Aide pour Interpretation hijackthis

Ross-D Messages postés 82 Statut Membre -
Ross-D Messages postés 82 Statut Membre - 15 avr. 2009 à 09:03

Bonjour,

Plusieurs programmes , page web ne répondent plus au bout d'un moment .
Pour les fermer , je recours tout le temps au gestionniare des taches
J'ai donc pensé qu'il serait utilede faire un hijackthis , pouvez vous, svp, me l'interpreter .

Par avance merci .

Logfile of HijackThis v1.99.1
Scan saved at 09:58:53, on 10/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\DOCUME~1\Rym\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis_199.zip\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [NetAppel] "C:\Program Files\NetAppel\NetAppel.exe" -nosplash -minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

Afficher la suite

A voir également:

Aide pour Interpretation hijackthis
Hijackthis - Télécharger - Antivirus & Antimalwares
Hijackthis log besoin d'aide svp ✓ - Forum Virus
Aide pour fixer des logs sous hijackthis - Forum Virus
Rapport Hijackthis ✓ - Forum Virus
Entraide Hijackthis ✓ - Forum Virus

94 réponses

Réponse 21 / 94

Ross-D Messages postés 82 Statut Membre 2

Bonsoir,

Voici le rapport ComboFix :

ComboFix 09-03-12.01 - Rym 2009-03-13 19:55:29.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.478.204 [GMT 1:00]
Lancé depuis: c:\documents and settings\Rym\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090312-0] *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Rym\err.log

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-13 au 2009-03-13 ))))))))))))))))))))))))))))))))))))
.

2009-03-12 16:02 . 2009-03-12 16:02 <REP> d-------- c:\windows\system32\Kaspersky Lab
2009-03-11 21:20 . 2009-03-11 21:20 <REP> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-11 21:19 . 2009-03-11 21:19 <REP> d-------- c:\program files\SUPERAntiSpyware
2009-03-11 21:19 . 2009-03-11 21:19 <REP> d-------- c:\documents and settings\Rym\Application Data\SUPERAntiSpyware.com
2009-03-11 21:18 . 2009-03-11 21:18 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2009-03-10 23:43 . 2009-03-10 23:43 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-10 23:43 . 2009-03-10 23:43 <REP> d-------- c:\documents and settings\Rym\Application Data\Malwarebytes
2009-03-10 23:43 . 2009-03-10 23:43 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-10 23:43 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-10 23:43 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-10 06:57 . 2009-03-10 06:57 54,156 --ah----- c:\windows\QTFont.qfn
2009-03-10 06:57 . 2009-03-10 06:57 1,409 --a------ c:\windows\QTFont.for

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-13 18:48 39,570 ----a-w c:\documents and settings\Rym\Application Data\wklnhst.dat
2009-03-09 23:08 --------- d-----w c:\documents and settings\Rym\Application Data\dvdcss
2009-02-18 01:56 --------- d-----w c:\program files\Google
2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys
2009-01-24 20:28 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
2006-06-07 13:37 79,808 -c--a-w c:\documents and settings\Rym\Application Data\GDIPFONTCACHEV1.DAT
2008-09-21 16:39 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008092120080922\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-13 67128]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856]
"ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2007-03-06 603016]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-17 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 688218]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-17 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-06-17 118784]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-13 229438]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-06-08 286720]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-29 98304]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816]
"UpdateManager"="c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-03 136600]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"Lexmark X5100 Series"="c:\program files\Lexmark X5100 Series\lxbabmgr.exe" [2003-03-04 86099]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-12-05 26112]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-13 67128]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-03-30 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-03-30 20560]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S3 ComFiltr;Panda Anti-Dialer;\??\c:\windows\system32\DRIVERS\COMFiltr.sys --> c:\windows\system32\DRIVERS\COMFiltr.sys [?]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2008-02-29 39048]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1beec4f0-b3a9-11dc-8693-00c09f83ec73}]
\Shell\AutoRun\command - F:\
\Shell\open\Command - rundll32.exe .\desktop.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4072262c-74da-11dc-85ce-00c09f83ec73}]
\Shell\AutoRun\command - U:\p3r1ud.exe
\Shell\explore\Command - U:\p3r1ud.exe
\Shell\open\Command - U:\p3r1ud.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{49b5b64e-6298-11dc-859a-00c09f83ec73}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53d3466c-d3d3-11dc-86e5-00c09f83ec73}]
\Shell\AutoRun\command - F:\p3r1ud.exe
\Shell\explore\Command - F:\p3r1ud.exe
\Shell\open\Command - F:\p3r1ud.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae2b56ac-ac7a-11db-83e0-00c09f83ec73}]
\Shell\Auto\command - E:\sxs.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae2b56ad-ac7a-11db-83e0-00c09f83ec73}]
\Shell\Auto\command - E:\sxs.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f00993cf-ad4a-11db-83e3-00c09f83ec73}]
\Shell\Auto\command - E:\sxs.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f00993d0-ad4a-11db-83e3-00c09f83ec73}]
\Shell\Auto\command - E:\sxs.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
.
Contenu du dossier 'Tâches planifiées'

2009-03-13 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDetect.exe []
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-VoipBuster - c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe
HKCU-Run-NetAppel - c:\program files\NetAppel\NetAppel.exe
HKCU-Run-Windows Registry Repair Pro - c:\program files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.yahoo.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = 127.0.0.1;localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Recherche AOL Toolbar - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} - hxxp://minitelweb.minitel.com/imin_data/ocx/MDM.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-13 19:57:37
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????5?3?9?8??????? ???B?????????????H<C? ??????

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Heure de fin: 2009-03-13 19:59:58
ComboFix-quarantined-files.txt 2009-03-13 18:59:38

Avant-CF: 1,494,564,864 octets libres
Après-CF: 1,791,377,408 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

184 --- E O F --- 2009-03-11 02:02:54

Et le rapport Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 20:38, on 13/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\DOCUME~1\Rym\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis_199.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

Réponse 22 / 94

Ross-D Messages postés 82 Statut Membre 2

Pimprenelle,

Depuis ce matin, lorsque je tente de me connecter à mes 2 boites mail yahoo et gmail ,ce message s'affiche à chanque fois :

"La connexion que vous allez utiliser n’est pas sécurisée , d’autres utilisateurs pouront dorénavant accéder aux informations que vous envoyez .
Voulez cous continuez ? oui ou non . "

Je ne peux donc pas acceder à ma boite puisque si je clique non , rien ne s'affiche et si je clique sur oui cela supposerait que d'autres personnes peuvent pirater mes boites mail !

Que faire, stp et quand est il du dernier scane ?

Merci par avance .

Réponse 23 / 94

pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502

Tu parle de connecté à tes 2 boîtes mail sur Internet?

As tu mis une clef WEP et WAP pour ta connexion si tu es en wifi?

Ensuite fais ceci :

Télécharger RemoveIT Pro

Fais un scan et poste moi le rapport.

Réponse 24 / 94

Ross-D Messages postés 82 Statut Membre 2

Tu parle de connecté à tes 2 boîtes mail sur Internet?

Oui , il s'agit bien de ma connexion par internet à mes boites mail , yahoo et gmail .
Au début le même message apparaissait lorsque je me conncetai à plusiuers sites dont CCM , mais le message n'apparait plus maintenant contrairement à ma connexuion à mes boites mail .

As tu mis une clef WEP et WAP pour ta connexion si tu es en wifi?

Oui j'ai mis un code sécurisé . J'ai une clef wpa .

Résultat du scane

infected with win32 Winknown Random X
infected with sys 32 eabhbrn8
infected with sys 32 bwunin -8.1.1.50 -8876480sl
infected with sys 32 nircmd

Je clique sur Fix ? c'est ce qui m'a été recommandé .

Merci .

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 25 / 94

pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502

oui

Réponse 26 / 94

Ross-D Messages postés 82 Statut Membre 2

le rapport n'a pas pu être envoyé selon un message .

J'ai refais un scane est appremment le scane indique que "The computer is clean "

Réponse 27 / 94

pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502

ok un nouvel hiajckthis.

Réponse 28 / 94

Ross-D Messages postés 82 Statut Membre 2

Bonjour pimprenelle,

Voici le rapport Hijakhthis:

Logfile of HijackThis v1.99.1
Scan saved at 08:04, on 15/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Rym\LOCALS~1\Temp\Répertoire temporaire 2 pour hijackthis_199.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Unknown owner - C:\WINDOWS\system32\IcdSptSv.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

Réponse 29 / 94

pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502

tu peux me refaire Malware et SAS merci.

Réponse 30 / 94

Ross-D Messages postés 82 Statut Membre 2

Merci Pimprenelle.

Je ne sais si cela pourrait t'avancer . Mais ce matin, en voulant visionner une musique sur youtube ou dailymotion, l'ordinateur s'est éteint d'un coup . Après l'avoir redémarré , je n'ai pas retrouvé les fenêtres internet et word qui étaient ouvertes .

Et pour ce qui est de ma connexion à mes boites mail , j'ai toujours le même message qui m'indique que la conexion n'est pas sécurisée, même en me connectant à internet par cable ethernet .

Voici le rapport SAS:

SUPERAntiSpyware Scan Log
https://www.superantispyware.com/

Generated 03/15/2009 at 03:47 PM

Application Version : 4.25.1014

Core Rules Database Version : 3791
Trace Rules Database Version: 1747

Scan type : Complete Scan
Total Scan Time : 00:49:05

Memory items scanned : 566
Memory threats detected : 0
Registry items scanned : 6638
Registry threats detected : 0
File items scanned : 23526
File threats detected : 19

Adware.Tracking Cookie
C:\Documents and Settings\Rym\Cookies\rym@adrevolver[1].txt
C:\Documents and Settings\Rym\Cookies\rym@doubleclick[2].txt
C:\Documents and Settings\Rym\Cookies\rym@smartadserver[2].txt
C:\Documents and Settings\Rym\Cookies\rym@tradedoubler[2].txt
C:\Documents and Settings\Rym\Cookies\rym@bs.serving-sys[1].txt
C:\Documents and Settings\Rym\Cookies\rym@serving-sys[2].txt
C:\Documents and Settings\Rym\Cookies\rym@mediaplex[2].txt
C:\Documents and Settings\Rym\Cookies\rym@weborama[1].txt
C:\Documents and Settings\Rym\Cookies\rym@adopt.euroclick[2].txt
C:\Documents and Settings\Rym\Cookies\rym@intermarche2009.solution.weborama[2].txt
C:\Documents and Settings\Rym\Cookies\rym@ad.yieldmanager[1].txt
C:\Documents and Settings\Rym\Cookies\rym@xiti[1].txt
C:\Documents and Settings\Rym\Cookies\rym@cetelem.solution.weborama[2].txt
C:\Documents and Settings\Rym\Cookies\rym@247realmedia[2].txt
C:\Documents and Settings\Rym\Cookies\rym@tracking.lsfinteractive[1].txt
C:\Documents and Settings\Rym\Cookies\rym@adviva[1].txt
C:\Documents and Settings\Rym\Cookies\rym@media.adrevolver[1].txt
C:\Documents and Settings\Rym\Cookies\rym@specificclick[1].txt
C:\Documents and Settings\Rym\Cookies\rym@dynamic.media.adrevolver[1].txt

Rapport Malware:

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1832
Windows 5.1.2600 Service Pack 3

15/03/2009 17:03:28
mbam-log-2009-03-15 (17-03-28).txt

Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 130657
Temps écoulé: 40 minute(s), 23 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Réponse 31 / 94

pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502

Télécharge Trojan-Remover sur ton bureau

Lance l'installation, pour cela, regarde bien le Tuto

Ensuite poste le rapport obetenu + un nouvel hijackthis.

Réponse 32 / 94

Ross-D Messages postés 82 Statut Membre 2

Pimprenelle, Je ne parviens pas à envoyer mon message ! Peut être parce qu'il est trop long ! je le fractionne alors . Merci .

Sur le tutoriel du premier démarrage du torjan , il est indiqué dans la deuxième capture d’image que seule la case incermentale database update 6575 6KB est cochée . En suivant ces instruction en en décocahnt la 1 ère case à partir du haut qui est Program update 6. 7 . 6 (5021) KB , le scane n’a pu être effectué .

Voilà ce que j’ai eu comme message :
« Program update required

you are curently used trojan removed 6.7.5 . this version innot compatible with the laest data base update .

You need to update the program6.7.6 or higher .

You can do the either by clinking on the update button on the main menubar ( ensure you are connected to the net ) or by manually downloading and installing the programme update available from the update page : simplyset.com

Abort.”

J’ai donc recoché la première case ( je ne sais si j’ai bien fait ou pas ) le scane a pu être effectué .

Voici le rapport :

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.6.2566. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 18:36:48 15 mars 2009
Using Database v7301
Operating System: Windows XP Home Edition (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Rym\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Rym\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
The following Anti-Malware program(s) are loaded:
Avast! Antivirus

************************************************************

Réponse 33 / 94

Ross-D Messages postés 82 Statut Membre 2

************************************************************
18:36:48: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
18:36:48: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037824 bytes
Created: 05/08/2004 13:00
Modified: 14/04/2008 03:34
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created: 05/08/2004 13:00
Modified: 14/04/2008 03:34
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 05/08/2004 13:00
Modified: 14/04/2008 03:34
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: IMJPMIG8.1
Value Data: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
208952 bytes
Created: 29/05/2006 23:54
Modified: 05/08/2004 13:00
Company: Microsoft Corporation
--------------------
Value Name: PHIME2002ASync
Value Data: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
455168 bytes
Created: 29/05/2006 23:54
Modified: 05/08/2004 13:00
Company: Microsoft Corporation
--------------------
Value Name: PHIME2002A
Value Data: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
455168 bytes
Created: 29/05/2006 23:54
Modified: 05/08/2004 13:00
Company: Microsoft Corporation
--------------------
Value Name: SynTPLpr
Value Data: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
98394 bytes
Created: 29/05/2006 22:26
Modified: 05/10/2004 17:25
Company: Synaptics, Inc.
--------------------
Value Name: SynTPEnh
Value Data: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
688218 bytes
Created: 29/05/2006 22:26
Modified: 05/10/2004 17:24
Company: Synaptics, Inc.
--------------------
Value Name: IgfxTray
Value Data: C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe
155648 bytes
Created: 29/05/2006 22:27
Modified: 17/06/2004 21:48
Company: Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe
118784 bytes

Réponse 34 / 94

Ross-D Messages postés 82 Statut Membre 2

Réponse 35 / 94

Ross-D Messages postés 82 Statut Membre 2

Value Data: "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
C:\Program Files\Logitech\Video\ManifestEngine.exe
196608 bytes
Created: 25/06/2006 17:25
Modified: 08/06/2005 13:44
Company: Logitech Inc.
--------------------
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 05/08/2004 13:00
Modified: 14/04/2008 03:33
Company: Microsoft Corporation
--------------------
Value Name: MSMSGS
Value Data: "C:\Program Files\Messenger\msmsgs.exe" /background
C:\Program Files\Messenger\msmsgs.exe
1695232 bytes
Created: 29/05/2006 22:00
Modified: 14/04/2008 03:34
Company: Microsoft Corporation
--------------------
Value Name: swg
Value Data: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
68856 bytes
Created: 28/07/2007 21:30
Modified: 28/07/2007 21:30
Company: Google Inc.
--------------------
Value Name: ccleaner
Value Data: "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
C:\Program Files\CCleaner\ccleaner.exe
603016 bytes
Created: 06/03/2007 12:51
Modified: 06/03/2007 12:51
Company: Piriform Ltd
--------------------
Value Name: SUPERAntiSpyware
Value Data: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
1830128 bytes
Created: 17/02/2009 11:43
Modified: 17/02/2009 11:43
Company: SUPERAntiSpyware.com
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty

************************************************************
18:36:54: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}
File: C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
77824 bytes
Created: 13/05/2008 09:13
Modified: 13/05/2008 09:13
Company: SuperAdBlocker.com
----------

************************************************************
18:36:54: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
18:36:55: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
18:36:55: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
C:\WINDOWS\INF\wmp11.inf
2441 bytes
Created: 03/11/2006 10:03
Modified: 03/11/2006 10:03
Company: [no info]
----------

************************************************************
18:36:56: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
--------------------
Key: BITS
Path: %systemroot%\system32\qmgr.dll
C:\WINDOWS\system32\qmgr.dll
409088 bytes
Created: 29/05/2006 22:02
Modified: 14/04/2008 03:33
Company: Microsoft Corporation
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------

************************************************************
18:36:57: Scanning ----- SERVICES REGISTRY KEYS -----
Key: aspnet_state
ImagePath: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
32768 bytes
Created: 15/07/2004 00:49
Modified: 15/07/2004 00:49
Company: Microsoft Corporation
----------
Key: aswFsBlk
ImagePath: system32\DRIVERS\aswFsBlk.sys
C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
20560 bytes
Created: 30/03/2008 21:01
Modified: 05/02/2009 22:07
Company: ALWIL Software
----------
Key: aswUpdSv
ImagePath: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
18752 bytes
Created: 15/12/2006 13:47
Modified: 05/02/2009 22:01
Company: ALWIL Software
----------
Key: avast! Antivirus
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
C:\Program Files\Alwil Software\Avast4\ashServ.exe
138680 bytes
Created: 15/12/2006 13:47
Modified: 05/02/2009 22:08
Company: ALWIL Software
----------
Key: avast! Mail Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service

Réponse 36 / 94

Ross-D Messages postés 82 Statut Membre 2

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
254040 bytes
Created: 15/12/2006 13:47
Modified: 05/02/2009 22:08
Company: ALWIL Software
----------
Key: avast! Web Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
352920 bytes
Created: 15/12/2006 13:47
Modified: 05/02/2009 22:06
Company: ALWIL Software
----------
Key: CAMCAUD
ImagePath: system32\drivers\camcaud.sys
C:\WINDOWS\system32\drivers\camcaud.sys
-R- 292864 bytes
Created: 29/05/2006 22:17
Modified: 14/10/2004 15:52
Company: Conexant Systems Inc.
----------
Key: CAMCHALA
ImagePath: system32\drivers\camchal.sys
C:\WINDOWS\system32\drivers\camchal.sys
-R- 276480 bytes
Created: 29/05/2006 22:17
Modified: 14/10/2004 15:53
Company: Conexant Systems Inc.
----------
Key: catchme
ImagePath: \??\C:\ComboFix\catchme.sys - this file is globally excluded
----------
Key: ComFiltr
ImagePath: \??\C:\WINDOWS\system32\DRIVERS\COMFiltr.sys
C:\WINDOWS\system32\DRIVERS\COMFiltr.sys - [file not found to scan]
----------
Key: eabfiltr
ImagePath: \??\C:\WINDOWS\system32\drivers\EABFiltr.sys
C:\WINDOWS\system32\drivers\EABFiltr.sys
7432 bytes
Created: 29/05/2006 22:40
Modified: 14/04/2004 07:36
Company: Hewlett-Packard Company
----------
Key: eabusb
ImagePath: \??\C:\WINDOWS\system32\drivers\eabusb.sys
C:\WINDOWS\system32\drivers\eabusb.sys
5220 bytes
Created: 29/05/2006 22:40
Modified: 06/06/2003 11:46
Company: Hewlett-Packard Company
----------
Key: gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
137200 bytes
Created: 27/01/2007 15:16
Modified: 18/02/2009 02:56
Company: Google
----------
Key: hpqwmi
ImagePath: C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
98304 bytes
Created: 29/05/2006 22:40
Modified: 27/07/2004 14:25
Company: Hewlett-Packard Development Company, L.P.
----------
Key: HPZid412
ImagePath: system32\DRIVERS\HPZid412.sys
C:\WINDOWS\system32\DRIVERS\HPZid412.sys
-R- 51120 bytes
Created: 09/11/2007 12:56
Modified: 08/03/2005 05:43
Company: HP
----------
Key: HPZipr12
ImagePath: system32\DRIVERS\HPZipr12.sys
C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
-R- 16496 bytes
Created: 09/11/2007 12:56
Modified: 08/03/2005 05:43
Company: HP
----------
Key: HPZius12
ImagePath: system32\DRIVERS\HPZius12.sys
C:\WINDOWS\system32\DRIVERS\HPZius12.sys
-R- 21744 bytes
Created: 09/11/2007 12:55
Modified: 08/03/2005 05:43
Company: HP
----------
Key: HSFHWICH
ImagePath: system32\DRIVERS\HSFHWICH.sys
C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
200064 bytes
Created: 29/05/2006 22:19
Modified: 10/06/2004 16:00
Company: Conexant Systems, Inc.
----------
Key: ialm
ImagePath: system32\DRIVERS\ialmnt5.sys
C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
708989 bytes
Created: 29/05/2006 22:27
Modified: 17/06/2004 22:12
Company: Intel Corporation
----------
Key: ICDSPTSV
ImagePath: C:\WINDOWS\system32\IcdSptSv.exe
C:\WINDOWS\system32\IcdSptSv.exe - [file not found to scan]
----------
Key: ICDUSB2
ImagePath: System32\Drivers\ICDUSB2.sys
C:\WINDOWS\System32\Drivers\ICDUSB2.sys
39048 bytes
Created: 29/02/2008 16:45
Modified: 28/11/2002 21:23
Company: Sony Corporation
----------
Key: IDriverT
ImagePath: "C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
69632 bytes
Created: 14/11/2005 01:06
Modified: 14/11/2005 01:06
Company: Macrovision Corporation
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150528 bytes
Created: 05/08/2004 13:00
Modified: 14/04/2008 03:34
Company: Microsoft Corporation
----------
Key: iPodService
ImagePath: C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iPod\bin\iPodService.exe
401408 bytes
Created: 08/06/2004 12:31
Modified: 08/06/2004 12:31
Company: Apple Computer, Inc.
----------
Key: JavaQuickStarterService
ImagePath: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
C:\Program Files\Java\jre6\bin\jqs.exe
152984 bytes
Created: 03/12/2008 07:22
Modified: 03/12/2008 07:22
Company: Sun Microsystems, Inc.
----------
Key: LexBceS
ImagePath: C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXBCES.EXE
303104 bytes
Created: 28/02/2003 07:28
Modified: 28/02/2003 07:28
Company: Lexmark International, Inc.
----------
Key: LVUSBSta
ImagePath: system32\drivers\lvusbsta.sys
C:\WINDOWS\system32\drivers\lvusbsta.sys
-R- 22016 bytes
Created: 25/06/2006 17:30
Modified: 27/05/2005 10:31
Company: Logitech Inc.
----------
Key: MDM
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
322120 bytes
Created: 19/06/2003 22:25
Modified: 19/06/2003 22:25
Company: Microsoft Corporation
----------
Key: MRENDIS5
ImagePath: \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
18003 bytes
Created: 02/11/2006 11:51
Modified: 22/11/2004 16:36
Company: Motive, Inc.
----------
Key: ose
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
89136 bytes
Created: 28/07/2003 19:28
Modified: 28/07/2003 19:28
Company: Microsoft Corporation
----------
Key: PCAMPR5
ImagePath: \??\C:\WINDOWS\system32\PCAMPR5.SYS
C:\WINDOWS\system32\PCAMPR5.SYS - [file not found to scan]
----------
Key: PCANDIS5
ImagePath: \??\C:\WINDOWS\system32\PCANDIS5.SYS
C:\WINDOWS\system32\PCANDIS5.SYS
17162 bytes
Created: 02/11/2006 11:52
Modified: 22/10/2003 09:54
Company: Printing Communications Assoc., Inc. (PCAUSA)
----------
Key: QCMerced
ImagePath: system32\DRIVERS\LVCM.sys
C:\WINDOWS\system32\DRIVERS\LVCM.sys
-R- 1317152 bytes
Created: 25/06/2006 17:30
Modified: 27/05/2005 10:32
Company: Logitech Inc.
----------
Key: RTL8023xp
ImagePath: system32\DRIVERS\Rtlnicxp.sys
C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
69760 bytes
Created: 29/05/2006 22:23
Modified: 28/06/2004 11:35
Company: Realtek Semiconductor Corporation
----------
Key: SASDIFSV
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
8944 bytes
Created: 17/02/2009 11:43
Modified: 17/02/2009 11:43
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
----------
Key: SASENUM
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
-R- 7408 bytes
Created: 17/02/2009 11:43
Modified: 17/02/2009 11:43
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
----------
Key: SASKUTIL
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
55024 bytes
Created: 17/02/2009 11:43
Modified: 17/02/2009 11:43

Réponse 37 / 94

Ross-D Messages postés 82 Statut Membre 2

Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
----------
Key: SONYPVU1
ImagePath: system32\DRIVERS\SONYPVU1.SYS
C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
7552 bytes
Created: 19/03/2007 09:58
Modified: 17/08/2001 21:56
Company: Sony Corporation
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{61DB4C25-3D8F-4968-A554-BDF56D22E8D0}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 05/08/2004 13:00
Modified: 14/04/2008 03:34
Company: Microsoft Corporation
----------
Key: SynTP
ImagePath: system32\DRIVERS\SynTP.sys
C:\WINDOWS\system32\DRIVERS\SynTP.sys
185824 bytes
Created: 29/05/2006 22:26
Modified: 05/10/2004 17:17
Company: Synaptics, Inc.
----------
Key: tifm21
ImagePath: system32\drivers\tifm21.sys
C:\WINDOWS\system32\drivers\tifm21.sys
85504 bytes
Created: 08/11/2004 23:06
Modified: 08/11/2004 23:06
Company: Texas Instruments
----------
Key: usnjsvc
ImagePath: "C:\Program Files\MSN Messenger\usnsvc.exe"
C:\Program Files\MSN Messenger\usnsvc.exe
97136 bytes
Created: 19/01/2007 11:54
Modified: 19/01/2007 11:54
Company: Microsoft Corporation
----------
Key: w29n51
ImagePath: system32\DRIVERS\w29n51.sys
C:\WINDOWS\system32\DRIVERS\w29n51.sys
-R- 3210496 bytes
Created: 29/05/2006 22:29
Modified: 20/09/2004 09:41
Company: Intel® Corporation
----------
Key: wanatw
ImagePath: system32\DRIVERS\wanatw4.sys
C:\WINDOWS\system32\DRIVERS\wanatw4.sys - [file not found to scan]
----------

************************************************************
18:37:02: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:
C:\WINDOWS\system32\JAVASUP.VXD
7315 bytes
Created: 02/11/2006 11:47
Modified: 28/02/2003 16:54
Company: [no info]
VxD Key = JAVASUP
----------
----------

************************************************************
18:37:02: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : !SASWinLogon
DLLName: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
356352 bytes
Created: 22/12/2008 11:05
Modified: 22/12/2008 11:05
Company: SUPERAntiSpyware.com
----------
Key : igfxcui
DLLName: igfxsrvc.dll
C:\WINDOWS\system32\igfxsrvc.dll
344064 bytes
Created: 29/05/2006 22:27
Modified: 17/06/2004 21:43
Company: Intel Corporation
----------

************************************************************
18:37:03: Scanning ----- CONTEXTMENUHANDLERS -----
Key: avast
CLSID: {472083B0-C522-11CF-8763-00608CC02F24}
Path: C:\Program Files\Alwil Software\Avast4\ashShell.dll
C:\Program Files\Alwil Software\Avast4\ashShell.dll
76880 bytes
Created: 15/12/2006 13:47
Modified: 05/02/2009 22:04
Company: ALWIL Software
----------
Key: ShellExtension
CLSID: [empty]
----------
Key: {CA8ACAFA-5FBB-467B-B348-90DD488DE003}
Path: C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
61440 bytes
Created: 27/02/2007 11:39
Modified: 27/02/2007 11:39
Company: SUPERAntiSpyware.com
----------

************************************************************
18:37:03: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
372736 bytes
Created: 10/05/2007 22:54
Modified: 10/05/2007 22:54
Company: Adobe Systems, Inc.
----------

************************************************************
18:37:04: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {02478D38-C3F9-4EFB-9B51-7695ECA05670}
BHO: C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
440384 bytes
Created: 06/05/2007 08:05
Modified: 26/10/2006 09:28
Company: Yahoo! Inc.
----------
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
62080 bytes
Created: 22/10/2006 22:08
Modified: 22/10/2006 23:08
Company: Adobe Systems Incorporated
----------
Key: {22BF413B-C6D2-4d91-82A9-A0F997BA588C}
BHO: C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
1312040 bytes
Created: 13/09/2007 12:31
Modified: 13/09/2007 12:31
Company: Skype Technologies S.A.
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre6\bin\ssv.dll
C:\Program Files\Java\jre6\bin\ssv.dll
320920 bytes
Created: 03/12/2008 07:22
Modified: 03/12/2008 07:22
Company: Sun Microsystems, Inc.
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
322368 bytes
Created: 31/08/2006 19:33
Modified: 31/08/2006 19:33
Company: Microsoft Corporation
----------
Key: {AA58ED58-01DD-4d91-8333-CF10577473F7}
BHO: C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
251504 bytes
Created: 18/02/2009 02:56
Modified: 18/02/2009 00:02
Company: [no info]
----------
Key: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
BHO: C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
657904 bytes
Created: 18/02/2009 02:56
Modified: 18/02/2009 02:56
Company: Google Inc.
----------
Key: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
BHO: C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
282624 bytes
Created: 30/05/2006 13:58
Modified: 17/01/2006 15:04
Company: Microsoft Corporation
----------
Key: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E}
BHO: C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
522224 bytes
Created: 18/02/2009 00:02
Modified: 18/02/2009 00:02
Company: Google Inc.
----------
Key: {DBC80044-A445-435b-BC74-9C25C1C588A9}
BHO: C:\Program Files\Java\jre6\bin\jp2ssv.dll
C:\Program Files\Java\jre6\bin\jp2ssv.dll
34816 bytes
Created: 03/12/2008 07:22
Modified: 03/12/2008 07:22
Company: Sun Microsystems, Inc.
----------
Key: {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
BHO: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
73728 bytes
Created: 03/12/2008 07:22
Modified: 03/12/2008 07:22
Company: Sun Microsystems, Inc.
----------

************************************************************
18:37:05: Scanning ----- SHELLSERVICEOBJECTS -----
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
122368 bytes
Created: 05/08/2004 13:00
Modified: 14/04/2008 03:33
Company: Microsoft Corporation
----------

************************************************************
18:37:05: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
18:37:05: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
18:37:05: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist

************************************************************
18:37:06: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
18:37:06: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 29/05/2006 23:52
Modified: 29/05/2006 22:05
Company: [no info]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini - no action taken on this file
--------------------
HP Digital Imaging Monitor.lnk - links to C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
282624 bytes
Created: 11/05/2005 23:23
Modified: 11/05/2005 23:23
Company: Hewlett-Packard Co.
--------------------
Logitech Desktop Messenger.lnk - links to C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
67128 bytes
Created: 13/03/2007 10:15
Modified: 13/03/2007 10:15
Company: Logitech Inc.
--------------------

************************************************************
No User Startup Groups were located to check

************************************************************
18:37:07: Scanning ----- SCHEDULED TASKS -----
Taskname: Symantec NetDetect.job
File: C:\Program Files\Symantec\LiveUpdate\NDetect.exe
Parameters: [blank]
Next Run Time: 15/03/2009 18:41:00
Status: La tâche n'a pas encore été exécutée
Creator: SYSTEM
Comments: Symantec NetDetect
C:\Program Files\Symantec\LiveUpdate\NDetect.exe - [file not found to scan]
----------

************************************************************
18:37:07: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
18:37:07: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: VIDC.I420
File: lvcodec2.dll
C:\WINDOWS\system32\lvcodec2.dll
-R- 204800 bytes
Created: 25/06/2006 17:30
Modified: 27/05/2005 10:26
Company: Logitech Inc.
----------
Value: msacm.siren

Réponse 38 / 94

Ross-D Messages postés 82 Statut Membre 2

File: sirenacm.dll
C:\WINDOWS\system32\sirenacm.dll
51056 bytes
Created: 19/01/2007 11:53
Modified: 19/01/2007 11:53
Company: Microsoft Corp.
----------
Value: VIDC.DIVX
File: divx.dll
C:\WINDOWS\system32\divx.dll
684032 bytes
Created: 19/11/2008 22:14
Modified: 28/10/2008 23:35
Company: DivX, Inc.
----------
Value: VIDC.YV12
File: yv12vfw.dll
C:\WINDOWS\system32\yv12vfw.dll
217088 bytes
Created: 19/11/2008 22:14
Modified: 25/01/2004 17:18
Company: www.helixcommunity.org
----------
Value: msacm.ac3acm
File: ac3acm.acm
C:\WINDOWS\system32\ac3acm.acm
118784 bytes
Created: 19/11/2008 22:14
Modified: 21/09/2007 01:52
Company: fccHandler
----------
Value: msacm.lameacm
File: lameACM.acm
C:\WINDOWS\system32\lameACM.acm
839680 bytes
Created: 19/11/2008 22:14
Modified: 24/09/2008 19:41
Company: http://www.mp3dev.org/
----------
Value: VIDC.FFDS
File: ff_vfw.dll
C:\WINDOWS\system32\ff_vfw.dll
7680 bytes
Created: 19/11/2008 22:13
Modified: 02/11/2008 15:02
Company: [no info]
----------

************************************************************
18:37:09: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper entry is blank
----------
Web Desktop Wallpaper entry is blank
----------
Checks for rogue DNS NameServers completed
----------
----------
Additional checks completed

************************************************************
18:37:10: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
50688 bytes
Created: 05/08/2004 13:00
Modified: 14/04/2008 03:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\csrss.exe
6144 bytes
Created: 05/08/2004 13:00
Modified: 14/04/2008 03:33
Company: Microsoft Corporation
--------------------
C:\WINDOWS\SYSTEM32\winlogon.exe
512000 bytes
Created: 05/08/2004 13:00
Modified: 14/04/2008 03:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\services.exe
109056 bytes
Created: 05/08/2004 13:00
Modified: 14/04/2008 03:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 05/08/2004 13:00
Modified: 14/04/2008 03:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe
14336 bytes
Created: 05/08/2004 13:00
Modified: 14/04/2008 03:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe - file already scanned
--------------------
C:\Program Files\Alwil Software\Avast4\ashServ.exe - file already scanned
--------------------
C:\WINDOWS\system32\LEXBCES.EXE - file already scanned
--------------------
C:\WINDOWS\system32\spoolsv.exe
57856 bytes
Created: 05/08/2004 13:00
Modified: 14/04/2008 03:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\LEXPPS.EXE
174592 bytes
Created: 28/02/2003 07:25
Modified: 28/02/2003 07:25
Company: Lexmark International, Inc.
--------------------
C:\Program Files\Java\jre6\bin\jqs.exe - file already scanned
--------------------
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\alg.exe
44544 bytes
Created: 05/08/2004 13:00
Modified: 14/04/2008 03:33
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\wbem\wmiapsrv.exe
126464 bytes
Created: 29/05/2006 21:59
Modified: 14/04/2008 03:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe - file already scanned
--------------------
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - file already scanned
--------------------
C:\WINDOWS\system32\igfxtray.exe - file already scanned
--------------------
C:\WINDOWS\system32\hkcmd.exe - file already scanned
--------------------
C:\Program Files\iTunes\iTunesHelper.exe - file already scanned
--------------------
C:\Program Files\QuickTime\qttask.exe - file already scanned
--------------------
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe - file already scanned
--------------------
C:\Program Files\Java\jre6\bin\jusched.exe - file already scanned
--------------------
C:\WINDOWS\system32\LVCOMSX.EXE - file already scanned
--------------------
C:\Program Files\Logitech\Video\LogiTray.exe - file already scanned
--------------------
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe - file already scanned
--------------------
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe - file already scanned
--------------------
C:\Program Files\Real\RealPlayer\RealPlay.exe - file already scanned
--------------------
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe - file already scanned
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\Program Files\Messenger\msmsgs.exe - file already scanned
--------------------
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe - file already scanned
--------------------
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe - file already scanned
--------------------
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - file already scanned
--------------------
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe - file already scanned
--------------------
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
49152 bytes
Created: 04/03/2003 14:04
Modified: 04/03/2003 14:04
Company: Lexmark International, Inc.
--------------------
C:\Program Files\iPod\bin\iPodService.exe - file already scanned
--------------------
C:\Program Files\Logitech\Video\FxSvr2.exe
192512 bytes
Created: 25/06/2006 17:25
Modified: 08/06/2005 13:44
Company: Logitech Inc.
--------------------
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
12037688 bytes
Created: 06/08/2003 20:24
Modified: 06/08/2003 20:24
Company: Microsoft Corporation
--------------------
C:\Program Files\Microsoft Works\WkDStore.exe
90112 bytes
Created: 23/06/2004 16:16
Modified: 23/06/2004 16:16
Company: Microsoft® Corporation
--------------------
C:\Program Files\Internet Explorer\iexplore.exe
634024 bytes
Created: 29/05/2006 22:01
Modified: 19/12/2008 06:25
Company: Microsoft Corporation
--------------------
C:\Program Files\Internet Explorer\iexplore.exe - file already scanned
--------------------
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
115024 bytes
Created: 31/08/2006 19:33
Modified: 31/08/2006 19:33
Company: Microsoft Corporation
--------------------
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe - file already scanned
--------------------
C:\Documents and Settings\Rym\Application Data\Simply Super Software\Trojan Remover\aye10.exe
FileSize: 3048312
[This is a Trojan Remover component]
--------------------

************************************************************
18:37:15: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://fr.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 18:37:15 15 mars 2009
Total Scan time: 00:00:27
************************************************************

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.6.2566. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 18:11:37 15 mars 2009
Using Database v7301
Operating System: Windows XP Home Edition (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Rym\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Rym\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
The following Anti-Malware program(s) are loaded:
Avast! Antivirus

************************************************************

************************************************************
18:11:37: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
18:11:38: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037824 bytes
Created: 05/08/2004 13:00
Modified: 14/04/2008 03:34
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created: 05/08/2004 13:00
Modified: 14/04/2008 03:34
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 05/08/2004 13:00
Modified: 14/04/2008 03:34
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: IMJPMIG8.1
Value Data: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
208952 bytes
Created: 29/05/2006 23:54
Modified: 05/08/2004 13:00
Company: Microsoft Corporation
--------------------
Value Name: PHIME2002ASync
Value Data: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
455168 bytes
Created: 29/05/2006 23:54
Modified: 05/08/2004 13:00
Company: Microsoft Corporation
--------------------
Value Name: PHIME2002A
Value Data: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
455168 bytes
Created: 29/05/2006 23:54
Modified: 05/08/2004 13:00
Company: Microsoft Corporation
--------------------
Value Name: SynTPLpr
Value Data: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
98394 bytes
Created: 29/05/2006 22:26
Modified: 05/10/2004 17:25
Company: Synaptics, Inc.
--------------------
Value Name: SynTPEnh
Value Data: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
688218 bytes
Created: 29/05/2006 22:26
Modified: 05/10/2004 17:24
Company: Synaptics, Inc.
--------------------
Value Name: IgfxTray
Value Data: C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe
155648 bytes
Created: 29/05/2006 22:27
Modified: 17/06/2004 21:48
Company: Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe
118784 bytes

Réponse 39 / 94

Ross-D Messages postés 82 Statut Membre 2

Created: 29/05/2006 22:27
Modified: 17/06/2004 21:43
Company: Intel Corporation
--------------------
Value Name: Cpqset
Value Data: C:\Program Files\HPQ\Default Settings\cpqset.exe
C:\Program Files\HPQ\Default Settings\cpqset.exe
229438 bytes
Created: 29/05/2006 22:33
Modified: 13/10/2004 16:34
Company: [no info]
--------------------
Value Name: iTunesHelper
Value Data: C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iTunes\iTunesHelper.exe
286720 bytes
Created: 08/06/2004 12:31
Modified: 08/06/2004 12:31
Company: Apple Computer, Inc.
--------------------
Value Name: QuickTime Task
Value Data: "C:\Program Files\QuickTime\qttask.exe" -atboottime
C:\Program Files\QuickTime\qttask.exe
98304 bytes
Created: 29/05/2006 22:36
Modified: 29/05/2006 22:36
Company: Apple Computer, Inc.
--------------------
Value Name: eabconfg.cpl
Value Data: C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
290816 bytes
Created: 29/05/2006 22:40
Modified: 17/09/2004 15:19
Company: Hewlett-Packard
--------------------
Value Name: UpdateManager
Value Data: "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
110592 bytes
Created: 19/08/2003 00:01
Modified: 19/08/2003 00:01
Company: Sonic Solutions
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre6\bin\jusched.exe"
C:\Program Files\Java\jre6\bin\jusched.exe
136600 bytes
Created: 03/12/2008 07:22
Modified: 03/12/2008 07:22
Company: Sun Microsystems, Inc.
--------------------
Value Name: LVCOMSX
Value Data: C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
221184 bytes
Created: 19/07/2005 16:32
Modified: 19/07/2005 16:32
Company: Logitech Inc.
--------------------
Value Name: LogitechVideoRepair
Value Data: C:\Program Files\Logitech\Video\ISStart.exe
C:\Program Files\Logitech\Video\ISStart.exe
458752 bytes
Created: 25/06/2006 17:25
Modified: 08/06/2005 14:24
Company: Logitech Inc.
--------------------
Value Name: LogitechVideoTray
Value Data: C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Logitech\Video\LogiTray.exe
217088 bytes
Created: 25/06/2006 17:25
Modified: 08/06/2005 14:14
Company: Logitech Inc.
--------------------
Value Name: Lexmark X5100 Series
Value Data: "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
86099 bytes
Created: 04/03/2003 13:52
Modified: 04/03/2003 13:52
Company: Lexmark International, Inc.
--------------------
Value Name: avast!
Value Data: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
81000 bytes
Created: 15/12/2006 13:47
Modified: 05/02/2009 22:08
Company: ALWIL Software
--------------------
Value Name: RealTray
Value Data: C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
C:\Program Files\Real\RealPlayer\RealPlay.exe
26112 bytes
Created: 05/12/2006 22:49
Modified: 05/12/2006 22:49
Company: RealNetworks, Inc.
--------------------
Value Name: Adobe Photo Downloader
Value Data: "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
63712 bytes
Created: 16/03/2007 10:45
Modified: 16/03/2007 10:45
Company: Adobe Systems Incorporated
--------------------
Value Name: Adobe Reader Speed Launcher
Value Data: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
39792 bytes
Created: 11/01/2008 22:16
Modified: 11/01/2008 22:16
Company: Adobe Systems Incorporated
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1303432 bytes
Created: 15/03/2009 17:48
Modified: 15/03/2009 18:10
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: LDM
Value Data: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
67128 bytes
Created: 13/03/2007 10:15
Modified: 13/03/2007 10:15
Company: Logitech Inc.
--------------------
Value Name: LogitechSoftwareUpdate
Value Data: "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
C:\Program Files\Logitech\Video\ManifestEngine.exe
196608 bytes
Created: 25/06/2006 17:25
Modified: 08/06/2005 13:44
Company: Logitech Inc.
--------------------
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 05/08/2004 13:00
Modified: 14/04/2008 03:33
Company: Microsoft Corporation
--------------------
Value Name: MSMSGS
Value Data: "C:\Program Files\Messenger\msmsgs.exe" /background
C:\Program Files\Messenger\msmsgs.exe
1695232 bytes
Created: 29/05/2006 22:00
Modified: 14/04/2008 03:34
Company: Microsoft Corporation
--------------------
Value Name: swg
Value Data: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
68856 bytes
Created: 28/07/2007 21:30
Modified: 28/07/2007 21:30
Company: Google Inc.
--------------------
Value Name: ccleaner
Value Data: "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
C:\Program Files\CCleaner\ccleaner.exe
603016 bytes
Created: 06/03/2007 12:51
Modified: 06/03/2007 12:51
Company: Piriform Ltd
--------------------
Value Name: SUPERAntiSpyware
Value Data: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
1830128 bytes
Created: 17/02/2009 11:43
Modified: 17/02/2009 11:43
Company: SUPERAntiSpyware.com
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty

************************************************************
18:11:45: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}
File: C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
77824 bytes
Created: 13/05/2008 09:13
Modified: 13/05/2008 09:13
Company: SuperAdBlocker.com
----------

************************************************************
18:11:46: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
18:11:46: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
18:11:46: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
C:\WINDOWS\INF\wmp11.inf
2441 bytes
Created: 03/11/2006 10:03
Modified: 03/11/2006 10:03
Company: [no info]
----------

************************************************************
18:11:47: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
--------------------
Key: BITS
Path: %systemroot%\system32\qmgr.dll
C:\WINDOWS\system32\qmgr.dll
409088 bytes
Created: 29/05/2006 22:02
Modified: 14/04/2008 03:33
Company: Microsoft Corporation
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------

************************************************************
18:11:49: Scanning ----- SERVICES REGISTRY KEYS -----
Key: aspnet_state
ImagePath: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
32768 bytes
Created: 15/07/2004 00:49
Modified: 15/07/2004 00:49
Company: Microsoft Corporation
----------
Key: aswFsBlk
ImagePath: system32\DRIVERS\aswFsBlk.sys
C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
20560 bytes
Created: 30/03/2008 21:01
Modified: 05/02/2009 22:07
Company: ALWIL Software
----------
Key: aswUpdSv
ImagePath: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
18752 bytes
Created: 15/12/2006 13:47
Modified: 05/02/2009 22:01
Company: ALWIL Software
----------
Key: avast! Antivirus
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
C:\Program Files\Alwil Software\Avast4\ashServ.exe
138680 bytes
Created: 15/12/2006 13:47
Modified: 05/02/2009 22:08
Company: ALWIL Software
----------
Key: avast! Mail Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
254040 bytes
Created: 15/12/2006 13:47
Modified: 05/02/2009 22:08
Company: ALWIL Software
----------
Key: avast! Web Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
352920 bytes
Created: 15/12/2006 13:47
Modified: 05/02/2009 22:06
Company: ALWIL Software
----------
Key: CAMCAUD
ImagePath: system32\drivers\camcaud.sys
C:\WINDOWS\system32\drivers\camcaud.sys
-R- 292864 bytes
Created: 29/05/2006 22:17
Modified: 14/10/2004 15:52
Company: Conexant Systems Inc.
----------
Key: CAMCHALA
ImagePath: system32\drivers\camchal.sys
C:\WINDOWS\system32\drivers\camchal.sys
-R- 276480 bytes
Created: 29/05/2006 22:17
Modified: 14/10/2004 15:53
Company: Conexant Systems Inc.
----------
Key: catchme
ImagePath: \??\C:\ComboFix\catchme.sys - this file is globally excluded
----------
Key: ComFiltr
ImagePath: \??\C:\WINDOWS\system32\DRIVERS\COMFiltr.sys
C:\WINDOWS\system32\DRIVERS\COMFiltr.sys - [file not found to scan]
----------
Key: eabfiltr
ImagePath: \??\C:\WINDOWS\system32\drivers\EABFiltr.sys
C:\WINDOWS\system32\drivers\EABFiltr.sys
7432 bytes
Created: 29/05/2006 22:40
Modified: 14/04/2004 07:36
Company: Hewlett-Packard Company
----------
Key: eabusb
ImagePath: \??\C:\WINDOWS\system32\drivers\eabusb.sys
C:\WINDOWS\system32\drivers\eabusb.sys
5220 bytes
Created: 29/05/2006 22:40
Modified: 06/06/2003 11:46
Company: Hewlett-Packard Company
----------
Key: gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
137200 bytes
Created: 27/01/2007 15:16
Modified: 18/02/2009 02:56
Company: Google
----------
Key: hpqwmi
ImagePath: C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
98304 bytes
Created: 29/05/2006 22:40
Modified: 27/07/2004 14:25
Company: Hewlett-Packard Development Company, L.P.
----------
Key: HPZid412
ImagePath: system32\DRIVERS\HPZid412.sys
C:\WINDOWS\system32\DRIVERS\HPZid412.sys
-R- 51120 bytes
Created: 09/11/2007 12:56
Modified: 08/03/2005 05:43
Company: HP
----------
Key: HPZipr12
ImagePath: system32\DRIVERS\HPZipr12.sys
C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
-R- 16496 bytes
Created: 09/11/2007 12:56
Modified: 08/03/2005 05:43
Company: HP
----------
Key: HPZius12
ImagePath: system32\DRIVERS\HPZius12.sys
C:\WINDOWS\system32\DRIVERS\HPZius12.sys
-R- 21744 bytes
Created: 09/11/2007 12:55
Modified: 08/03/2005 05:43
Company: HP
----------
Key: HSFHWICH
ImagePath: system32\DRIVERS\HSFHWICH.sys
C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
200064 bytes
Created: 29/05/2006 22:19
Modified: 10/06/2004 16:00
Company: Conexant Systems, Inc.
----------
Key: ialm
ImagePath: system32\DRIVERS\ialmnt5.sys
C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
708989 bytes
Created: 29/05/2006 22:27
Modified: 17/06/2004 22:12
Company: Intel Corporation
----------
Key: ICDSPTSV
ImagePath: C:\WINDOWS\system32\IcdSptSv.exe
C:\WINDOWS\system32\IcdSptSv.exe - [file not found to scan]
----------
Key: ICDUSB2
ImagePath: System32\Drivers\ICDUSB2.sys
C:\WINDOWS\System32\Drivers\ICDUSB2.sys
39048 bytes
Created: 29/02/2008 16:45
Modified: 28/11/2002 21:23
Company: Sony Corporation
----------
Key: IDriverT
ImagePath: "C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
69632 bytes
Created: 14/11/2005 01:06
Modified: 14/11/2005 01:06
Company: Macrovision Corporation
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150528 bytes
Created: 05/08/2004 13:00
Modified: 14/04/2008 03:34
Company: Microsoft Corporation
----------
Key: iPodService
ImagePath: C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iPod\bin\iPodService.exe
401408 bytes
Created: 08/06/2004 12:31
Modified: 08/06/2004 12:31
Company: Apple Computer, Inc.
----------
Key: JavaQuickStarterService
ImagePath: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
C:\Program Files\Java\jre6\bin\jqs.exe
152984 bytes
Created: 03/12/2008 07:22
Modified: 03/12/2008 07:22
Company: Sun Microsystems, Inc.
----------
Key: LexBceS
ImagePath: C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXBCES.EXE
303104 bytes
Created: 28/02/2003 07:28
Modified: 28/02/2003 07:28
Company: Lexmark International, Inc.
----------
Key: LVUSBSta
ImagePath: system32\drivers\lvusbsta.sys
C:\WINDOWS\system32\drivers\lvusbsta.sys
-R- 22016 bytes
Created: 25/06/2006 17:30
Modified: 27/05/2005 10:31
Company: Logitech Inc.
----------
Key: MDM
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
322120 bytes
Created: 19/06/2003 22:25
Modified: 19/06/2003 22:25
Company: Microsoft Corporation
----------
Key: MRENDIS5
ImagePath: \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
18003 bytes
Created: 02/11/2006 11:51
Modified: 22/11/2004 16:36
Company: Motive, Inc.
----------
Key: ose
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
89136 bytes
Created: 28/07/2003 19:28
Modified: 28/07/2003 19:28
Company: Microsoft Corporation
----------
Key: PCAMPR5
ImagePath: \??\C:\WINDOWS\system32\PCAMPR5.SYS
C:\WINDOWS\system32\PCAMPR5.SYS - [file not found to scan]

Réponse 40 / 94

Ross-D Messages postés 82 Statut Membre 2

----------
Key: PCANDIS5
ImagePath: \??\C:\WINDOWS\system32\PCANDIS5.SYS
C:\WINDOWS\system32\PCANDIS5.SYS
17162 bytes
Created: 02/11/2006 11:52
Modified: 22/10/2003 09:54
Company: Printing Communications Assoc., Inc. (PCAUSA)
----------
Key: QCMerced
ImagePath: system32\DRIVERS\LVCM.sys
C:\WINDOWS\system32\DRIVERS\LVCM.sys
-R- 1317152 bytes
Created: 25/06/2006 17:30
Modified: 27/05/2005 10:32
Company: Logitech Inc.
----------
Key: RTL8023xp
ImagePath: system32\DRIVERS\Rtlnicxp.sys
C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
69760 bytes
Created: 29/05/2006 22:23
Modified: 28/06/2004 11:35
Company: Realtek Semiconductor Corporation
----------
Key: SASDIFSV
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
8944 bytes
Created: 17/02/2009 11:43
Modified: 17/02/2009 11:43
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
----------
Key: SASENUM
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
-R- 7408 bytes
Created: 17/02/2009 11:43
Modified: 17/02/2009 11:43
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
----------
Key: SASKUTIL
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
55024 bytes
Created: 17/02/2009 11:43
Modified: 17/02/2009 11:43
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
----------
Key: SONYPVU1
ImagePath: system32\DRIVERS\SONYPVU1.SYS
C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
7552 bytes
Created: 19/03/2007 09:58
Modified: 17/08/2001 21:56
Company: Sony Corporation
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{61DB4C25-3D8F-4968-A554-BDF56D22E8D0}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 05/08/2004 13:00
Modified: 14/04/2008 03:34
Company: Microsoft Corporation
----------
Key: SynTP
ImagePath: system32\DRIVERS\SynTP.sys
C:\WINDOWS\system32\DRIVERS\SynTP.sys
185824 bytes
Created: 29/05/2006 22:26
Modified: 05/10/2004 17:17
Company: Synaptics, Inc.
----------
Key: tifm21
ImagePath: system32\drivers\tifm21.sys
C:\WINDOWS\system32\drivers\tifm21.sys
85504 bytes
Created: 08/11/2004 23:06
Modified: 08/11/2004 23:06
Company: Texas Instruments
----------
Key: usnjsvc
ImagePath: "C:\Program Files\MSN Messenger\usnsvc.exe"
C:\Program Files\MSN Messenger\usnsvc.exe
97136 bytes
Created: 19/01/2007 11:54
Modified: 19/01/2007 11:54
Company: Microsoft Corporation
----------
Key: w29n51
ImagePath: system32\DRIVERS\w29n51.sys
C:\WINDOWS\system32\DRIVERS\w29n51.sys
-R- 3210496 bytes
Created: 29/05/2006 22:29
Modified: 20/09/2004 09:41
Company: Intel® Corporation
----------
Key: wanatw
ImagePath: system32\DRIVERS\wanatw4.sys
C:\WINDOWS\system32\DRIVERS\wanatw4.sys - [file not found to scan]
----------

************************************************************
18:11:59: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:
C:\WINDOWS\system32\JAVASUP.VXD
7315 bytes
Created: 02/11/2006 11:47
Modified: 28/02/2003 16:54
Company: [no info]
VxD Key = JAVASUP
----------
----------

************************************************************
18:11:59: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : !SASWinLogon
DLLName: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
356352 bytes
Created: 22/12/2008 11:05
Modified: 22/12/2008 11:05
Company: SUPERAntiSpyware.com
----------
Key : igfxcui
DLLName: igfxsrvc.dll
C:\WINDOWS\system32\igfxsrvc.dll
344064 bytes
Created: 29/05/2006 22:27
Modified: 17/06/2004 21:43
Company: Intel Corporation
----------

************************************************************
18:12:00: Scanning ----- CONTEXTMENUHANDLERS -----
Key: avast
CLSID: {472083B0-C522-11CF-8763-00608CC02F24}
Path: C:\Program Files\Alwil Software\Avast4\ashShell.dll
C:\Program Files\Alwil Software\Avast4\ashShell.dll
76880 bytes
Created: 15/12/2006 13:47
Modified: 05/02/2009 22:04
Company: ALWIL Software
----------
Key: ShellExtension
CLSID: [empty]
----------
Key: {CA8ACAFA-5FBB-467B-B348-90DD488DE003}
Path: C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
61440 bytes
Created: 27/02/2007 11:39
Modified: 27/02/2007 11:39
Company: SUPERAntiSpyware.com
----------

************************************************************
18:12:00: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
372736 bytes
Created: 10/05/2007 22:54
Modified: 10/05/2007 22:54
Company: Adobe Systems, Inc.
----------

************************************************************
18:12:00: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {02478D38-C3F9-4EFB-9B51-7695ECA05670}
BHO: C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
440384 bytes
Created: 06/05/2007 08:05
Modified: 26/10/2006 09:28
Company: Yahoo! Inc.
----------
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
62080 bytes
Created: 22/10/2006 22:08
Modified: 22/10/2006 23:08
Company: Adobe Systems Incorporated
----------
Key: {22BF413B-C6D2-4d91-82A9-A0F997BA588C}
BHO: C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
1312040 bytes
Created: 13/09/2007 12:31
Modified: 13/09/2007 12:31
Company: Skype Technologies S.A.
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre6\bin\ssv.dll
C:\Program Files\Java\jre6\bin\ssv.dll
320920 bytes
Created: 03/12/2008 07:22
Modified: 03/12/2008 07:22
Company: Sun Microsystems, Inc.
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
322368 bytes
Created: 31/08/2006 19:33
Modified: 31/08/2006 19:33
Company: Microsoft Corporation
----------
Key: {AA58ED58-01DD-4d91-8333-CF10577473F7}
BHO: C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
251504 bytes
Created: 18/02/2009 02:56
Modified: 18/02/2009 00:02
Company: [no info]
----------
Key: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
BHO: C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
657904 bytes
Created: 18/02/2009 02:56
Modified: 18/02/2009 02:56
Company: Google Inc.
----------
Key: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
BHO: C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
282624 bytes
Created: 30/05/2006 13:58
Modified: 17/01/2006 15:04
Company: Microsoft Corporation
----------
Key: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E}
BHO: C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
522224 bytes
Created: 18/02/2009 00:02
Modified: 18/02/2009 00:02
Company: Google Inc.
----------
Key: {DBC80044-A445-435b-BC74-9C25C1C588A9}
BHO: C:\Program Files\Java\jre6\bin\jp2ssv.dll
C:\Program Files\Java\jre6\bin\jp2ssv.dll
34816 bytes
Created: 03/12/2008 07:22
Modified: 03/12/2008 07:22
Company: Sun Microsystems, Inc.
----------
Key: {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
BHO: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
73728 bytes
Created: 03/12/2008 07:22
Modified: 03/12/2008 07:22
Company: Sun Microsystems, Inc.
----------

************************************************************
18:12:03: Scanning ----- SHELLSERVICEOBJECTS -----
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
122368 bytes
Created: 05/08/2004 13:00
Modified: 14/04/2008 03:33
Company: Microsoft Corporation
----------

************************************************************
18:12:03: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
18:12:03: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
18:12:03: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist

************************************************************
18:12:04: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
18:12:04: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 29/05/2006 23:52
Modified: 29/05/2006 22:05
Company: [no info]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini - no action taken on this file
--------------------
HP Digital Imaging Monitor.lnk - links to C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
282624 bytes
Created: 11/05/2005 23:23
Modified: 11/05/2005 23:23
Company: Hewlett-Packard Co.
--------------------
Logitech Desktop Messenger.lnk - links to C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
67128 bytes
Created: 13/03/2007 10:15
Modified: 13/03/2007 10:15
Company: Logitech Inc.
--------------------

************************************************************
No User Startup Groups were located to check

************************************************************
18:12:05: Scanning ----- SCHEDULED TASKS -----
Taskname: Symantec NetDetect.job
File: C:\Program Files\Symantec\LiveUpdate\NDetect.exe
Parameters: [blank]
Next Run Time: 15/03/2009 18:16:00
Status: La tâche n'a pas encore été exécutée
Creator: SYSTEM
Comments: Symantec NetDetect
C:\Program Files\Symantec\LiveUpdate\NDetect.exe - [file not found to scan]
----------

************************************************************
18:12:05: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
18:12:05: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: VIDC.I420
File: lvcodec2.dll
C:\WINDOWS\system32\lvcodec2.dll
-R- 204800 bytes
Created: 25/06/2006 17:30
Modified: 27/05/2005 10:26
Company: Logitech Inc.
----------
Value: msacm.siren
File: sirenacm.dll
C:\WINDOWS\system32\sirenacm.dll
51056 bytes
Created: 19/01/2007 11:53
Modified: 19/01/2007 11:53
Company: Microsoft Corp.
----------
Value: VIDC.DIVX
File: divx.dll
C:\WINDOWS\system32\divx.dll
684032 bytes
Created: 19/11/2008 22:14
Modified: 28/10/2008 23:35
Company: DivX, Inc.
----------
Value: VIDC.YV12
File: yv12vfw.dll
C:\WINDOWS\system32\yv12vfw.dll
217088 bytes
Created: 19/11/2008 22:14
Modified: 25/01/2004 17:18
Company: www.helixcommunity.org
----------
Value: msacm.ac3acm
File: ac3acm.acm
C:\WINDOWS\system32\ac3acm.acm
118784 bytes
Created: 19/11/2008 22:14
Modified: 21/09/2007 01:52
Company: fccHandler
----------
Value: msacm.lameacm
File: lameACM.acm
C:\WINDOWS\system32\lameACM.acm
839680 bytes
Created: 19/11/2008 22:14
Modified: 24/09/2008 19:41
Company: http://www.mp3dev.org/
----------
Value: VIDC.FFDS
File: ff_vfw.dll
C:\WINDOWS\system32\ff_vfw.dll
7680 bytes
Created: 19/11/2008 22:13
Modified: 02/11/2008 15:02
Company: [no info]
----------

************************************************************
18:12:08: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper entry is blank
----------
Web Desktop Wallpaper entry is blank
----------
Checks for rogue DNS NameServers completed
----------
----------
Additional checks completed

************************************************************
18:12:08: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
50688 bytes
Created: 05/08/2004 13:00
Modified: 14/04/2008 03:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\csrss.exe
6144 bytes
Created: 05/08/2004 13:00
Modified: 14/04/2008 03:33
Company: Microsoft Corporation
--------------------
C:\WINDOWS\SYSTEM32\winlogon.exe
512000 bytes
Created: 05/08/2004 13:00
Modified: 14/04/2008 03:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\services.exe
109056 bytes
Created: 05/08/2004 13:00
Modified: 14/04/2008 03:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 05/08/2004 13:00
Modified: 14/04/2008 03:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe
14336 bytes
Created: 05/08/2004 13:00
Modified: 14/04/2008 03:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe - file already scanned
--------------------
C:\Program Files\Alwil Software\Avast4\ashServ.exe - file already scanned
--------------------
C:\WINDOWS\system32\LEXBCES.EXE - file already scanned
--------------------
C:\WINDOWS\system32\spoolsv.exe
57856 bytes
Created: 05/08/2004 13:00
Modified: 14/04/2008 03:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\LEXPPS.EXE
174592 bytes
Created: 28/02/2003 07:25
Modified: 28/02/2003 07:25
Company: Lexmark International, Inc.
--------------------
C:\Program Files\Java\jre6\bin\jqs.exe - file already scanned
--------------------
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\alg.exe
44544 bytes
Created: 05/08/2004 13:00
Modified: 14/04/2008 03:33
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\wbem\wmiapsrv.exe
126464 bytes
Created: 29/05/2006 21:59
Modified: 14/04/2008 03:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe - file already scanned
--------------------
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - file already scanned
--------------------
C:\WINDOWS\system32\igfxtray.exe - file already scanned
--------------------
C:\WINDOWS\system32\hkcmd.exe - file already scanned
--------------------
C:\Program Files\iTunes\iTunesHelper.exe - file already scanned
--------------------
C:\Program Files\QuickTime\qttask.exe - file already scanned
--------------------
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe - file already scanned
--------------------
C:\Program Files\Java\jre6\bin\jusched.exe - file already scanned
--------------------
C:\WINDOWS\system32\LVCOMSX.EXE - file already scanned
--------------------
C:\Program Files\Logitech\Video\LogiTray.exe - file already scanned
--------------------
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe - file already scanned
--------------------
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe - file already scanned
--------------------
C:\Program Files\Real\RealPlayer\RealPlay.exe - file already scanned
--------------------
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe - file already scanned
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\Program Files\Messenger\msmsgs.exe - file already scanned
--------------------
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe - file already scanned
--------------------
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe - file already scanned
--------------------
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - file already scanned
--------------------
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe - file already scanned
--------------------
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
49152 bytes
Created: 04/03/2003 14:04
Modified: 04/03/2003 14:04
Company: Lexmark International, Inc.
--------------------
C:\Program Files\iPod\bin\iPodService.exe - file already scanned
--------------------
C:\Program Files\Logitech\Video\FxSvr2.exe
192512 bytes
Created: 25/06/2006 17:25
Modified: 08/06/2005 13:44
Company: Logitech Inc.
--------------------
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
12037688 bytes
Created: 06/08/2003 20:24
Modified: 06/08/2003 20:24
Company: Microsoft Corporation
--------------------
C:\Program Files\Microsoft Works\WkDStore.exe
90112 bytes
Created: 23/06/2004 16:16
Modified: 23/06/2004 16:16
Company: Microsoft® Corporation
--------------------
C:\Program Files\Internet Explorer\iexplore.exe
634024 bytes
Created: 29/05/2006 22:01
Modified: 19/12/2008 06:25
Company: Microsoft Corporation
--------------------
C:\Documents and Settings\Rym\Application Data\Simply Super Software\Trojan Remover\mtgE.exe
FileSize: 3048312
[This is a Trojan Remover component]
--------------------

************************************************************
18:12:13: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://fr.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 18:12:13 15 mars 2009
Total Scan time: 00:00:36
************************************************************

Et le rapport Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 18:39, on 15/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Rym\Application Data\Simply Super Software\Trojan Remover\aye10.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\DOCUME~1\Rym\LOCALS~1\Temp\Répertoire temporaire 4 pour hijackthis_199.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Unknown owner - C:\WINDOWS\system32\IcdSptSv.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

Merci pour tes efforts et pour de ton aide .

Discussions similaires

Analyse des logs hijackthis

Demande d'aide pour un Log Hijackthis

spywar

Processus et démarrage

Analyse logs hijackthis

Aide pour Interpretation hijackthis

94 réponses

Votre réponse

Discussions similaires

Newsletters