VIrusss partout dans mon pc

Fermé
BILF - 24 déc. 2008 à 11:44
 BILF - 24 déc. 2008 à 15:44
Bonjour,
je suis actuellement under attack, tout deconne ds mon pc j ai fait un scan hijack merci de m aider .


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:18, on 24/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)
A voir également:

3 réponses

salut ton raport n et pas complet refait s en un
0
euhhh


je pense avoir suivi la méthode c est à dire ouvrir hijackthis selectionner : " do a system scan and save a logfiles"
ce que j ai fait puis ja i fait un copier coller .

Je viens de le refaire mais c est le mm tel quel

Si je fais quelque chose qui ne va pas dis moi ....
0
Autant pour moi ....


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:53:11, on 24/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.iesearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CHIN PING PHONE PILE] C:\Documents and Settings\All Users\Application Data\Proxy Long Chin Ping\MIX EXIT.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [greatokay] C:\DOCUME~1\Olivier\APPLIC~1\WAYJOY~1\dale site locks.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)
0
solaris > BILF
24 déc. 2008 à 12:01
ton raport ne montre pas d infection c quoi ton soucis
0
BILF > solaris
24 déc. 2008 à 12:05
Et bien j'ai

1) pas mal de fichier qui se rajoute un peu partout dans c:/
2) ma page de demarrage avait change !
3) msvbvm60.dll avait disparu j ai du le retelecharger
4) quand je fais un scan avg i bug et sarret aussi sec


Pourtant j ai un antivirus (avg 2008), un firewall mais j l active po svt ..., et je fais regulierment des scan avec adware


Enfin je pense bien etre virusse de tte part !
0
BILF > solaris
24 déc. 2008 à 12:06
De plus j ai mon iexplorer qui m ouvre sans arret cette page :

http://html3.usagc.org/step1landing_fra.html?afk=AdPePMBEfra


merci de ton aide
0
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
24 déc. 2008 à 12:10
BILF fait ce qui suit -- stp

Télécharge Lop S&D.exe sur ton Bureau.

https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée, puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)


Tutorial ( aide ) : http://bibou0007.com/outils-specifiques-f78/tuto-lop-sd-t956.htm
0
Je fais direct jpost ca ds qq min

merci bcp
0
ca a ete + rapide que prevu



--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : BIOS Date: 12/12/05 19:01:31 Ver: 08.00.10
USER : Olivier ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus 8.0 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:35 Go (Free:14 Go)
D:\ (Local Disk) - NTFS - Total:97 Go (Free:63 Go)
E:\ (Local Disk) - NTFS - Total:146 Go (Free:11 Go)
F:\ (CD or DVD)
H:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( mer. 24/12/2008|13:22 )

--------------------\\ Listing des dossiers dans APPLIC~1

[18/12/2008|17:33] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[18/12/2008|18:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
[01/11/2008|10:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
[01/12/2008|22:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[16/11/2008|09:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[03/11/2008|17:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Locktime
[13/11/2008|13:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd
[13/11/2008|13:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com
[18/11/2008|15:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[03/11/2008|20:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[21/12/2008|12:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[11/12/2008|00:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[13/11/2008|13:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[23/12/2008|22:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Proxy Long Chin Ping
[14/12/2008|03:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TrackMania
[28/10/2008|19:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[29/10/2008|00:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[28/10/2008|16:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[18/12/2008|17:33] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[18/12/2008|17:33] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[09/11/2008|18:03] C:\DOCUME~1\Olivier\APPLIC~1\Adobe
[24/12/2008|00:48] C:\DOCUME~1\Olivier\APPLIC~1\BitTorrent
[29/10/2008|00:06] C:\DOCUME~1\Olivier\APPLIC~1\Design Science
[04/12/2008|20:01] C:\DOCUME~1\Olivier\APPLIC~1\DivX
[24/12/2008|11:32] C:\DOCUME~1\Olivier\APPLIC~1\DNA
[16/11/2008|09:59] C:\DOCUME~1\Olivier\APPLIC~1\GetRight
[07/12/2008|16:54] C:\DOCUME~1\Olivier\APPLIC~1\Hamachi
[28/10/2008|16:41] C:\DOCUME~1\Olivier\APPLIC~1\Identities
[13/11/2008|13:22] C:\DOCUME~1\Olivier\APPLIC~1\InstallShield
[09/11/2008|10:37] C:\DOCUME~1\Olivier\APPLIC~1\InterTrust
[03/12/2008|19:05] C:\DOCUME~1\Olivier\APPLIC~1\LimeWire
[03/11/2008|17:35] C:\DOCUME~1\Olivier\APPLIC~1\Locktime
[13/11/2008|13:50] C:\DOCUME~1\Olivier\APPLIC~1\Logitech
[28/10/2008|18:29] C:\DOCUME~1\Olivier\APPLIC~1\Macromedia
[18/11/2008|15:16] C:\DOCUME~1\Olivier\APPLIC~1\Malwarebytes
[29/10/2008|14:05] C:\DOCUME~1\Olivier\APPLIC~1\Media Player Classic
[18/12/2008|17:33] C:\DOCUME~1\Olivier\APPLIC~1\Microsoft
[28/10/2008|19:26] C:\DOCUME~1\Olivier\APPLIC~1\Mozilla
[15/11/2008|17:48] C:\DOCUME~1\Olivier\APPLIC~1\SecuROM
[21/11/2008|20:28] C:\DOCUME~1\Olivier\APPLIC~1\Steinberg
[03/11/2008|16:14] C:\DOCUME~1\Olivier\APPLIC~1\Sun
[18/12/2008|18:39] C:\DOCUME~1\Olivier\APPLIC~1\Uniblue
[23/12/2008|22:16] C:\DOCUME~1\Olivier\APPLIC~1\Way Joy Funk
[13/11/2008|14:39] C:\DOCUME~1\Olivier\APPLIC~1\Winamp

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[24/12/2008 13:00][--ah-----] C:\WINDOWS\tasks\B40B10179C7C89F3.job
[24/12/2008 11:34][--ah-----] C:\WINDOWS\tasks\SA.DAT
[30/08/2002 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

( B40B10179C7C89F3.job )=( c:\docume~1\olivier\applic~1\wayjoy~1\globalblah4.exe )

--------------------\\ Listing des dossiers dans C:\Program Files

[09/11/2008|10:37] C:\Program Files\Adobe
[30/10/2008|16:44] C:\Program Files\Ahead
[13/11/2008|13:39] C:\Program Files\ASUS
[18/12/2008|17:35] C:\Program Files\AVG
[03/11/2008|20:28] C:\Program Files\BitTorrent
[16/11/2008|10:04] C:\Program Files\CCleaner
[02/12/2008|16:12] C:\Program Files\Codemasters
[28/10/2008|16:32] C:\Program Files\ComPlus Applications
[28/10/2008|16:51] C:\Program Files\DAEMON Tools
[04/12/2008|19:55] C:\Program Files\DivX
[18/12/2008|17:23] C:\Program Files\DivX ThE LaUncHeR
[22/12/2008|12:22] C:\Program Files\DNA
[01/12/2008|22:15] C:\Program Files\DVD Shrink
[19/12/2008|09:15] C:\Program Files\eMule
[18/12/2008|18:31] C:\Program Files\ESET
[21/12/2008|12:16] C:\Program Files\Fichiers communs
[13/11/2008|14:34] C:\Program Files\Futuremark
[28/10/2008|23:11] C:\Program Files\Gadwin Systems
[22/12/2008|15:02] C:\Program Files\GameSpy Arcade
[16/11/2008|09:59] C:\Program Files\GetRight
[01/12/2008|22:45] C:\Program Files\Hamachi
[28/10/2008|15:03] C:\Program Files\ING
[02/12/2008|16:12] C:\Program Files\InstallShield Installation Information
[13/11/2008|13:48] C:\Program Files\Intel
[11/12/2008|00:12] C:\Program Files\Internet Explorer
[03/12/2008|11:16] C:\Program Files\Java
[28/10/2008|23:59] C:\Program Files\K-Lite Codec Pack
[16/11/2008|09:28] C:\Program Files\Lavasoft
[13/11/2008|13:17] C:\Program Files\ma-config.com
[16/11/2008|10:16] C:\Program Files\MagicISO
[24/12/2008|12:14] C:\Program Files\Malwarebytes' Anti-Malware
[28/10/2008|23:19] C:\Program Files\Marvell
[29/10/2008|00:06] C:\Program Files\MathType
[04/11/2008|14:15] C:\Program Files\Messenger
[03/11/2008|17:23] C:\Program Files\Messenger Plus! Live
[29/11/2008|19:33] C:\Program Files\Microprose
[28/10/2008|16:36] C:\Program Files\microsoft frontpage
[18/12/2008|16:22] C:\Program Files\Microsoft Games
[28/10/2008|23:42] C:\Program Files\Microsoft Office
[28/10/2008|23:42] C:\Program Files\Microsoft Visual Studio
[28/10/2008|23:43] C:\Program Files\Microsoft Works
[04/11/2008|13:47] C:\Program Files\Movie Maker
[24/12/2008|13:20] C:\Program Files\Mozilla Firefox
[28/10/2008|23:42] C:\Program Files\MSBuild
[28/10/2008|16:31] C:\Program Files\MSN
[28/10/2008|16:32] C:\Program Files\MSN Gaming Zone
[05/11/2008|18:51] C:\Program Files\NetLimiter 2 Pro
[04/11/2008|13:43] C:\Program Files\NetMeeting
[29/10/2008|00:20] C:\Program Files\No-IP
[09/11/2008|10:36] C:\Program Files\NVIDIA Corporation
[28/10/2008|16:32] C:\Program Files\Online Services
[04/11/2008|13:43] C:\Program Files\Outlook Express
[13/11/2008|13:27] C:\Program Files\Realtek
[13/11/2008|21:46] C:\Program Files\Serious Sam 2
[28/10/2008|16:34] C:\Program Files\Services en ligne
[21/12/2008|05:04] C:\Program Files\Steam
[21/11/2008|20:27] C:\Program Files\Steinberg
[18/12/2008|18:51] C:\Program Files\SuperCopier2
[24/12/2008|10:43] C:\Program Files\Trend Micro
[15/11/2008|17:36] C:\Program Files\Ubisoft
[28/10/2008|16:41] C:\Program Files\Uninstall Information
[29/10/2008|00:19] C:\Program Files\Veoh Networks
[13/11/2008|13:27] C:\Program Files\vtplus
[23/12/2008|22:15] C:\Program Files\Way Joy Funk
[13/11/2008|14:33] C:\Program Files\Winamp
[21/12/2008|12:23] C:\Program Files\Windows Live
[28/10/2008|19:35] C:\Program Files\Windows Media Connect 2
[04/11/2008|13:43] C:\Program Files\Windows Media Player
[04/11/2008|13:43] C:\Program Files\Windows NT
[28/10/2008|16:34] C:\Program Files\WindowsUpdate
[28/10/2008|16:46] C:\Program Files\WinRAR
[13/11/2008|13:27] C:\Program Files\WinTV
[28/10/2008|16:36] C:\Program Files\xerox
[03/11/2008|21:33] C:\Program Files\X'nStop 2.5

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[09/11/2008|18:03] C:\Program Files\Fichiers communs\Adobe
[30/10/2008|16:44] C:\Program Files\Fichiers communs\Ahead
[28/10/2008|23:42] C:\Program Files\Fichiers communs\DESIGNER
[18/12/2008|15:58] C:\Program Files\Fichiers communs\InstallShield
[17/11/2008|11:23] C:\Program Files\Fichiers communs\Logishrd
[13/11/2008|13:50] C:\Program Files\Fichiers communs\Microsoft Shared
[28/10/2008|16:33] C:\Program Files\Fichiers communs\MSSoap
[28/10/2008|17:23] C:\Program Files\Fichiers communs\ODBC
[28/10/2008|16:33] C:\Program Files\Fichiers communs\Services
[28/10/2008|17:23] C:\Program Files\Fichiers communs\SpeechEngines
[04/11/2008|13:43] C:\Program Files\Fichiers communs\System
[21/12/2008|12:16] C:\Program Files\Fichiers communs\Windows Live
[29/10/2008|00:13] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[16/11/2008|09:27] C:\Program Files\Fichiers communs\Wise Installation Wizard

--------------------\\ Process

( 35 Processes )

IEXPLORE.EXE ~ [PID:4024]
IEXPLORE.EXE ~ [PID:252]

--------------------\\ Recherche avec S_Lop

C:\DOCUME~1\Olivier\LOCALS~1\Temp\bis643.exe
C:\DOCUME~1\Olivier\APPLIC~1\WAYJOY~1
C:\DOCUME~1\Olivier\APPLIC~1\WAYJOY~1\dale site locks.exe
C:\DOCUME~1\Olivier\APPLIC~1\WAYJOY~1\globalblah4.exe
C:\DOCUME~1\Olivier\APPLIC~1\WAYJOY~1\kqzxyddt.exe

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Proxy Long Chin Ping
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Proxy Long Chin Ping\MIX EXIT.exe
C:\DOCUME~1\Olivier\APPLIC~1\wayjoy~1
C:\DOCUME~1\Olivier\APPLIC~1\wayjoy~1\dale site locks.exe
C:\DOCUME~1\Olivier\APPLIC~1\wayjoy~1\globalblah4.exe
C:\DOCUME~1\Olivier\APPLIC~1\wayjoy~1\kqzxyddt.exe
C:\Program Files\wayjoy~1
C:\DOCUME~1\Olivier\LOCALS~1\Temp\DivoCodec.zip
C:\DOCUME~1\Olivier\LOCALS~1\Temp\codec_dv.bmp
C:\DOCUME~1\Olivier\LOCALS~1\Temp\DivoCodec.zip
C:\DOCUME~1\Olivier\LOCALS~1\Temp\nsiF3.tmp
C:\DOCUME~1\Olivier\Cookies\olivier@www.adserver5[1].txt
C:\DOCUME~1\Olivier\Cookies\olivier@adopt.euroclick[1].txt
C:\DOCUME~1\Olivier\Cookies\olivier@adopt.euroclick[3].txt
C:\DOCUME~1\Olivier\Cookies\olivier@partypoker[1].txt
C:\WINDOWS\Tasks\B40B10179C7C89F3.job

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\idol the one]
"DisplayName"="CiD Help"
"UninstallString"="C:\\DOCUME~1\\Olivier\\APPLIC~1\\WAYJOY~1\\dale site locks.exe -uninstall"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"greatokay"="C:\\DOCUME~1\\Olivier\\APPLIC~1\\WAYJOY~1\\dale site locks.exe"
"greatokay"="C:\\DOCUME~1\\Olivier\\APPLIC~1\\WAYJOY~1\\dale site locks.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-24 13:23:20
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:186][D:23]-> C:\DOCUME~1\Olivier\LOCALS~1\Temp
[F:81][D:0]-> C:\DOCUME~1\Olivier\Cookies
[F:932][D:4]-> C:\DOCUME~1\Olivier\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - mer. 24/12/2008|13:24 - Option : [1]

--------------------\\ Fin du rapport a 13:24:56

Merci de ton aide
0
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
24 déc. 2008 à 14:34
re

Relance Lop S&D


* Choisis cette fois ci l'Option 2 (Suppression)

* Ne ferme pas la fenêtre lors de la suppression !

* Poste le rapport généré (C:\lopR.txt)

= 1log hijackthis


0
Log de lopsd :


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : BIOS Date: 12/12/05 19:01:31 Ver: 08.00.10
USER : Olivier ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus 8.0 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:35 Go (Free:14 Go)
D:\ (Local Disk) - NTFS - Total:97 Go (Free:63 Go)
E:\ (Local Disk) - NTFS - Total:146 Go (Free:11 Go)
F:\ (CD or DVD)
H:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( mer. 24/12/2008|15:39 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\DOCUME~1\Olivier\Cookies\olivier@www.adserver5[1].txt
Supprime! - C:\DOCUME~1\Olivier\Cookies\olivier@adopt.euroclick[1].txt
Supprime! - C:\DOCUME~1\Olivier\Cookies\olivier@adopt.euroclick[3].txt
Supprime! - C:\DOCUME~1\Olivier\Cookies\olivier@partypoker[1].txt
Supprime! - C:\WINDOWS\Tasks\B40B10179C7C89F3.job
Supprime! - C:\Program Files\wayjoy~1

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans APPLIC~1

[18/12/2008|17:33] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[18/12/2008|18:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
[01/11/2008|10:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
[01/12/2008|22:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
[16/11/2008|09:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[03/11/2008|17:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Locktime
[13/11/2008|13:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd
[13/11/2008|13:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com
[18/11/2008|15:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[03/11/2008|20:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[21/12/2008|12:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[11/12/2008|00:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[13/11/2008|13:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[14/12/2008|03:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TrackMania
[28/10/2008|19:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[29/10/2008|00:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[28/10/2008|16:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[18/12/2008|17:33] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[18/12/2008|17:33] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[09/11/2008|18:03] C:\DOCUME~1\Olivier\APPLIC~1\Adobe
[24/12/2008|15:38] C:\DOCUME~1\Olivier\APPLIC~1\BitTorrent
[29/10/2008|00:06] C:\DOCUME~1\Olivier\APPLIC~1\Design Science
[04/12/2008|20:01] C:\DOCUME~1\Olivier\APPLIC~1\DivX
[24/12/2008|15:30] C:\DOCUME~1\Olivier\APPLIC~1\DNA
[16/11/2008|09:59] C:\DOCUME~1\Olivier\APPLIC~1\GetRight
[07/12/2008|16:54] C:\DOCUME~1\Olivier\APPLIC~1\Hamachi
[28/10/2008|16:41] C:\DOCUME~1\Olivier\APPLIC~1\Identities
[13/11/2008|13:22] C:\DOCUME~1\Olivier\APPLIC~1\InstallShield
[09/11/2008|10:37] C:\DOCUME~1\Olivier\APPLIC~1\InterTrust
[03/12/2008|19:05] C:\DOCUME~1\Olivier\APPLIC~1\LimeWire
[03/11/2008|17:35] C:\DOCUME~1\Olivier\APPLIC~1\Locktime
[13/11/2008|13:50] C:\DOCUME~1\Olivier\APPLIC~1\Logitech
[28/10/2008|18:29] C:\DOCUME~1\Olivier\APPLIC~1\Macromedia
[18/11/2008|15:16] C:\DOCUME~1\Olivier\APPLIC~1\Malwarebytes
[29/10/2008|14:05] C:\DOCUME~1\Olivier\APPLIC~1\Media Player Classic
[18/12/2008|17:33] C:\DOCUME~1\Olivier\APPLIC~1\Microsoft
[28/10/2008|19:26] C:\DOCUME~1\Olivier\APPLIC~1\Mozilla
[15/11/2008|17:48] C:\DOCUME~1\Olivier\APPLIC~1\SecuROM
[21/11/2008|20:28] C:\DOCUME~1\Olivier\APPLIC~1\Steinberg
[03/11/2008|16:14] C:\DOCUME~1\Olivier\APPLIC~1\Sun
[18/12/2008|18:39] C:\DOCUME~1\Olivier\APPLIC~1\Uniblue
[24/12/2008|13:51] C:\DOCUME~1\Olivier\APPLIC~1\Way Joy Funk
[13/11/2008|14:39] C:\DOCUME~1\Olivier\APPLIC~1\Winamp

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[24/12/2008 13:28][--ah-----] C:\WINDOWS\tasks\SA.DAT
[30/08/2002 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[09/11/2008|10:37] C:\Program Files\Adobe
[30/10/2008|16:44] C:\Program Files\Ahead
[13/11/2008|13:39] C:\Program Files\ASUS
[18/12/2008|17:35] C:\Program Files\AVG
[03/11/2008|20:28] C:\Program Files\BitTorrent
[16/11/2008|10:04] C:\Program Files\CCleaner
[02/12/2008|16:12] C:\Program Files\Codemasters
[28/10/2008|16:32] C:\Program Files\ComPlus Applications
[28/10/2008|16:51] C:\Program Files\DAEMON Tools
[04/12/2008|19:55] C:\Program Files\DivX
[18/12/2008|17:23] C:\Program Files\DivX ThE LaUncHeR
[24/12/2008|13:29] C:\Program Files\DNA
[01/12/2008|22:15] C:\Program Files\DVD Shrink
[19/12/2008|09:15] C:\Program Files\eMule
[18/12/2008|18:31] C:\Program Files\ESET
[21/12/2008|12:16] C:\Program Files\Fichiers communs
[13/11/2008|14:34] C:\Program Files\Futuremark
[28/10/2008|23:11] C:\Program Files\Gadwin Systems
[22/12/2008|15:02] C:\Program Files\GameSpy Arcade
[16/11/2008|09:59] C:\Program Files\GetRight
[01/12/2008|22:45] C:\Program Files\Hamachi
[28/10/2008|15:03] C:\Program Files\ING
[02/12/2008|16:12] C:\Program Files\InstallShield Installation Information
[13/11/2008|13:48] C:\Program Files\Intel
[11/12/2008|00:12] C:\Program Files\Internet Explorer
[03/12/2008|11:16] C:\Program Files\Java
[28/10/2008|23:59] C:\Program Files\K-Lite Codec Pack
[16/11/2008|09:28] C:\Program Files\Lavasoft
[13/11/2008|13:17] C:\Program Files\ma-config.com
[16/11/2008|10:16] C:\Program Files\MagicISO
[24/12/2008|12:14] C:\Program Files\Malwarebytes' Anti-Malware
[28/10/2008|23:19] C:\Program Files\Marvell
[29/10/2008|00:06] C:\Program Files\MathType
[04/11/2008|14:15] C:\Program Files\Messenger
[03/11/2008|17:23] C:\Program Files\Messenger Plus! Live
[29/11/2008|19:33] C:\Program Files\Microprose
[28/10/2008|16:36] C:\Program Files\microsoft frontpage
[18/12/2008|16:22] C:\Program Files\Microsoft Games
[28/10/2008|23:42] C:\Program Files\Microsoft Office
[28/10/2008|23:42] C:\Program Files\Microsoft Visual Studio
[28/10/2008|23:43] C:\Program Files\Microsoft Works
[04/11/2008|13:47] C:\Program Files\Movie Maker
[24/12/2008|15:38] C:\Program Files\Mozilla Firefox
[28/10/2008|23:42] C:\Program Files\MSBuild
[28/10/2008|16:31] C:\Program Files\MSN
[28/10/2008|16:32] C:\Program Files\MSN Gaming Zone
[05/11/2008|18:51] C:\Program Files\NetLimiter 2 Pro
[04/11/2008|13:43] C:\Program Files\NetMeeting
[29/10/2008|00:20] C:\Program Files\No-IP
[09/11/2008|10:36] C:\Program Files\NVIDIA Corporation
[28/10/2008|16:32] C:\Program Files\Online Services
[04/11/2008|13:43] C:\Program Files\Outlook Express
[13/11/2008|13:27] C:\Program Files\Realtek
[13/11/2008|21:46] C:\Program Files\Serious Sam 2
[28/10/2008|16:34] C:\Program Files\Services en ligne
[24/12/2008|13:30] C:\Program Files\Steam
[21/11/2008|20:27] C:\Program Files\Steinberg
[18/12/2008|18:51] C:\Program Files\SuperCopier2
[24/12/2008|10:43] C:\Program Files\Trend Micro
[15/11/2008|17:36] C:\Program Files\Ubisoft
[28/10/2008|16:41] C:\Program Files\Uninstall Information
[29/10/2008|00:19] C:\Program Files\Veoh Networks
[13/11/2008|13:27] C:\Program Files\vtplus
[13/11/2008|14:33] C:\Program Files\Winamp
[21/12/2008|12:23] C:\Program Files\Windows Live
[28/10/2008|19:35] C:\Program Files\Windows Media Connect 2
[04/11/2008|13:43] C:\Program Files\Windows Media Player
[04/11/2008|13:43] C:\Program Files\Windows NT
[28/10/2008|16:34] C:\Program Files\WindowsUpdate
[28/10/2008|16:46] C:\Program Files\WinRAR
[13/11/2008|13:27] C:\Program Files\WinTV
[28/10/2008|16:36] C:\Program Files\xerox
[03/11/2008|21:33] C:\Program Files\X'nStop 2.5

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[09/11/2008|18:03] C:\Program Files\Fichiers communs\Adobe
[30/10/2008|16:44] C:\Program Files\Fichiers communs\Ahead
[28/10/2008|23:42] C:\Program Files\Fichiers communs\DESIGNER
[18/12/2008|15:58] C:\Program Files\Fichiers communs\InstallShield
[17/11/2008|11:23] C:\Program Files\Fichiers communs\Logishrd
[13/11/2008|13:50] C:\Program Files\Fichiers communs\Microsoft Shared
[28/10/2008|16:33] C:\Program Files\Fichiers communs\MSSoap
[28/10/2008|17:23] C:\Program Files\Fichiers communs\ODBC
[28/10/2008|16:33] C:\Program Files\Fichiers communs\Services
[28/10/2008|17:23] C:\Program Files\Fichiers communs\SpeechEngines
[04/11/2008|13:43] C:\Program Files\Fichiers communs\System
[21/12/2008|12:16] C:\Program Files\Fichiers communs\Windows Live
[29/10/2008|00:13] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[16/11/2008|09:27] C:\Program Files\Fichiers communs\Wise Installation Wizard

--------------------\\ Process

( 48 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\Olivier\APPLIC~1\wayjoy~1

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-24 15:40:55
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:15][D:1]-> C:\DOCUME~1\Olivier\LOCALS~1\Temp
[F:77][D:0]-> C:\DOCUME~1\Olivier\Cookies
[F:977][D:4]-> C:\DOCUME~1\Olivier\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - mer. 24/12/2008|13:24 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - mer. 24/12/2008|13:45 - Option : [1]
3 - "C:\Lop SD\LopR_3.txt" - mer. 24/12/2008|15:42 - Option : [2]

--------------------\\ Fin du rapport a 15:42:19

Log de hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:44:15, on 24/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\No-IP\DUC20.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\program files\steam\steam.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\No-IP\DUC20.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)
0