video\VideoEffectsWatcher.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\admin\LOCALS~1\Temp\services.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\17PHolmes1148.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\17PHolmes1148.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashQuick.exe
C:\WINDOWS\17PHolmes1148.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sfr.fr/cas/login?service=https%3A%2F%2Fwebmail.sfr.fr%2Fwebmail%2Fj_spring_cas_security_check
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Flash Player2] C:\DOCUME~1\admin\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1148.exe 61A847B5BBF72813339F30466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\admin\Mes documents\Jeux\Party Poker\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\admin\Mes documents\Jeux\Party Poker\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.google.com/?gws_rd=ssl
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O18 - Protocol: bw+0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SolidWorks Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe (file missing)
Au secours aidez-moi !!
Merci d'avance
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:25:54, on 17/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Vista\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Logitech\Video\VideoEffectsWatcher.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\admin\LOCALS~1\Temp\services.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\17PHolmes1148.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\17PHolmes1148.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashQuick.exe
C:\WINDOWS\17PHolmes1148.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sfr.fr/cas/login?service=https%3A%2F%2Fwebmail.sfr.fr%2Fwebmail%2Fj_spring_cas_security_check
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Flash Player2] C:\DOCUME~1\admin\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1148.exe 61A847B5BBF72813339F30466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\admin\Mes documents\Jeux\Party Poker\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\admin\Mes documents\Jeux\Party Poker\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.google.com/?gws_rd=ssl
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O18 - Protocol: bw+0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {22BFCE19-C5AD-46EB-9D5E-17E10BFFB535} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SolidWorks Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe (file missing)
Bonjour j'ai attrapé le virus Facebook par MSN. Voici mon rapport Hijack. Pouvez-vous m'aider svp !!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:57:03, on 18/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\TRENDnet\TEW-441PC_443PI\TRENDnet.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\dllhost.exe
C:\DOCUME~1\YANNCH~1\LOCALS~1\Temp\services.exe
C:\WINDOWS\17PHolmes1148.exe
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\WINDOWS\17PHolmes1148.exe
C:\WINDOWS\17PHolmes1148.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashQuick.exe
D:\Program Files\aMSN\bin\wish.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Fichiers communs\Acronis\Partition Suite\oss_reinstall.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ENJOY Plus!.lnk = ?
O4 - Global Startup: 108Mbps Wireless LAN Adapte.lnk = C:\Program Files\TRENDnet\TEW-441PC_443PI\TRENDnet.exe
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Convertir en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://vasco55.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://vasco55.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurateur/AccountHelper.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D376AD10-DC38-46E5-A368-51D3DF7B989C}: NameServer = 213.36.80.1,192.168.1.1
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:57:03, on 18/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\TRENDnet\TEW-441PC_443PI\TRENDnet.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\dllhost.exe
C:\DOCUME~1\YANNCH~1\LOCALS~1\Temp\services.exe
C:\WINDOWS\17PHolmes1148.exe
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\WINDOWS\17PHolmes1148.exe
C:\WINDOWS\17PHolmes1148.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashQuick.exe
D:\Program Files\aMSN\bin\wish.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Fichiers communs\Acronis\Partition Suite\oss_reinstall.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ENJOY Plus!.lnk = ?
O4 - Global Startup: 108Mbps Wireless LAN Adapte.lnk = C:\Program Files\TRENDnet\TEW-441PC_443PI\TRENDnet.exe
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Convertir en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://vasco55.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://vasco55.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurateur/AccountHelper.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D376AD10-DC38-46E5-A368-51D3DF7B989C}: NameServer = 213.36.80.1,192.168.1.1
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
¡El Desaparecido!
Messages postés
1521
Date d'inscription
mardi 4 octobre 2011
Statut
Membre
Dernière intervention
23 octobre 2015
195
10 mai 2012 à 21:11
10 mai 2012 à 21:11
Hello vasco ,
Fais moi parvenir ces fichiers stp :
C:\DOCUME~1\YANNCH~1\LOCALS~1\Temp\services.exe
C:\WINDOWS\17PHolmes1148.exe
ici : http://eldesaparecido.com/upload.php
Ensuite
# Télécharge MBAM et installe le.
# Lance Malwarebytes' Anti-Malware.
# Clique sur l'onglet "Mises à jours" puis sur "Rechercher des mises à jours".
# Clique sur l'onglet "Recherche", coche "éxécuter un examen rapide" puis clic sur Rechercher.
A la fin de l'analyse, si MBAM n'a rien trouvé :
# Clique sur OK, le rapport s'ouvre spontanément
Si des menaces ont été détectées :
# Clique sur OK puis "Afficher les résultats"
# Choisis l'option "Supprimer la sélection"
# Si MBAM demande le redémarrage de Windows : Clique sur "Oui"
# Une fois le PC redémarré, le rapport se trouve dans l'onglet "Rapports/Logs"
# Sinon le rapport s'ouvre automatiquement après la suppression.
Fais moi parvenir ces fichiers stp :
C:\DOCUME~1\YANNCH~1\LOCALS~1\Temp\services.exe
C:\WINDOWS\17PHolmes1148.exe
ici : http://eldesaparecido.com/upload.php
Ensuite
# Télécharge MBAM et installe le.
# Lance Malwarebytes' Anti-Malware.
# Clique sur l'onglet "Mises à jours" puis sur "Rechercher des mises à jours".
# Clique sur l'onglet "Recherche", coche "éxécuter un examen rapide" puis clic sur Rechercher.
A la fin de l'analyse, si MBAM n'a rien trouvé :
# Clique sur OK, le rapport s'ouvre spontanément
Si des menaces ont été détectées :
# Clique sur OK puis "Afficher les résultats"
# Choisis l'option "Supprimer la sélection"
# Si MBAM demande le redémarrage de Windows : Clique sur "Oui"
# Une fois le PC redémarré, le rapport se trouve dans l'onglet "Rapports/Logs"
# Sinon le rapport s'ouvre automatiquement après la suppression.
10 mai 2012 à 20:03