Problème UC...services.exe
Utilisateur anonyme
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonsoir,
Depuis peu mon UC s'affole et varie enormement! en faisant quelques recherches je me suis rendu compte que c'était services.exe qui prenait de temps en temps 50% du processeur -_-
J'ai vu sur google que bcp de gens avaient ce soucis mais que cela concernait à chaque fois un programme différent...
DOnc jme suis dit autant poster et peut être quelqu'un pourra m'aider =)
Voila mon scan Hijackthis!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:28:37, on 19/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Retrospect\Retrospect Express HD 2.5\retrorun.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\OLITEC\Common\RaUI.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Moniteur reseau 802.11g MIMO OLITEC.lnk = C:\Program Files\OLITEC\Common\RaUI.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c9894e66121dcc) (gupdate1c9894e66121dcc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect Express HD 2.5\retrorun.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
Depuis peu mon UC s'affole et varie enormement! en faisant quelques recherches je me suis rendu compte que c'était services.exe qui prenait de temps en temps 50% du processeur -_-
J'ai vu sur google que bcp de gens avaient ce soucis mais que cela concernait à chaque fois un programme différent...
DOnc jme suis dit autant poster et peut être quelqu'un pourra m'aider =)
Voila mon scan Hijackthis!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:28:37, on 19/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Retrospect\Retrospect Express HD 2.5\retrorun.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\OLITEC\Common\RaUI.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Moniteur reseau 802.11g MIMO OLITEC.lnk = C:\Program Files\OLITEC\Common\RaUI.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c9894e66121dcc) (gupdate1c9894e66121dcc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect Express HD 2.5\retrorun.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
A voir également:
- Problème UC...services.exe
- Uc browser - Télécharger - Navigateurs
- C:\windows\system32\services.exe ✓ - Forum Virus
- Utilisation importante de uc - Forum Matériel & Système
- Uc ordinateur - Forum Windows
- Uc informatique ✓ - Forum Windows
47 réponses
Aucun problème! exemple simple, je joue à WoW de tps en tps...tranquille depuis longtemps ça ne ramais jamais, je pouvais jouer de facon fluide sans soucis! la depuis quelque temps que je retente de jouer, mon perso s'arrête périodiquement, sa fait une sorte de mini freeze d'une seconde ou 2...mais périodiquement donc en gros tout le tps...
quand je fait ctrl.alt.suppr, la courbe d'UC à des pics d'augmentations énorme alors que je ne fait absolument rien sur mon ordi...
Avec la manip que tu ma dis de faire en mode sans echec, ça avait réparer le problème donc j'avais fermer l'ordi, le lendemain je le réouvre...Et la, jvois que ça s'est remis...alors j'ai retenter la même manip sans vraiment de résultats...depuis j'ai des coups de lag fréquent, par exemple aussi quand je tape ce message, je vois la barre s'arrêter tout les 3-4 mots...-_- et c'est assez embêtant...
quand je fait ctrl.alt.suppr, la courbe d'UC à des pics d'augmentations énorme alors que je ne fait absolument rien sur mon ordi...
Avec la manip que tu ma dis de faire en mode sans echec, ça avait réparer le problème donc j'avais fermer l'ordi, le lendemain je le réouvre...Et la, jvois que ça s'est remis...alors j'ai retenter la même manip sans vraiment de résultats...depuis j'ai des coups de lag fréquent, par exemple aussi quand je tape ce message, je vois la barre s'arrêter tout les 3-4 mots...-_- et c'est assez embêtant...
voila
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:42:33, on 28/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Retrospect\Retrospect Express HD 2.5\retrorun.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\OLITEC\Common\RaUI.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Moniteur reseau 802.11g MIMO OLITEC.lnk = C:\Program Files\OLITEC\Common\RaUI.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c9894e66121dcc) (gupdate1c9894e66121dcc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect Express HD 2.5\retrorun.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:42:33, on 28/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Retrospect\Retrospect Express HD 2.5\retrorun.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\OLITEC\Common\RaUI.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Moniteur reseau 802.11g MIMO OLITEC.lnk = C:\Program Files\OLITEC\Common\RaUI.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c9894e66121dcc) (gupdate1c9894e66121dcc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect Express HD 2.5\retrorun.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ToolbarSD : recherche
▶ Télécharge Toolbar-S&D (de Team IDN) sur ton Bureau
▶ Lance l'installation du programme en exécutant le fichier téléchargé.
▶ Sous XP : Double-clique sur le raccourci de Toolbar-S&D.
▶ Sous Vista : Fais un clic droit sur ToolbarSD et sélectionne "Exécuter en tant qu'administrateur".
▶ Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
▶ Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
▶ Poste le rapport généré. (C:\TB.txt)
▶ Télécharge Toolbar-S&D (de Team IDN) sur ton Bureau
▶ Lance l'installation du programme en exécutant le fichier téléchargé.
▶ Sous XP : Double-clique sur le raccourci de Toolbar-S&D.
▶ Sous Vista : Fais un clic droit sur ToolbarSD et sélectionne "Exécuter en tant qu'administrateur".
▶ Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
▶ Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
▶ Poste le rapport généré. (C:\TB.txt)
Pas de soucis tkt, jme suis dit que je devais pas être le seul à avoir des soucis et qu'un ptit UP te permettrais surement de retrouver mon post^^
Voici le bilan;)
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz )
BIOS : Award Modular BIOS v6.00PG
USER : user ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090405-0] 4.8.1335 (Activated)
Firewall : ZoneAlarm Firewall 7.0.483.000 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:145 Go (Free:83 Go)
D:\ (Local Disk) - NTFS - Total:97 Go (Free:13 Go)
E:\ (Local Disk) - NTFS - Total:48 Go (Free:6 Go)
F:\ (Local Disk) - NTFS - Total:319 Go (Free:15 Go)
G:\ (USB)
H:\ (CD or DVD)
I:\ (CD or DVD)
J:\ (USB)
K:\ (USB)
L:\ (USB)
M:\ (CD or DVD)
N:\ (CD or DVD)
O:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 05/04/2009|15:48 )
-----------\\ Recherche de Fichiers / Dossiers ...
C:\Program Files\AskBarDis
C:\Program Files\AskBarDis\bar
C:\Program Files\AskBarDis\unins000.dat
C:\Program Files\AskBarDis\unins000.exe
C:\Program Files\AskBarDis\bar\bin
C:\Program Files\AskBarDis\bar\Settings
C:\Program Files\AskBarDis\bar\bin\askBar.dll
C:\Program Files\AskBarDis\bar\bin\askPopStp.dll
C:\Program Files\AskBarDis\bar\bin\psvince.dll
C:\Program Files\AskBarDis\bar\Settings\config.dat
C:\Program Files\AskBarDis\bar\Settings\config.dat.bak
C:\Program Files\AskBarDis\bar\Settings\prevCfg2.htm
C:\DOCUME~1\user\LOCALS~1\Temp\nsnDDF3.tmp
-----------\\ Extensions
(user) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(user) - {b66bc4c3-6d25-4a10-8c59-01daa9063051} => foxgame
(user) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\user\Application Data\BitTorrent\Call of Duty 5 Crack.torrent
C:\DOCUME~1\user\Application Data\BitTorrent\Nero 9 Keygen.exe.torrent
1 - "C:\ToolBar SD\TB_1.txt" - 05/04/2009|15:49 - Option : [1]
-----------\\ Fin du rapport a 15:49:35,17
Voici le bilan;)
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz )
BIOS : Award Modular BIOS v6.00PG
USER : user ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090405-0] 4.8.1335 (Activated)
Firewall : ZoneAlarm Firewall 7.0.483.000 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:145 Go (Free:83 Go)
D:\ (Local Disk) - NTFS - Total:97 Go (Free:13 Go)
E:\ (Local Disk) - NTFS - Total:48 Go (Free:6 Go)
F:\ (Local Disk) - NTFS - Total:319 Go (Free:15 Go)
G:\ (USB)
H:\ (CD or DVD)
I:\ (CD or DVD)
J:\ (USB)
K:\ (USB)
L:\ (USB)
M:\ (CD or DVD)
N:\ (CD or DVD)
O:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 05/04/2009|15:48 )
-----------\\ Recherche de Fichiers / Dossiers ...
C:\Program Files\AskBarDis
C:\Program Files\AskBarDis\bar
C:\Program Files\AskBarDis\unins000.dat
C:\Program Files\AskBarDis\unins000.exe
C:\Program Files\AskBarDis\bar\bin
C:\Program Files\AskBarDis\bar\Settings
C:\Program Files\AskBarDis\bar\bin\askBar.dll
C:\Program Files\AskBarDis\bar\bin\askPopStp.dll
C:\Program Files\AskBarDis\bar\bin\psvince.dll
C:\Program Files\AskBarDis\bar\Settings\config.dat
C:\Program Files\AskBarDis\bar\Settings\config.dat.bak
C:\Program Files\AskBarDis\bar\Settings\prevCfg2.htm
C:\DOCUME~1\user\LOCALS~1\Temp\nsnDDF3.tmp
-----------\\ Extensions
(user) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(user) - {b66bc4c3-6d25-4a10-8c59-01daa9063051} => foxgame
(user) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\user\Application Data\BitTorrent\Call of Duty 5 Crack.torrent
C:\DOCUME~1\user\Application Data\BitTorrent\Nero 9 Keygen.exe.torrent
1 - "C:\ToolBar SD\TB_1.txt" - 05/04/2009|15:49 - Option : [1]
-----------\\ Fin du rapport a 15:49:35,17
déjà la source de tes virus :
C:\DOCUME~1\user\Application Data\BitTorrent\Call of Duty 5 Crack.torrent
C:\DOCUME~1\user\Application Data\BitTorrent\Nero 9 Keygen.exe.torrent
a supprimer de suite :
puis :
ToolbarSD : nettoyage
▶ Relance Toolbar-S&D.
▶ Tape sur "2" puis valide en appuyant sur "Entrée".
/!\ Ne ferme pas la fenêtre lors de la suppression /!\
▶ Un rapport sera généré, poste son contenu ici.
NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.
Ce qu'il faut savoir sur les toolbars (barres d'outils)
Ensuite me faire quand même ceci :
Télécharge Trojan-Remover sur ton bureau
Lance l'installation, pour cela, regarde bien le Tuto
Ensuite poste le rapport obetenu + un nouvel hijackthis.
C:\DOCUME~1\user\Application Data\BitTorrent\Call of Duty 5 Crack.torrent
C:\DOCUME~1\user\Application Data\BitTorrent\Nero 9 Keygen.exe.torrent
a supprimer de suite :
puis :
ToolbarSD : nettoyage
▶ Relance Toolbar-S&D.
▶ Tape sur "2" puis valide en appuyant sur "Entrée".
/!\ Ne ferme pas la fenêtre lors de la suppression /!\
▶ Un rapport sera généré, poste son contenu ici.
NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.
Ce qu'il faut savoir sur les toolbars (barres d'outils)
Ensuite me faire quand même ceci :
Télécharge Trojan-Remover sur ton bureau
Lance l'installation, pour cela, regarde bien le Tuto
Ensuite poste le rapport obetenu + un nouvel hijackthis.
Bon alors dja le premier rapport, j'ai supprimé les deux fichiers que tu m'a demandé de supprimer ;)
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz )
BIOS : Award Modular BIOS v6.00PG
USER : user ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090405-0] 4.8.1335 (Activated)
Firewall : ZoneAlarm Firewall 7.0.483.000 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:145 Go (Free:84 Go)
D:\ (Local Disk) - NTFS - Total:97 Go (Free:13 Go)
E:\ (Local Disk) - NTFS - Total:48 Go (Free:6 Go)
F:\ (Local Disk) - NTFS - Total:319 Go (Free:17 Go)
G:\ (USB)
H:\ (CD or DVD)
I:\ (CD or DVD)
J:\ (USB)
K:\ (USB)
L:\ (USB)
M:\ (CD or DVD)
N:\ (CD or DVD)
O:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 05/04/2009|20:21 )
-----------\\ SUPPRESSION
Supprime! - C:\Program Files\AskBarDis\bar
Supprime! - C:\Program Files\AskBarDis\unins000.dat
Supprime! - C:\Program Files\AskBarDis\unins000.exe
Supprime! - C:\DOCUME~1\user\LOCALS~1\Temp\nsnDDF3.tmp
Supprime! - C:\Program Files\AskBarDis
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ Extensions
(user) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(user) - {b66bc4c3-6d25-4a10-8c59-01daa9063051} => foxgame
(user) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
1 - "C:\ToolBar SD\TB_1.txt" - 05/04/2009|15:49 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 05/04/2009|20:23 - Option : [2]
-----------\\ Fin du rapport a 20:23:03,06
Alors Ensuite!
RAPPORT TROJAN
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.8.2572. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 20:28:57 05 avr. 2009
Using Database v7312
Operating System: Windows XP Home Edition (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\user\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: F:\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
The following Anti-Malware program(s) are loaded:
Avast! Antivirus
************************************************************
************************************************************
20:28:58: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
20:28:59: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037824 bytes
Created: 13/04/2008 19:34
Modified: 13/04/2008 19:34
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created: 13/04/2008 19:34
Modified: 13/04/2008 19:34
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 13/04/2008 19:34
Modified: 13/04/2008 19:34
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: Alcmtr
Value Data: ALCMTR.EXE
C:\WINDOWS\ALCMTR.EXE
69632 bytes
Created: 16/10/2008 10:49
Modified: 03/05/2005 18:43
Company: Realtek Semiconductor Corp.
--------------------
Value Name: NvCplDaemon
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
C:\WINDOWS\system32\NvCpl.dll
13574144 bytes
Created: 16/10/2008 10:50
Modified: 07/10/2008 14:33
Company: NVIDIA Corporation
--------------------
Value Name: nwiz
Value Data: nwiz.exe /install
C:\WINDOWS\system32\nwiz.exe
1630208 bytes
Created: 16/10/2008 10:51
Modified: 07/10/2008 14:33
Company: NVIDIA Corporation
--------------------
Value Name: NeroFilterCheck
Value Data: C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\NeroCheck.exe
155648 bytes
Created: 16/10/2008 11:46
Modified: 12/01/2006 15:40
Company: Nero AG
--------------------
Value Name: RemoteControl
Value Data: C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
32768 bytes
Created: 16/10/2008 11:47
Modified: 31/10/2003 19:42
Company: Cyberlink Corp.
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre6\bin\jusched.exe"
C:\Program Files\Java\jre6\bin\jusched.exe
136600 bytes
Created: 08/03/2009 11:30
Modified: 08/03/2009 11:30
Company: Sun Microsystems, Inc.
--------------------
Value Name: avast!
Value Data: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
81000 bytes
Created: 16/10/2008 18:37
Modified: 05/02/2009 23:08
Company: ALWIL Software
--------------------
Value Name: ZoneAlarm Client
Value Data: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
919016 bytes
Created: 16/10/2008 18:43
Modified: 09/07/2008 09:05
Company: Zone Labs, LLC
--------------------
Value Name: Lexmark X1100 Series
Value Data: "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
57344 bytes
Created: 17/10/2008 08:43
Modified: 19/08/2003 16:48
Company: Lexmark International, Inc.
--------------------
Value Name: NvMediaCenter
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
C:\WINDOWS\system32\NvMcTray.dll
86016 bytes
Created: 16/10/2008 10:50
Modified: 07/10/2008 14:33
Company: NVIDIA Corporation
--------------------
Value Name: LVCOMSX
Value Data: C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
221184 bytes
Created: 19/07/2005 18:32
Modified: 19/07/2005 18:32
Company: Logitech Inc.
--------------------
Value Name: LogitechVideoRepair
Value Data: C:\Program Files\Logitech\Video\ISStart.exe
C:\Program Files\Logitech\Video\ISStart.exe
458752 bytes
Created: 12/11/2008 19:40
Modified: 08/06/2005 16:24
Company: Logitech Inc.
--------------------
Value Name: LogitechVideoTray
Value Data: C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Logitech\Video\LogiTray.exe
217088 bytes
Created: 12/11/2008 19:40
Modified: 08/06/2005 16:14
Company: Logitech Inc.
--------------------
Value Name: Adobe Reader Speed Launcher
Value Data: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
34672 bytes
Created: 12/06/2008 03:38
Modified: 12/06/2008 03:38
Company: Adobe Systems Incorporated
--------------------
Value Name: QuickTime Task
Value Data: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
C:\Program Files\QuickTime\QTTask.exe
413696 bytes
Created: 05/01/2009 17:18
Modified: 05/01/2009 17:18
Company: Apple Inc.
--------------------
Value Name: Logitech Hardware Abstraction Layer
Value Data: KHALMNPR.EXE
C:\WINDOWS\KHALMNPR.EXE
37888 bytes
Created: 16/10/2008 18:49
Modified: 15/09/2004 10:12
Company: Logitech Inc.
--------------------
Value Name: RTHDCPL
Value Data: RTHDCPL.EXE
C:\WINDOWS\RTHDCPL.EXE
16380416 bytes
Created: 16/10/2008 10:49
Modified: 05/07/2007 16:08
Company: Realtek Semiconductor Corp.
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1213320 bytes
Created: 05/04/2009 20:26
Modified: 05/04/2009 20:27
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 13/04/2008 19:34
Modified: 13/04/2008 19:34
Company: Microsoft Corporation
--------------------
Value Name: LogitechSoftwareUpdate
Value Data: "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
C:\Program Files\Logitech\Video\ManifestEngine.exe
196608 bytes
Created: 12/11/2008 19:40
Modified: 08/06/2005 15:44
Company: Logitech Inc.
--------------------
Value Name: BitTorrent DNA
Value Data: "C:\Program Files\DNA\btdna.exe"
C:\Program Files\DNA\btdna.exe
321344 bytes
Created: 24/03/2009 21:19
Modified: 24/03/2009 21:19
Company: BitTorrent, Inc.
--------------------
Value Name: EA Core
Value Data: C:\Program Files\Electronic Arts\EADM\Core.exe -silent
C:\Program Files\Electronic Arts\EADM\Core.exe
2752512 bytes
Created: 21/07/2008 15:07
Modified: 21/07/2008 15:07
Company: Electronic Arts
--------------------
Value Name: msnmsgr
Value Data: "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
3885408 bytes
Created: 06/02/2009 19:51
Modified: 06/02/2009 19:51
Company: Microsoft Corporation
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
************************************************************
20:29:06: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {56F9679E-7826-4C84-81F3-532071A8BCC5}
File: C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
304128 bytes
Created: 26/05/2008 22:19
Modified: 26/05/2008 22:19
Company: Microsoft Corporation
----------
ValueName: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}
File: C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
77824 bytes
Created: 13/05/2008 10:13
Modified: 13/05/2008 10:13
Company: SuperAdBlocker.com
----------
************************************************************
20:29:06: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
************************************************************
20:29:07: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\system32\sstext3d.scr
C:\WINDOWS\system32\sstext3d.scr
684032 bytes
Created: 13/04/2008 19:34
Modified: 13/04/2008 19:34
Company: Microsoft Corporation
--------------------
************************************************************
20:29:07: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
C:\WINDOWS\INF\wmp11.inf
2441 bytes
Created: 03/11/2006 10:03
Modified: 03/11/2006 10:03
Company: [no info]
----------
************************************************************
20:29:09: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
--------------------
************************************************************
20:29:11: Scanning ----- SERVICES REGISTRY KEYS -----
Key: a2free
ImagePath: "C:\Program Files\a-squared Free\a2service.exe"
C:\Program Files\a-squared Free\a2service.exe
425080 bytes
Created: 18/03/2009 20:40
Modified: 25/02/2009 20:18
Company: Emsi Software GmbH
----------
Key: ADM8511
ImagePath: system32\DRIVERS\ADM8511.SYS
C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
20160 bytes
Created: 16/10/2008 16:23
Modified: 17/08/2001 20:11
Company: ADMtek Incorporated
----------
Key: Apple Mobile Device
ImagePath: "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
132424 bytes
Created: 06/03/2009 01:04
Modified: 06/03/2009 01:04
Company: Apple Inc.
----------
Key: aswFsBlk
ImagePath: system32\DRIVERS\aswFsBlk.sys
C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
20560 bytes
Created: 16/10/2008 18:37
Modified: 05/02/2009 23:07
Company: ALWIL Software
----------
Key: aswUpdSv
ImagePath: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
18752 bytes
Created: 16/10/2008 18:37
Modified: 05/02/2009 23:01
Company: ALWIL Software
----------
Key: avast! Antivirus
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
C:\Program Files\Alwil Software\Avast4\ashServ.exe
138680 bytes
Created: 16/10/2008 18:37
Modified: 05/02/2009 23:08
Company: ALWIL Software
----------
Key: avast! Mail Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
254040 bytes
Created: 16/10/2008 18:37
Modified: 05/02/2009 23:08
Company: ALWIL Software
----------
Key: avast! Web Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
352920 bytes
Created: 16/10/2008 18:37
Modified: 05/02/2009 23:06
Company: ALWIL Software
----------
Key: Bonjour Service
ImagePath: "C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Program Files\Bonjour\mDNSResponder.exe
238888 bytes
Created: 12/12/2008 12:17
Modified: 12/12/2008 12:17
Company: Apple Inc.
----------
Key: catchme
ImagePath: \??\C:\DOCUME~1\user\LOCALS~1\Temp\catchme.sys - this file is globally excluded
----------
Key: driverhardwarev2
ImagePath: \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
15360 bytes
Created: 02/11/2008 16:31
Modified: 02/11/2008 16:31
Company: Ma-Config.com
----------
Key: ElbyCDIO
ImagePath: System32\Drivers\ElbyCDIO.sys
C:\WINDOWS\System32\Drivers\ElbyCDIO.sys
24392 bytes
Created: 21/07/2008 14:11
Modified: 21/07/2008 14:11
Company: Elaborate Bytes AG
----------
Key: getPlus(R) Helper
ImagePath: C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
33752 bytes
Created: 28/01/2009 19:48
Modified: 01/12/2008 11:59
Company: NOS Microsystems Ltd.
----------
Key: gupdate1c9894e66121dcc
ImagePath: "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc
C:\Program Files\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 07/02/2009 20:03
Modified: 07/02/2009 20:03
Company: Google Inc.
----------
Key: gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
183280 bytes
Created: 07/02/2009 20:02
Modified: 24/03/2009 08:40
Company: Google
----------
Key: IDriverT
ImagePath: "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"
C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
69632 bytes
Created: 04/04/2005 01:41
Modified: 04/04/2005 01:41
Company: Macrovision Corporation
----------
Key: JavaQuickStarterService
ImagePath: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
C:\Program Files\Java\jre6\bin\jqs.exe
152984 bytes
Created: 08/03/2009 11:30
Modified: 08/03/2009 11:30
Company: Sun Microsystems, Inc.
----------
Key: KLIF
ImagePath: system32\DRIVERS\klif.sys
C:\WINDOWS\system32\DRIVERS\klif.sys
127768 bytes
Created: 16/10/2008 18:43
Modified: 19/07/2007 15:10
Company: Kaspersky Lab
----------
Key: LexBceS
ImagePath: C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXBCES.EXE
303104 bytes
Created: 17/10/2008 08:44
Modified: 18/08/2003 16:37
Company: Lexmark International, Inc.
----------
Key: LHidKe
ImagePath: system32\DRIVERS\LHidKE.Sys
C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
24766 bytes
Created: 16/10/2008 18:49
Modified: 01/09/2004 16:55
Company: Logitech, Inc.
----------
Key: LHidUsbK
ImagePath: System32\Drivers\LHidUsbK.Sys
C:\WINDOWS\System32\Drivers\LHidUsbK.Sys
38146 bytes
Created: 16/10/2008 18:49
Modified: 01/09/2004 16:56
Company: Logitech, Inc.
----------
Key: LMouKE
ImagePath: system32\DRIVERS\LMouKE.Sys
C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
71758 bytes
Created: 16/10/2008 18:49
Modified: 01/09/2004 16:56
Company: Logitech, Inc.
----------
Key: LUsbKbd
ImagePath: System32\Drivers\LUsbKbd.Sys
C:\WINDOWS\System32\Drivers\LUsbKbd.Sys
15008 bytes
Created: 16/10/2008 18:49
Modified: 01/09/2004 16:57
Company: Logitech, Inc.
----------
Key: LVUSBSta
ImagePath: system32\drivers\lvusbsta.sys
C:\WINDOWS\system32\drivers\lvusbsta.sys
22016 bytes
Created: 12/11/2008 19:40
Modified: 27/05/2005 10:31
Company: Logitech Inc.
----------
Key: maconfservice
ImagePath: "C:\Program Files\ma-config.com\maconfservice.exe"
C:\Program Files\ma-config.com\maconfservice.exe
195752 bytes
Created: 02/11/2008 16:29
Modified: 02/11/2008 16:29
Company: CybelSoft
----------
Key: NMSAccessU
ImagePath: C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
71096 bytes
Created: 23/11/2008 22:17
Modified: 20/10/2008 22:18
Company: [no info]
----------
Key: odserv
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE
443776 bytes
Created: 24/08/2007 04:19
Modified: 24/08/2007 04:19
Company: Microsoft Corporation
----------
Key: ose
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
145184 bytes
Created: 26/10/2006 14:03
Modified: 26/10/2006 14:03
Company: Microsoft Corporation
----------
Key: pepifilter
ImagePath: system32\DRIVERS\lv302af.sys
C:\WINDOWS\system32\DRIVERS\lv302af.sys
7136 bytes
Created: 12/11/2008 19:40
Modified: 27/05/2005 10:38
Company: Logitech Inc.
----------
Key: PID_08A0
ImagePath: system32\DRIVERS\LV302AV.SYS
C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
913280 bytes
Created: 12/11/2008 19:40
Modified: 27/05/2005 10:46
Company: Logitech Inc.
----------
Key: PID_PEPI
ImagePath: system32\DRIVERS\LV302V32.SYS
C:\WINDOWS\system32\DRIVERS\LV302V32.SYS - [file not found to scan]
----------
Key: PnkBstrA
ImagePath: C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrA.exe
66872 bytes
Created: 25/10/2008 12:58
Modified: 25/10/2008 12:58
Company: [no info]
----------
Key: RetroExpLauncher
ImagePath: "C:\Program Files\Retrospect\Retrospect Express HD 2.5\retrorun.exe"
C:\Program Files\Retrospect\Retrospect Express HD 2.5\retrorun.exe
115992 bytes
Created: 07/07/2008 14:12
Modified: 07/07/2008 14:12
Company: EMC Corporation
----------
Key: RT2500
ImagePath: system32\DRIVERS\RT2500.sys
C:\WINDOWS\system32\DRIVERS\RT2500.sys
243328 bytes
Created: 17/06/2005 19:19
Modified: 20/10/2005 16:00
Company: Ralink Technology Inc.
----------
Key: SASDIFSV
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
8944 bytes
Created: 17/02/2009 12:43
Modified: 17/02/2009 12:43
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
----------
Key: SASENUM
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
-R- 7408 bytes
Created: 17/02/2009 12:43
Modified: 17/02/2009 12:43
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
----------
Key: SASKUTIL
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
55024 bytes
Created: 17/02/2009 12:43
Modified: 17/02/2009 12:43
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: srescan
ImagePath: system32\ZoneLabs\srescan.sys
C:\WINDOWS\system32\ZoneLabs\srescan.sys
51176 bytes
Created: 16/10/2008 18:43
Modified: 27/02/2008 03:10
Company: Zone Labs, LLC
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{67352C2E-9A38-4B19-AC65-675B1A3CC490}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 13/04/2008 19:34
Modified: 13/04/2008 19:34
Company: Microsoft Corporation
----------
Key: TVICHW32
ImagePath: \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
23600 bytes
Created: 16/10/2008 10:27
Modified: 16/10/2008 10:27
Company: EnTech Taiwan
----------
Key: USBAAPL
ImagePath: System32\Drivers\usbaapl.sys
C:\WINDOWS\System32\Drivers\usbaapl.sys
36864 bytes
Created: 16/10/2008 20:04
Modified: 06/03/2009 00:59
Company: Apple, Inc.
----------
Key: VClone
ImagePath: system32\DRIVERS\VClone.sys
C:\WINDOWS\system32\DRIVERS\VClone.sys
28672 bytes
Created: 17/07/2008 02:12
Modified: 17/07/2008 02:12
Company: Elaborate Bytes AG
----------
Key: vsdatant
ImagePath: System32\vsdatant.sys
C:\WINDOWS\System32\vsdatant.sys
394952 bytes
Created: 16/10/2008 18:43
Modified: 09/07/2008 09:05
Company: Zone Labs, LLC
----------
Key: vsmon
ImagePath: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service - this file is globally excluded
----------
Key: wampapache
ImagePath: "c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice
c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
24635 bytes
Created: 18/10/2008 18:45
Modified: 18/01/2008 01:37
Company: Apache Software Foundation
----------
Key: wampmysqld
ImagePath: c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe wampmysqld
c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
5750784 bytes
Created: 18/10/2008 18:45
Modified: 17/04/2008 19:13
Company: [no info]
----------
************************************************************
20:29:31: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:
************************************************************
20:29:31: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : !SASWinLogon
DLLName: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
356352 bytes
Created: 22/12/2008 12:05
Modified: 22/12/2008 12:05
Company: SUPERAntiSpyware.com
----------
************************************************************
20:29:31: Scanning ----- CONTEXTMENUHANDLERS -----
Key: avast
CLSID: {472083B0-C522-11CF-8763-00608CC02F24}
Path: C:\Program Files\Alwil Software\Avast4\ashShell.dll
C:\Program Files\Alwil Software\Avast4\ashShell.dll
76880 bytes
Created: 16/10/2008 18:37
Modified: 05/02/2009 23:04
Company: ALWIL Software
----------
Key: ZLAVShExt
CLSID: {D9872D13-7651-4471-9EEE-F0A00218BEBB}
Path: C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll
C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll
50664 bytes
Created: 16/10/2008 18:43
Modified: 09/07/2008 09:05
Company: Zone Labs, LLC
----------
Key: {CA8ACAFA-5FBB-467B-B348-90DD488DE003}
Path: C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
61440 bytes
Created: 27/02/2007 12:39
Modified: 27/02/2007 12:39
Company: SUPERAntiSpyware.com
----------
************************************************************
20:29:32: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
File: "C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll"
C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll
339968 bytes
Created: 21/01/2008 16:48
Modified: 21/01/2008 16:48
Company: Sun Microsystems, Inc.
----------
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
378200 bytes
Created: 11/06/2008 23:49
Modified: 11/06/2008 23:49
Company: Adobe Systems, Inc.
----------
************************************************************
20:29:33: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
BHO: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
75128 bytes
Created: 11/06/2008 23:33
Modified: 11/06/2008 23:33
Company: Adobe Systems Incorporated
----------
Key: {53707962-6F74-2D53-2644-206D7942484F}
BHO: C:\PROGRA~1\SPYBOT~1\SDHelper.dll
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
1879896 bytes
Created: 09/11/2008 19:12
Modified: 26/01/2009 16:31
Company: Safer Networking Limited
----------
Key: {5C255C8A-E604-49b4-9D64-90988571CECB}
BHO: C:\Program Files\Windows Live\Messenger\wlchtc.dll
C:\Program Files\Windows Live\Messenger\wlchtc.dll
73072 bytes
Created: 06/02/2009 19:21
Modified: 06/02/2009 19:21
Company: Microsoft Corporation
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre6\bin\ssv.dll
C:\Program Files\Java\jre6\bin\ssv.dll
320920 bytes
Created: 08/03/2009 11:30
Modified: 08/03/2009 11:30
Company: Sun Microsystems, Inc.
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
408448 bytes
Created: 22/01/2009 16:41
Modified: 22/01/2009 16:41
Company: Microsoft Corporation
----------
Key: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
BHO: C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
668656 bytes
Created: 24/03/2009 08:40
Modified: 24/03/2009 08:40
Company: Google Inc.
----------
Key: {DBC80044-A445-435b-BC74-9C25C1C588A9}
BHO: C:\Program Files\Java\jre6\bin\jp2ssv.dll
C:\Program Files\Java\jre6\bin\jp2ssv.dll
34816 bytes
Created: 08/03/2009 11:30
Modified: 08/03/2009 11:30
Company: Sun Microsystems, Inc.
----------
Key: {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
BHO: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
73728 bytes
Created: 08/03/2009 11:30
Modified: 08/03/2009 11:30
Company: Sun Microsystems, Inc.
----------
************************************************************
20:29:34: Scanning ----- SHELLSERVICEOBJECTS -----
************************************************************
20:29:34: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
************************************************************
20:29:34: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
20:29:34: Scanning ----- APPINIT_DLLS -----
No APPINIT_DLLS value found to check
************************************************************
20:29:35: Scanning ----- SECURITY PROVIDER DLLS -----
************************************************************
20:29:35: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 16/10/2008 18:04
Modified: 16/10/2008 16:13
Company: [no info]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini - no action taken on this file
--------------------
Logitech SetPoint.lnk - links to C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
598016 bytes
Created: 16/10/2008 18:49
Modified: 15/09/2004 10:11
Company: Logitech Inc.
--------------------
Moniteur reseau 802.11g MIMO OLITEC.lnk - links to C:\Program Files\OLITEC\Common\RaUI.exe
C:\Program Files\OLITEC\Common\RaUI.exe
643072 bytes
Created: 12/11/2008 19:39
Modified: 24/02/2006 15:01
Company: OLITEC.
--------------------
************************************************************
No User Startup Groups were located to check
************************************************************
20:29:35: Scanning ----- SCHEDULED TASKS -----
Taskname: AppleSoftwareUpdate.job
File: C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
566592 bytes
Created: 30/07/2008 12:34
Modified: 30/07/2008 12:34
Company: Apple Inc.
Parameters: -task
Next Run Time: 06/04/2009 19:06:00
Status: La tâche est prête à s'exécuter à l'heure prévue
Creator: SYSTEM
Comments: [blank]
----------
Taskname: Google Software Updater.job
File: C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
183280 bytes
Created: 07/02/2009 20:02
Modified: 24/03/2009 08:40
Company: Google
Parameters: scheduled_start
Next Run Time: 06/04/2009 01:32:00
Status: La tâche n'a pas encore été exécutée
Creator: SYSTEM
Comments: Le programme de mise à jour Google permet de maintenir votre logiciel Google à jour. Si ce programme de mise à jour est désactivé ou arrêté, votre logiciel Google ne sera pas mis à jour et présentera des failles de sécurité qui ne pourront pas être résolues. Certaines fonctionnalités peuvent être endommagées.
----------
Taskname: GoogleUpdateTaskMachine.job
File: C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 07/02/2009 20:03
Modified: 07/02/2009 20:03
Company: Google Inc.
Parameters: /c
Next Run Time: Never
Status: La tâche est prête à s'exécuter à l'heure prévue
Creator: SYSTEM
Comments: Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when there is no Google software using it.
----------
************************************************************
20:29:37: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
************************************************************
20:29:37: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: VIDC.I420
File: lvcodec2.dll
C:\WINDOWS\system32\lvcodec2.dll
204800 bytes
Created: 12/11/2008 19:40
Modified: 27/05/2005 10:26
Company: Logitech Inc.
----------
Value: VIDC.DIVX
File: DivX.dll
C:\WINDOWS\system32\DivX.dll
682496 bytes
Created: 16/10/2008 18:39
Modified: 31/03/2008 23:25
Company: DivX, Inc.
----------
Value: VIDC.XVID
File: xvid.dll
xvid.dll - [file not found to scan]
----------
Value: VIDC.YV12
File: yv12vfw.dll
C:\WINDOWS\system32\yv12vfw.dll
70656 bytes
Created: 16/10/2008 18:39
Modified: 25/01/2004 01:00
Company: www.helixcommunity.org
----------
Value: msacm.ac3acm
File: ac3acm.acm
C:\WINDOWS\system32\ac3acm.acm
118784 bytes
Created: 16/10/2008 18:39
Modified: 21/09/2007 02:52
Company: fccHandler
----------
Value: msacm.lameacm
File: lameACM.acm
C:\WINDOWS\system32\lameACM.acm
389120 bytes
Created: 16/10/2008 18:39
Modified: 24/09/2006 17:11
Company: http://www.mp3dev.org/
----------
Value: VIDC.FFDS
File: ff_vfw.dll
C:\WINDOWS\system32\ff_vfw.dll
7680 bytes
Created: 16/10/2008 18:39
Modified: 28/03/2008 19:41
Company: [no info]
----------
Value: msacm.siren
File: sirenacm.dll
C:\WINDOWS\system32\sirenacm.dll
49504 bytes
Created: 06/02/2009 19:52
Modified: 06/02/2009 19:52
Company: Microsoft Corporation
----------
Value: msacm.lhacm
File: lhacm.acm
C:\WINDOWS\system32\lhacm.acm
34064 bytes
Created: 14/02/2009 20:18
Modified: 14/02/2009 20:18
Company: Microsoft Corporation
----------
Value: vidc.MP42
File: MPG4c32.dll
MPG4c32.dll - [file not found to scan]
----------
************************************************************
20:29:40: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
18250038 bytes
Created: 16/10/2008 20:06
Modified: 21/03/2009 13:50
Company: [no info]
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
18250038 bytes
Created: 16/10/2008 20:06
Modified: 21/03/2009 13:50
Company: [no info]
----------
Checks for rogue DNS NameServers completed
----------
----------
Additional checks completed
************************************************************
20:29:41: Scanning ----- RUNNING PROCESSES -----
C:\WINDOWS\System32\smss.exe
50688 bytes
Created: 13/04/2008 19:34
Modified: 13/04/2008 19:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\csrss.exe
6144 bytes
Created: 13/04/2008 19:34
Modified: 13/04/2008 19:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\winlogon.exe
512000 bytes
Created: 13/04/2008 19:34
Modified: 13/04/2008 19:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\services.exe
109056 bytes
Created: 13/04/2008 19:34
Modified: 13/04/2008 19:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 13/04/2008 19:34
Modified: 13/04/2008 19:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe
14336 bytes
Created: 13/04/2008 19:34
Modified: 13/04/2008 19:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
75304 bytes
Created: 16/10/2008 18:43
Modified: 09/07/2008 09:05
Company: Zone Labs, LLC
--------------------
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe - file already scanned
--------------------
C:\Program Files\Alwil Software\Avast4\ashServ.exe - file already scanned
--------------------
C:\WINDOWS\system32\LEXBCES.EXE - file already scanned
--------------------
C:\WINDOWS\system32\spoolsv.exe
57856 bytes
Created: 13/04/2008 19:34
Modified: 13/04/2008 19:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\LEXPPS.EXE
174592 bytes
Created: 17/10/2008 08:44
Modified: 18/08/2003 16:32
Company: Lexmark International, Inc.
--------------------
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe - file already scanned
--------------------
C:\Program Files\Bonjour\mDNSResponder.exe - file already scanned
--------------------
C:\Program Files\Java\jre6\bin\jqs.exe - file already scanned
--------------------
C:\Program Files\Google\Update\GoogleUpdate.exe - file already scanned
--------------------
C:\Program Files\CDBurnerXP\NMSAccessU.exe - file already scanned
--------------------
C:\WINDOWS\system32\nvsvc32.exe
163908 bytes
Created: 16/10/2008 10:51
Modified: 07/10/2008 14:33
Company: NVIDIA Corporation
--------------------
C:\WINDOWS\system32\PnkBstrA.exe - file already scanned
--------------------
C:\Program Files\Retrospect\Retrospect Express HD 2.5\retrorun.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\SearchIndexer.exe
439808 bytes
Created: 26/05/2008 22:18
Modified: 26/05/2008 22:18
Company: Microsoft Corporation
--------------------
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe - file already scanned
--------------------
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe - file already scanned
--------------------
C:\WINDOWS\system32\wbem\wmiapsrv.exe
126464 bytes
Created: 16/10/2008 16:10
Modified: 13/04/2008 19:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\System32\alg.exe
44544 bytes
Created: 13/04/2008 19:33
Modified: 13/04/2008 19:33
Company: Microsoft Corporation
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe - file already scanned
--------------------
C:\Program Files\Java\jre6\bin\jusched.exe - file already scanned
--------------------
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe - file already scanned
--------------------
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe - file already scanned
--------------------
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe - file already scanned
--------------------
C:\WINDOWS\system32\RUNDLL32.EXE
33792 bytes
Created: 13/04/2008 19:34
Modified: 13/04/2008 19:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\LVCOMSX.EXE - file already scanned
--------------------
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
53248 bytes
Created: 17/10/2008 08:43
Modified: 19/08/2003 17:00
Company: Lexmark International, Inc.
--------------------
C:\Program Files\Logitech\Video\LogiTray.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\RTHDCPL.EXE - file already scanned
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\Program Files\DNA\btdna.exe - file already scanned
--------------------
C:\Program Files\Windows Live\Messenger\msnmsgr.exe - file already scanned
--------------------
C:\Program Files\Logitech\Video\FxSvr2.exe
192512 bytes
Created: 12/11/2008 19:40
Modified: 08/06/2005 15:44
Company: Logitech Inc.
--------------------
C:\Program Files\Logitech\SetPoint\SetPoint.exe - file already scanned
--------------------
C:\Program Files\OLITEC\Common\RaUI.exe - file already scanned
--------------------
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
37888 bytes
Created: 16/10/2008 18:49
Modified: 01/09/2004 16:53
Company: Logitech Inc.
--------------------
C:\Program Files\Windows Live\Contacts\wlcomm.exe
27512 bytes
Created: 06/02/2009 18:07
Modified: 06/02/2009 18:07
Company: Microsoft Corporation
--------------------
C:\Program Files\Java\jre6\bin\jucheck.exe
382384 bytes
Created: 08/03/2009 11:30
Modified: 08/03/2009 11:30
Company: Sun Microsystems, Inc.
--------------------
C:\Program Files\iTunes\iTunes.exe
13499176 bytes
Created: 11/03/2009 14:52
Modified: 11/03/2009 14:52
Company: Apple Inc.
--------------------
C:\Program Files\iPod\bin\iPodService.exe
656168 bytes
Created: 11/03/2009 14:52
Modified: 11/03/2009 14:52
Company: Apple Inc.
--------------------
C:\Program Files\Fichiers communs\Adobe\Updater6\Adobe_Updater.exe
2521464 bytes
Created: 16/04/2008 21:18
Modified: 15/03/2009 17:34
Company: Adobe Systems Incorporated
--------------------
C:\WINDOWS\system32\cmd.exe
401408 bytes
Created: 13/04/2008 19:33
Modified: 13/04/2008 19:33
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\NOTEPAD.EXE
70656 bytes
Created: 13/04/2008 19:34
Modified: 13/04/2008 19:34
Company: Microsoft Corporation
--------------------
C:\Program Files\Mozilla Firefox\firefox.exe
307704 bytes
Created: 16/10/2008 19:44
Modified: 28/03/2009 23:17
Company: Mozilla Corporation
--------------------
C:\Documents and Settings\user\Application Data\Simply Super Software\Trojan Remover\tpg26B.exe
FileSize: 2929528
[This is a Trojan Remover component]
--------------------
************************************************************
20:29:49: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 20:29:49 05 avr. 2009
Total Scan time: 00:00:51
************************************************************
RAPPORT HIJACKTHIS
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:33:20, on 05/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Retrospect\Retrospect Express HD 2.5\retrorun.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\OLITEC\Common\RaUI.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Adobe\Updater6\Adobe_Updater.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\user\Application Data\Simply Super Software\Trojan Remover\tpg26B.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Moniteur reseau 802.11g MIMO OLITEC.lnk = C:\Program Files\OLITEC\Common\RaUI.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c9894e66121dcc) (gupdate1c9894e66121dcc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect Express HD 2.5\retrorun.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz )
BIOS : Award Modular BIOS v6.00PG
USER : user ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090405-0] 4.8.1335 (Activated)
Firewall : ZoneAlarm Firewall 7.0.483.000 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:145 Go (Free:84 Go)
D:\ (Local Disk) - NTFS - Total:97 Go (Free:13 Go)
E:\ (Local Disk) - NTFS - Total:48 Go (Free:6 Go)
F:\ (Local Disk) - NTFS - Total:319 Go (Free:17 Go)
G:\ (USB)
H:\ (CD or DVD)
I:\ (CD or DVD)
J:\ (USB)
K:\ (USB)
L:\ (USB)
M:\ (CD or DVD)
N:\ (CD or DVD)
O:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 05/04/2009|20:21 )
-----------\\ SUPPRESSION
Supprime! - C:\Program Files\AskBarDis\bar
Supprime! - C:\Program Files\AskBarDis\unins000.dat
Supprime! - C:\Program Files\AskBarDis\unins000.exe
Supprime! - C:\DOCUME~1\user\LOCALS~1\Temp\nsnDDF3.tmp
Supprime! - C:\Program Files\AskBarDis
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ Extensions
(user) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(user) - {b66bc4c3-6d25-4a10-8c59-01daa9063051} => foxgame
(user) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
1 - "C:\ToolBar SD\TB_1.txt" - 05/04/2009|15:49 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 05/04/2009|20:23 - Option : [2]
-----------\\ Fin du rapport a 20:23:03,06
Alors Ensuite!
RAPPORT TROJAN
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.8.2572. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 20:28:57 05 avr. 2009
Using Database v7312
Operating System: Windows XP Home Edition (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\user\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: F:\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
The following Anti-Malware program(s) are loaded:
Avast! Antivirus
************************************************************
************************************************************
20:28:58: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
20:28:59: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037824 bytes
Created: 13/04/2008 19:34
Modified: 13/04/2008 19:34
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created: 13/04/2008 19:34
Modified: 13/04/2008 19:34
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 13/04/2008 19:34
Modified: 13/04/2008 19:34
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: Alcmtr
Value Data: ALCMTR.EXE
C:\WINDOWS\ALCMTR.EXE
69632 bytes
Created: 16/10/2008 10:49
Modified: 03/05/2005 18:43
Company: Realtek Semiconductor Corp.
--------------------
Value Name: NvCplDaemon
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
C:\WINDOWS\system32\NvCpl.dll
13574144 bytes
Created: 16/10/2008 10:50
Modified: 07/10/2008 14:33
Company: NVIDIA Corporation
--------------------
Value Name: nwiz
Value Data: nwiz.exe /install
C:\WINDOWS\system32\nwiz.exe
1630208 bytes
Created: 16/10/2008 10:51
Modified: 07/10/2008 14:33
Company: NVIDIA Corporation
--------------------
Value Name: NeroFilterCheck
Value Data: C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\NeroCheck.exe
155648 bytes
Created: 16/10/2008 11:46
Modified: 12/01/2006 15:40
Company: Nero AG
--------------------
Value Name: RemoteControl
Value Data: C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
32768 bytes
Created: 16/10/2008 11:47
Modified: 31/10/2003 19:42
Company: Cyberlink Corp.
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre6\bin\jusched.exe"
C:\Program Files\Java\jre6\bin\jusched.exe
136600 bytes
Created: 08/03/2009 11:30
Modified: 08/03/2009 11:30
Company: Sun Microsystems, Inc.
--------------------
Value Name: avast!
Value Data: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
81000 bytes
Created: 16/10/2008 18:37
Modified: 05/02/2009 23:08
Company: ALWIL Software
--------------------
Value Name: ZoneAlarm Client
Value Data: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
919016 bytes
Created: 16/10/2008 18:43
Modified: 09/07/2008 09:05
Company: Zone Labs, LLC
--------------------
Value Name: Lexmark X1100 Series
Value Data: "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
57344 bytes
Created: 17/10/2008 08:43
Modified: 19/08/2003 16:48
Company: Lexmark International, Inc.
--------------------
Value Name: NvMediaCenter
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
C:\WINDOWS\system32\NvMcTray.dll
86016 bytes
Created: 16/10/2008 10:50
Modified: 07/10/2008 14:33
Company: NVIDIA Corporation
--------------------
Value Name: LVCOMSX
Value Data: C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
221184 bytes
Created: 19/07/2005 18:32
Modified: 19/07/2005 18:32
Company: Logitech Inc.
--------------------
Value Name: LogitechVideoRepair
Value Data: C:\Program Files\Logitech\Video\ISStart.exe
C:\Program Files\Logitech\Video\ISStart.exe
458752 bytes
Created: 12/11/2008 19:40
Modified: 08/06/2005 16:24
Company: Logitech Inc.
--------------------
Value Name: LogitechVideoTray
Value Data: C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Logitech\Video\LogiTray.exe
217088 bytes
Created: 12/11/2008 19:40
Modified: 08/06/2005 16:14
Company: Logitech Inc.
--------------------
Value Name: Adobe Reader Speed Launcher
Value Data: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
34672 bytes
Created: 12/06/2008 03:38
Modified: 12/06/2008 03:38
Company: Adobe Systems Incorporated
--------------------
Value Name: QuickTime Task
Value Data: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
C:\Program Files\QuickTime\QTTask.exe
413696 bytes
Created: 05/01/2009 17:18
Modified: 05/01/2009 17:18
Company: Apple Inc.
--------------------
Value Name: Logitech Hardware Abstraction Layer
Value Data: KHALMNPR.EXE
C:\WINDOWS\KHALMNPR.EXE
37888 bytes
Created: 16/10/2008 18:49
Modified: 15/09/2004 10:12
Company: Logitech Inc.
--------------------
Value Name: RTHDCPL
Value Data: RTHDCPL.EXE
C:\WINDOWS\RTHDCPL.EXE
16380416 bytes
Created: 16/10/2008 10:49
Modified: 05/07/2007 16:08
Company: Realtek Semiconductor Corp.
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1213320 bytes
Created: 05/04/2009 20:26
Modified: 05/04/2009 20:27
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 13/04/2008 19:34
Modified: 13/04/2008 19:34
Company: Microsoft Corporation
--------------------
Value Name: LogitechSoftwareUpdate
Value Data: "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
C:\Program Files\Logitech\Video\ManifestEngine.exe
196608 bytes
Created: 12/11/2008 19:40
Modified: 08/06/2005 15:44
Company: Logitech Inc.
--------------------
Value Name: BitTorrent DNA
Value Data: "C:\Program Files\DNA\btdna.exe"
C:\Program Files\DNA\btdna.exe
321344 bytes
Created: 24/03/2009 21:19
Modified: 24/03/2009 21:19
Company: BitTorrent, Inc.
--------------------
Value Name: EA Core
Value Data: C:\Program Files\Electronic Arts\EADM\Core.exe -silent
C:\Program Files\Electronic Arts\EADM\Core.exe
2752512 bytes
Created: 21/07/2008 15:07
Modified: 21/07/2008 15:07
Company: Electronic Arts
--------------------
Value Name: msnmsgr
Value Data: "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
3885408 bytes
Created: 06/02/2009 19:51
Modified: 06/02/2009 19:51
Company: Microsoft Corporation
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
************************************************************
20:29:06: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {56F9679E-7826-4C84-81F3-532071A8BCC5}
File: C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
304128 bytes
Created: 26/05/2008 22:19
Modified: 26/05/2008 22:19
Company: Microsoft Corporation
----------
ValueName: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}
File: C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
77824 bytes
Created: 13/05/2008 10:13
Modified: 13/05/2008 10:13
Company: SuperAdBlocker.com
----------
************************************************************
20:29:06: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
************************************************************
20:29:07: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\system32\sstext3d.scr
C:\WINDOWS\system32\sstext3d.scr
684032 bytes
Created: 13/04/2008 19:34
Modified: 13/04/2008 19:34
Company: Microsoft Corporation
--------------------
************************************************************
20:29:07: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
C:\WINDOWS\INF\wmp11.inf
2441 bytes
Created: 03/11/2006 10:03
Modified: 03/11/2006 10:03
Company: [no info]
----------
************************************************************
20:29:09: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
--------------------
************************************************************
20:29:11: Scanning ----- SERVICES REGISTRY KEYS -----
Key: a2free
ImagePath: "C:\Program Files\a-squared Free\a2service.exe"
C:\Program Files\a-squared Free\a2service.exe
425080 bytes
Created: 18/03/2009 20:40
Modified: 25/02/2009 20:18
Company: Emsi Software GmbH
----------
Key: ADM8511
ImagePath: system32\DRIVERS\ADM8511.SYS
C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
20160 bytes
Created: 16/10/2008 16:23
Modified: 17/08/2001 20:11
Company: ADMtek Incorporated
----------
Key: Apple Mobile Device
ImagePath: "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
132424 bytes
Created: 06/03/2009 01:04
Modified: 06/03/2009 01:04
Company: Apple Inc.
----------
Key: aswFsBlk
ImagePath: system32\DRIVERS\aswFsBlk.sys
C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
20560 bytes
Created: 16/10/2008 18:37
Modified: 05/02/2009 23:07
Company: ALWIL Software
----------
Key: aswUpdSv
ImagePath: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
18752 bytes
Created: 16/10/2008 18:37
Modified: 05/02/2009 23:01
Company: ALWIL Software
----------
Key: avast! Antivirus
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
C:\Program Files\Alwil Software\Avast4\ashServ.exe
138680 bytes
Created: 16/10/2008 18:37
Modified: 05/02/2009 23:08
Company: ALWIL Software
----------
Key: avast! Mail Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
254040 bytes
Created: 16/10/2008 18:37
Modified: 05/02/2009 23:08
Company: ALWIL Software
----------
Key: avast! Web Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
352920 bytes
Created: 16/10/2008 18:37
Modified: 05/02/2009 23:06
Company: ALWIL Software
----------
Key: Bonjour Service
ImagePath: "C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Program Files\Bonjour\mDNSResponder.exe
238888 bytes
Created: 12/12/2008 12:17
Modified: 12/12/2008 12:17
Company: Apple Inc.
----------
Key: catchme
ImagePath: \??\C:\DOCUME~1\user\LOCALS~1\Temp\catchme.sys - this file is globally excluded
----------
Key: driverhardwarev2
ImagePath: \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
15360 bytes
Created: 02/11/2008 16:31
Modified: 02/11/2008 16:31
Company: Ma-Config.com
----------
Key: ElbyCDIO
ImagePath: System32\Drivers\ElbyCDIO.sys
C:\WINDOWS\System32\Drivers\ElbyCDIO.sys
24392 bytes
Created: 21/07/2008 14:11
Modified: 21/07/2008 14:11
Company: Elaborate Bytes AG
----------
Key: getPlus(R) Helper
ImagePath: C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
33752 bytes
Created: 28/01/2009 19:48
Modified: 01/12/2008 11:59
Company: NOS Microsystems Ltd.
----------
Key: gupdate1c9894e66121dcc
ImagePath: "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc
C:\Program Files\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 07/02/2009 20:03
Modified: 07/02/2009 20:03
Company: Google Inc.
----------
Key: gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
183280 bytes
Created: 07/02/2009 20:02
Modified: 24/03/2009 08:40
Company: Google
----------
Key: IDriverT
ImagePath: "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"
C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
69632 bytes
Created: 04/04/2005 01:41
Modified: 04/04/2005 01:41
Company: Macrovision Corporation
----------
Key: JavaQuickStarterService
ImagePath: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
C:\Program Files\Java\jre6\bin\jqs.exe
152984 bytes
Created: 08/03/2009 11:30
Modified: 08/03/2009 11:30
Company: Sun Microsystems, Inc.
----------
Key: KLIF
ImagePath: system32\DRIVERS\klif.sys
C:\WINDOWS\system32\DRIVERS\klif.sys
127768 bytes
Created: 16/10/2008 18:43
Modified: 19/07/2007 15:10
Company: Kaspersky Lab
----------
Key: LexBceS
ImagePath: C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXBCES.EXE
303104 bytes
Created: 17/10/2008 08:44
Modified: 18/08/2003 16:37
Company: Lexmark International, Inc.
----------
Key: LHidKe
ImagePath: system32\DRIVERS\LHidKE.Sys
C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
24766 bytes
Created: 16/10/2008 18:49
Modified: 01/09/2004 16:55
Company: Logitech, Inc.
----------
Key: LHidUsbK
ImagePath: System32\Drivers\LHidUsbK.Sys
C:\WINDOWS\System32\Drivers\LHidUsbK.Sys
38146 bytes
Created: 16/10/2008 18:49
Modified: 01/09/2004 16:56
Company: Logitech, Inc.
----------
Key: LMouKE
ImagePath: system32\DRIVERS\LMouKE.Sys
C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
71758 bytes
Created: 16/10/2008 18:49
Modified: 01/09/2004 16:56
Company: Logitech, Inc.
----------
Key: LUsbKbd
ImagePath: System32\Drivers\LUsbKbd.Sys
C:\WINDOWS\System32\Drivers\LUsbKbd.Sys
15008 bytes
Created: 16/10/2008 18:49
Modified: 01/09/2004 16:57
Company: Logitech, Inc.
----------
Key: LVUSBSta
ImagePath: system32\drivers\lvusbsta.sys
C:\WINDOWS\system32\drivers\lvusbsta.sys
22016 bytes
Created: 12/11/2008 19:40
Modified: 27/05/2005 10:31
Company: Logitech Inc.
----------
Key: maconfservice
ImagePath: "C:\Program Files\ma-config.com\maconfservice.exe"
C:\Program Files\ma-config.com\maconfservice.exe
195752 bytes
Created: 02/11/2008 16:29
Modified: 02/11/2008 16:29
Company: CybelSoft
----------
Key: NMSAccessU
ImagePath: C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
71096 bytes
Created: 23/11/2008 22:17
Modified: 20/10/2008 22:18
Company: [no info]
----------
Key: odserv
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE
443776 bytes
Created: 24/08/2007 04:19
Modified: 24/08/2007 04:19
Company: Microsoft Corporation
----------
Key: ose
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
145184 bytes
Created: 26/10/2006 14:03
Modified: 26/10/2006 14:03
Company: Microsoft Corporation
----------
Key: pepifilter
ImagePath: system32\DRIVERS\lv302af.sys
C:\WINDOWS\system32\DRIVERS\lv302af.sys
7136 bytes
Created: 12/11/2008 19:40
Modified: 27/05/2005 10:38
Company: Logitech Inc.
----------
Key: PID_08A0
ImagePath: system32\DRIVERS\LV302AV.SYS
C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
913280 bytes
Created: 12/11/2008 19:40
Modified: 27/05/2005 10:46
Company: Logitech Inc.
----------
Key: PID_PEPI
ImagePath: system32\DRIVERS\LV302V32.SYS
C:\WINDOWS\system32\DRIVERS\LV302V32.SYS - [file not found to scan]
----------
Key: PnkBstrA
ImagePath: C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrA.exe
66872 bytes
Created: 25/10/2008 12:58
Modified: 25/10/2008 12:58
Company: [no info]
----------
Key: RetroExpLauncher
ImagePath: "C:\Program Files\Retrospect\Retrospect Express HD 2.5\retrorun.exe"
C:\Program Files\Retrospect\Retrospect Express HD 2.5\retrorun.exe
115992 bytes
Created: 07/07/2008 14:12
Modified: 07/07/2008 14:12
Company: EMC Corporation
----------
Key: RT2500
ImagePath: system32\DRIVERS\RT2500.sys
C:\WINDOWS\system32\DRIVERS\RT2500.sys
243328 bytes
Created: 17/06/2005 19:19
Modified: 20/10/2005 16:00
Company: Ralink Technology Inc.
----------
Key: SASDIFSV
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
8944 bytes
Created: 17/02/2009 12:43
Modified: 17/02/2009 12:43
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
----------
Key: SASENUM
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
-R- 7408 bytes
Created: 17/02/2009 12:43
Modified: 17/02/2009 12:43
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
----------
Key: SASKUTIL
ImagePath: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
55024 bytes
Created: 17/02/2009 12:43
Modified: 17/02/2009 12:43
Company: SUPERAdBlocker.com and SUPERAntiSpyware.com
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: srescan
ImagePath: system32\ZoneLabs\srescan.sys
C:\WINDOWS\system32\ZoneLabs\srescan.sys
51176 bytes
Created: 16/10/2008 18:43
Modified: 27/02/2008 03:10
Company: Zone Labs, LLC
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{67352C2E-9A38-4B19-AC65-675B1A3CC490}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 13/04/2008 19:34
Modified: 13/04/2008 19:34
Company: Microsoft Corporation
----------
Key: TVICHW32
ImagePath: \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
23600 bytes
Created: 16/10/2008 10:27
Modified: 16/10/2008 10:27
Company: EnTech Taiwan
----------
Key: USBAAPL
ImagePath: System32\Drivers\usbaapl.sys
C:\WINDOWS\System32\Drivers\usbaapl.sys
36864 bytes
Created: 16/10/2008 20:04
Modified: 06/03/2009 00:59
Company: Apple, Inc.
----------
Key: VClone
ImagePath: system32\DRIVERS\VClone.sys
C:\WINDOWS\system32\DRIVERS\VClone.sys
28672 bytes
Created: 17/07/2008 02:12
Modified: 17/07/2008 02:12
Company: Elaborate Bytes AG
----------
Key: vsdatant
ImagePath: System32\vsdatant.sys
C:\WINDOWS\System32\vsdatant.sys
394952 bytes
Created: 16/10/2008 18:43
Modified: 09/07/2008 09:05
Company: Zone Labs, LLC
----------
Key: vsmon
ImagePath: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service - this file is globally excluded
----------
Key: wampapache
ImagePath: "c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice
c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
24635 bytes
Created: 18/10/2008 18:45
Modified: 18/01/2008 01:37
Company: Apache Software Foundation
----------
Key: wampmysqld
ImagePath: c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe wampmysqld
c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
5750784 bytes
Created: 18/10/2008 18:45
Modified: 17/04/2008 19:13
Company: [no info]
----------
************************************************************
20:29:31: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:
************************************************************
20:29:31: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : !SASWinLogon
DLLName: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
356352 bytes
Created: 22/12/2008 12:05
Modified: 22/12/2008 12:05
Company: SUPERAntiSpyware.com
----------
************************************************************
20:29:31: Scanning ----- CONTEXTMENUHANDLERS -----
Key: avast
CLSID: {472083B0-C522-11CF-8763-00608CC02F24}
Path: C:\Program Files\Alwil Software\Avast4\ashShell.dll
C:\Program Files\Alwil Software\Avast4\ashShell.dll
76880 bytes
Created: 16/10/2008 18:37
Modified: 05/02/2009 23:04
Company: ALWIL Software
----------
Key: ZLAVShExt
CLSID: {D9872D13-7651-4471-9EEE-F0A00218BEBB}
Path: C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll
C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll
50664 bytes
Created: 16/10/2008 18:43
Modified: 09/07/2008 09:05
Company: Zone Labs, LLC
----------
Key: {CA8ACAFA-5FBB-467B-B348-90DD488DE003}
Path: C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
61440 bytes
Created: 27/02/2007 12:39
Modified: 27/02/2007 12:39
Company: SUPERAntiSpyware.com
----------
************************************************************
20:29:32: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
File: "C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll"
C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll
339968 bytes
Created: 21/01/2008 16:48
Modified: 21/01/2008 16:48
Company: Sun Microsystems, Inc.
----------
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
378200 bytes
Created: 11/06/2008 23:49
Modified: 11/06/2008 23:49
Company: Adobe Systems, Inc.
----------
************************************************************
20:29:33: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
BHO: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
75128 bytes
Created: 11/06/2008 23:33
Modified: 11/06/2008 23:33
Company: Adobe Systems Incorporated
----------
Key: {53707962-6F74-2D53-2644-206D7942484F}
BHO: C:\PROGRA~1\SPYBOT~1\SDHelper.dll
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
1879896 bytes
Created: 09/11/2008 19:12
Modified: 26/01/2009 16:31
Company: Safer Networking Limited
----------
Key: {5C255C8A-E604-49b4-9D64-90988571CECB}
BHO: C:\Program Files\Windows Live\Messenger\wlchtc.dll
C:\Program Files\Windows Live\Messenger\wlchtc.dll
73072 bytes
Created: 06/02/2009 19:21
Modified: 06/02/2009 19:21
Company: Microsoft Corporation
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre6\bin\ssv.dll
C:\Program Files\Java\jre6\bin\ssv.dll
320920 bytes
Created: 08/03/2009 11:30
Modified: 08/03/2009 11:30
Company: Sun Microsystems, Inc.
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
408448 bytes
Created: 22/01/2009 16:41
Modified: 22/01/2009 16:41
Company: Microsoft Corporation
----------
Key: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
BHO: C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
668656 bytes
Created: 24/03/2009 08:40
Modified: 24/03/2009 08:40
Company: Google Inc.
----------
Key: {DBC80044-A445-435b-BC74-9C25C1C588A9}
BHO: C:\Program Files\Java\jre6\bin\jp2ssv.dll
C:\Program Files\Java\jre6\bin\jp2ssv.dll
34816 bytes
Created: 08/03/2009 11:30
Modified: 08/03/2009 11:30
Company: Sun Microsystems, Inc.
----------
Key: {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
BHO: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
73728 bytes
Created: 08/03/2009 11:30
Modified: 08/03/2009 11:30
Company: Sun Microsystems, Inc.
----------
************************************************************
20:29:34: Scanning ----- SHELLSERVICEOBJECTS -----
************************************************************
20:29:34: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
************************************************************
20:29:34: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
20:29:34: Scanning ----- APPINIT_DLLS -----
No APPINIT_DLLS value found to check
************************************************************
20:29:35: Scanning ----- SECURITY PROVIDER DLLS -----
************************************************************
20:29:35: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 16/10/2008 18:04
Modified: 16/10/2008 16:13
Company: [no info]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini - no action taken on this file
--------------------
Logitech SetPoint.lnk - links to C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
598016 bytes
Created: 16/10/2008 18:49
Modified: 15/09/2004 10:11
Company: Logitech Inc.
--------------------
Moniteur reseau 802.11g MIMO OLITEC.lnk - links to C:\Program Files\OLITEC\Common\RaUI.exe
C:\Program Files\OLITEC\Common\RaUI.exe
643072 bytes
Created: 12/11/2008 19:39
Modified: 24/02/2006 15:01
Company: OLITEC.
--------------------
************************************************************
No User Startup Groups were located to check
************************************************************
20:29:35: Scanning ----- SCHEDULED TASKS -----
Taskname: AppleSoftwareUpdate.job
File: C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
566592 bytes
Created: 30/07/2008 12:34
Modified: 30/07/2008 12:34
Company: Apple Inc.
Parameters: -task
Next Run Time: 06/04/2009 19:06:00
Status: La tâche est prête à s'exécuter à l'heure prévue
Creator: SYSTEM
Comments: [blank]
----------
Taskname: Google Software Updater.job
File: C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
183280 bytes
Created: 07/02/2009 20:02
Modified: 24/03/2009 08:40
Company: Google
Parameters: scheduled_start
Next Run Time: 06/04/2009 01:32:00
Status: La tâche n'a pas encore été exécutée
Creator: SYSTEM
Comments: Le programme de mise à jour Google permet de maintenir votre logiciel Google à jour. Si ce programme de mise à jour est désactivé ou arrêté, votre logiciel Google ne sera pas mis à jour et présentera des failles de sécurité qui ne pourront pas être résolues. Certaines fonctionnalités peuvent être endommagées.
----------
Taskname: GoogleUpdateTaskMachine.job
File: C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 07/02/2009 20:03
Modified: 07/02/2009 20:03
Company: Google Inc.
Parameters: /c
Next Run Time: Never
Status: La tâche est prête à s'exécuter à l'heure prévue
Creator: SYSTEM
Comments: Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when there is no Google software using it.
----------
************************************************************
20:29:37: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
************************************************************
20:29:37: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: VIDC.I420
File: lvcodec2.dll
C:\WINDOWS\system32\lvcodec2.dll
204800 bytes
Created: 12/11/2008 19:40
Modified: 27/05/2005 10:26
Company: Logitech Inc.
----------
Value: VIDC.DIVX
File: DivX.dll
C:\WINDOWS\system32\DivX.dll
682496 bytes
Created: 16/10/2008 18:39
Modified: 31/03/2008 23:25
Company: DivX, Inc.
----------
Value: VIDC.XVID
File: xvid.dll
xvid.dll - [file not found to scan]
----------
Value: VIDC.YV12
File: yv12vfw.dll
C:\WINDOWS\system32\yv12vfw.dll
70656 bytes
Created: 16/10/2008 18:39
Modified: 25/01/2004 01:00
Company: www.helixcommunity.org
----------
Value: msacm.ac3acm
File: ac3acm.acm
C:\WINDOWS\system32\ac3acm.acm
118784 bytes
Created: 16/10/2008 18:39
Modified: 21/09/2007 02:52
Company: fccHandler
----------
Value: msacm.lameacm
File: lameACM.acm
C:\WINDOWS\system32\lameACM.acm
389120 bytes
Created: 16/10/2008 18:39
Modified: 24/09/2006 17:11
Company: http://www.mp3dev.org/
----------
Value: VIDC.FFDS
File: ff_vfw.dll
C:\WINDOWS\system32\ff_vfw.dll
7680 bytes
Created: 16/10/2008 18:39
Modified: 28/03/2008 19:41
Company: [no info]
----------
Value: msacm.siren
File: sirenacm.dll
C:\WINDOWS\system32\sirenacm.dll
49504 bytes
Created: 06/02/2009 19:52
Modified: 06/02/2009 19:52
Company: Microsoft Corporation
----------
Value: msacm.lhacm
File: lhacm.acm
C:\WINDOWS\system32\lhacm.acm
34064 bytes
Created: 14/02/2009 20:18
Modified: 14/02/2009 20:18
Company: Microsoft Corporation
----------
Value: vidc.MP42
File: MPG4c32.dll
MPG4c32.dll - [file not found to scan]
----------
************************************************************
20:29:40: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
18250038 bytes
Created: 16/10/2008 20:06
Modified: 21/03/2009 13:50
Company: [no info]
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
18250038 bytes
Created: 16/10/2008 20:06
Modified: 21/03/2009 13:50
Company: [no info]
----------
Checks for rogue DNS NameServers completed
----------
----------
Additional checks completed
************************************************************
20:29:41: Scanning ----- RUNNING PROCESSES -----
C:\WINDOWS\System32\smss.exe
50688 bytes
Created: 13/04/2008 19:34
Modified: 13/04/2008 19:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\csrss.exe
6144 bytes
Created: 13/04/2008 19:34
Modified: 13/04/2008 19:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\winlogon.exe
512000 bytes
Created: 13/04/2008 19:34
Modified: 13/04/2008 19:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\services.exe
109056 bytes
Created: 13/04/2008 19:34
Modified: 13/04/2008 19:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 13/04/2008 19:34
Modified: 13/04/2008 19:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe
14336 bytes
Created: 13/04/2008 19:34
Modified: 13/04/2008 19:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
75304 bytes
Created: 16/10/2008 18:43
Modified: 09/07/2008 09:05
Company: Zone Labs, LLC
--------------------
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe - file already scanned
--------------------
C:\Program Files\Alwil Software\Avast4\ashServ.exe - file already scanned
--------------------
C:\WINDOWS\system32\LEXBCES.EXE - file already scanned
--------------------
C:\WINDOWS\system32\spoolsv.exe
57856 bytes
Created: 13/04/2008 19:34
Modified: 13/04/2008 19:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\LEXPPS.EXE
174592 bytes
Created: 17/10/2008 08:44
Modified: 18/08/2003 16:32
Company: Lexmark International, Inc.
--------------------
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe - file already scanned
--------------------
C:\Program Files\Bonjour\mDNSResponder.exe - file already scanned
--------------------
C:\Program Files\Java\jre6\bin\jqs.exe - file already scanned
--------------------
C:\Program Files\Google\Update\GoogleUpdate.exe - file already scanned
--------------------
C:\Program Files\CDBurnerXP\NMSAccessU.exe - file already scanned
--------------------
C:\WINDOWS\system32\nvsvc32.exe
163908 bytes
Created: 16/10/2008 10:51
Modified: 07/10/2008 14:33
Company: NVIDIA Corporation
--------------------
C:\WINDOWS\system32\PnkBstrA.exe - file already scanned
--------------------
C:\Program Files\Retrospect\Retrospect Express HD 2.5\retrorun.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\SearchIndexer.exe
439808 bytes
Created: 26/05/2008 22:18
Modified: 26/05/2008 22:18
Company: Microsoft Corporation
--------------------
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe - file already scanned
--------------------
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe - file already scanned
--------------------
C:\WINDOWS\system32\wbem\wmiapsrv.exe
126464 bytes
Created: 16/10/2008 16:10
Modified: 13/04/2008 19:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\System32\alg.exe
44544 bytes
Created: 13/04/2008 19:33
Modified: 13/04/2008 19:33
Company: Microsoft Corporation
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe - file already scanned
--------------------
C:\Program Files\Java\jre6\bin\jusched.exe - file already scanned
--------------------
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe - file already scanned
--------------------
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe - file already scanned
--------------------
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe - file already scanned
--------------------
C:\WINDOWS\system32\RUNDLL32.EXE
33792 bytes
Created: 13/04/2008 19:34
Modified: 13/04/2008 19:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\LVCOMSX.EXE - file already scanned
--------------------
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
53248 bytes
Created: 17/10/2008 08:43
Modified: 19/08/2003 17:00
Company: Lexmark International, Inc.
--------------------
C:\Program Files\Logitech\Video\LogiTray.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\RTHDCPL.EXE - file already scanned
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\Program Files\DNA\btdna.exe - file already scanned
--------------------
C:\Program Files\Windows Live\Messenger\msnmsgr.exe - file already scanned
--------------------
C:\Program Files\Logitech\Video\FxSvr2.exe
192512 bytes
Created: 12/11/2008 19:40
Modified: 08/06/2005 15:44
Company: Logitech Inc.
--------------------
C:\Program Files\Logitech\SetPoint\SetPoint.exe - file already scanned
--------------------
C:\Program Files\OLITEC\Common\RaUI.exe - file already scanned
--------------------
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
37888 bytes
Created: 16/10/2008 18:49
Modified: 01/09/2004 16:53
Company: Logitech Inc.
--------------------
C:\Program Files\Windows Live\Contacts\wlcomm.exe
27512 bytes
Created: 06/02/2009 18:07
Modified: 06/02/2009 18:07
Company: Microsoft Corporation
--------------------
C:\Program Files\Java\jre6\bin\jucheck.exe
382384 bytes
Created: 08/03/2009 11:30
Modified: 08/03/2009 11:30
Company: Sun Microsystems, Inc.
--------------------
C:\Program Files\iTunes\iTunes.exe
13499176 bytes
Created: 11/03/2009 14:52
Modified: 11/03/2009 14:52
Company: Apple Inc.
--------------------
C:\Program Files\iPod\bin\iPodService.exe
656168 bytes
Created: 11/03/2009 14:52
Modified: 11/03/2009 14:52
Company: Apple Inc.
--------------------
C:\Program Files\Fichiers communs\Adobe\Updater6\Adobe_Updater.exe
2521464 bytes
Created: 16/04/2008 21:18
Modified: 15/03/2009 17:34
Company: Adobe Systems Incorporated
--------------------
C:\WINDOWS\system32\cmd.exe
401408 bytes
Created: 13/04/2008 19:33
Modified: 13/04/2008 19:33
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\NOTEPAD.EXE
70656 bytes
Created: 13/04/2008 19:34
Modified: 13/04/2008 19:34
Company: Microsoft Corporation
--------------------
C:\Program Files\Mozilla Firefox\firefox.exe
307704 bytes
Created: 16/10/2008 19:44
Modified: 28/03/2009 23:17
Company: Mozilla Corporation
--------------------
C:\Documents and Settings\user\Application Data\Simply Super Software\Trojan Remover\tpg26B.exe
FileSize: 2929528
[This is a Trojan Remover component]
--------------------
************************************************************
20:29:49: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 20:29:49 05 avr. 2009
Total Scan time: 00:00:51
************************************************************
RAPPORT HIJACKTHIS
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:33:20, on 05/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Retrospect\Retrospect Express HD 2.5\retrorun.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\OLITEC\Common\RaUI.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Adobe\Updater6\Adobe_Updater.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\user\Application Data\Simply Super Software\Trojan Remover\tpg26B.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Moniteur reseau 802.11g MIMO OLITEC.lnk = C:\Program Files\OLITEC\Common\RaUI.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c9894e66121dcc) (gupdate1c9894e66121dcc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect Express HD 2.5\retrorun.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
Ensuite me faire ceci, puis un nouveau scan kaspersky :
ComboFix :
* Sous Vista : ▶ Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
▶ Clique sur Démarrer puis sur panneau de configuration
▶ Double Clique sur l'icône "Comptes d'utilisateurs"
▶ Clique ensuite sur désactiver et valide.
▶ Redémarre le PC
▶ Télécharge Combofix de sUBs
▶ et enregistre le sur le Bureau.
▶ désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)
Voici le tutoriel officiel de Bleeping Computer pour savoir l utiliser :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
▶ Je te conseille d'installer la console de récupération !!
ensuite envois le rapport stp
ComboFix :
* Sous Vista : ▶ Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
▶ Clique sur Démarrer puis sur panneau de configuration
▶ Double Clique sur l'icône "Comptes d'utilisateurs"
▶ Clique ensuite sur désactiver et valide.
▶ Redémarre le PC
▶ Télécharge Combofix de sUBs
▶ et enregistre le sur le Bureau.
▶ désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)
Voici le tutoriel officiel de Bleeping Computer pour savoir l utiliser :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
▶ Je te conseille d'installer la console de récupération !!
ensuite envois le rapport stp
Rapport Combo Fix!
je lance kapersky!
ComboFix 09-04-04.01 - user 2009-04-06 7:24:26.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2046.1471 [GMT 2:00]
Lancé depuis: c:\documents and settings\user\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090405-1] *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *disabled*
* Un nouveau point de restauration a été créé
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-03-06 au 2009-04-06 ))))))))))))))))))))))))))))))))))))
.
2009-04-05 20:28 . 2009-04-05 20:28 <REP> d-------- c:\documents and settings\All Users\Application Data\TEMP
2009-04-05 20:26 . 2009-04-05 20:28 <REP> d-------- c:\program files\Trojan Remover
2009-04-05 20:26 . 2009-04-05 20:26 <REP> d-------- c:\documents and settings\user\Application Data\Simply Super Software
2009-04-05 20:26 . 2009-04-05 20:26 <REP> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-04-05 20:26 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2009-04-05 20:26 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2009-04-05 20:26 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2009-04-05 20:26 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll
2009-04-05 20:26 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2009-04-05 15:47 . 2009-04-05 20:23 <REP> d-------- C:\ToolBar SD
2009-04-02 18:53 . 2009-04-02 18:53 <REP> d-------- c:\program files\LimeWire
2009-03-28 19:58 . 2009-03-28 19:58 <REP> d-------- c:\documents and settings\user\Application Data\SPORE
2009-03-28 19:54 . 2009-03-28 19:54 <REP> d-------- C:\ProgramData
2009-03-28 19:54 . 2009-03-28 19:54 6,830 --a------ c:\windows\system32\ealregsnapshot1.reg
2009-03-27 10:15 . 2009-03-27 10:15 <REP> d-------- c:\program files\RamBoost XP
2009-03-26 19:32 . 2009-03-26 19:33 <REP> d-------- c:\windows\ERUNT
2009-03-26 19:31 . 2008-10-16 18:04 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2009-03-26 19:31 . 2008-10-16 18:04 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2009-03-26 19:31 . 2008-10-16 16:10 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2009-03-26 19:31 . 2008-10-16 18:04 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
2009-03-26 19:31 . 2008-10-16 18:04 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2009-03-26 19:31 . 2008-10-16 18:04 <REP> d-------- c:\documents and settings\Administrateur\Favoris
2009-03-26 19:31 . 2008-10-16 18:04 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2009-03-26 19:31 . 2009-03-26 19:31 <REP> d-------- c:\documents and settings\Administrateur
2009-03-25 22:46 . 2009-03-27 10:04 <REP> d-------- C:\SDFix
2009-03-24 21:19 . 2009-04-04 13:06 <REP> d-------- c:\program files\DNA
2009-03-24 21:19 . 2009-03-24 21:19 <REP> d-------- c:\program files\BitTorrent
2009-03-24 21:19 . 2009-04-06 07:18 <REP> d-------- c:\documents and settings\user\Application Data\DNA
2009-03-24 09:20 . 2009-03-24 09:20 <REP> d-------- c:\program files\Free Video Converter
2009-03-24 09:20 . 2009-01-22 15:28 290,816 --a------ c:\windows\system32\decdll.dll
2009-03-22 14:47 . 2009-03-22 14:47 <REP> d-------- c:\windows\system32\Kaspersky Lab
2009-03-21 19:01 . 2009-03-21 19:01 <REP> d-------- c:\program files\InCode Solutions
2009-03-21 13:41 . 2009-03-21 13:41 <REP> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-21 13:40 . 2009-03-21 13:40 <REP> d-------- c:\program files\SUPERAntiSpyware
2009-03-21 13:40 . 2009-03-21 13:40 <REP> d-------- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com
2009-03-20 22:06 . 2009-03-20 22:06 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-20 22:06 . 2009-03-20 22:06 <REP> d-------- c:\documents and settings\user\Application Data\Malwarebytes
2009-03-20 22:06 . 2009-03-20 22:06 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-20 22:06 . 2009-02-11 11:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-20 22:06 . 2009-02-11 11:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-19 21:26 . 2009-03-19 21:26 <REP> d-------- c:\program files\Trend Micro
2009-03-18 21:34 . 2006-06-29 14:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-03-18 21:25 . 2009-03-18 21:34 <REP> d-------- c:\windows\system32\XPSViewer
2009-03-18 21:25 . 2009-03-18 21:25 <REP> d-------- c:\program files\Reference Assemblies
2009-03-18 21:25 . 2009-03-18 21:25 <REP> d-------- C:\505a424073f057cfb9
2009-03-18 21:25 . 2008-07-06 14:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-03-18 21:25 . 2008-07-06 14:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-03-18 21:25 . 2008-07-06 12:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-18 21:25 . 2008-07-06 14:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-03-18 21:25 . 2008-07-06 14:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-18 21:25 . 2008-07-06 14:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-03-18 21:25 . 2008-07-06 14:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-18 21:25 . 2009-03-18 21:25 210 --a------ c:\windows\system32\spupdsvc.inf
2009-03-18 21:24 . 2009-03-19 07:51 <REP> d-------- c:\windows\SxsCaPendDel
2009-03-18 20:40 . 2009-03-18 22:22 <REP> d-------- c:\program files\a-squared Free
2009-03-18 19:55 . 2009-03-18 19:55 <REP> d-------- c:\program files\Lavalys
2009-03-12 19:41 . 2009-03-12 19:42 <REP> d-------- c:\program files\iTunes
2009-03-12 19:41 . 2009-03-12 19:41 <REP> d-------- c:\program files\iPod
2009-03-12 19:41 . 2009-03-12 19:42 <REP> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-12 19:39 . 2009-03-12 19:40 <REP> d-------- c:\program files\QuickTime
2009-03-12 19:38 . 2009-03-06 00:59 1,900,544 --a------ c:\windows\system32\usbaaplrc.dll
2009-03-12 07:42 . 2008-04-13 19:33 221,184 --a------ c:\windows\system32\wmpns.dll
2009-03-08 15:09 . 2009-03-08 15:09 <REP> d-------- c:\documents and settings\NetworkService\Bureau
2009-03-08 15:09 . 2009-03-08 15:09 <REP> d-------- c:\documents and settings\LocalService\Bureau
2009-03-08 15:05 . 2009-03-26 19:55 <REP> d-------- c:\documents and settings\All Users\Application Data\RetroExp
2009-03-08 15:04 . 2009-03-08 15:04 <REP> d-------- c:\program files\Retrospect
2009-03-08 11:33 . 2009-03-08 11:46 <REP> d-------- c:\program files\RegCleaner
2009-03-08 11:31 . 2009-03-08 11:30 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-07 20:19 . 2009-03-07 20:19 <REP> d-------- c:\documents and settings\user\Application Data\DAEMON Tools Lite
2009-03-07 20:19 . 2009-03-07 20:19 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2009-03-07 20:03 . 2009-03-07 20:03 <REP> d-------- c:\windows\Logs
2009-03-07 19:59 . 2009-03-07 19:59 <REP> d-------- c:\program files\Activision
2009-03-07 19:57 . 2009-03-07 19:57 <REP> d--hs---- c:\windows\ftpcache
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-06 05:12 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-04-05 18:20 --------- d-----w c:\documents and settings\user\Application Data\BitTorrent
2009-04-04 11:02 701,060 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-04 11:02 63,954,976 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-02 17:30 --------- d-----w c:\documents and settings\user\Application Data\LimeWire
2009-04-01 20:00 --------- d-----w c:\documents and settings\user\Application Data\Apple Computer
2009-03-28 17:56 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-03-28 17:54 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-28 17:54 --------- d-----w c:\program files\Electronic Arts
2009-03-27 07:58 3,728,396 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-03-26 17:25 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-26 17:06 2,320,896 ----a-w c:\windows\Internet Logs\xDB10.tmp
2009-03-26 17:06 13,312 ----a-w c:\windows\Internet Logs\xDBF.tmp
2009-03-26 17:04 689,152 ----a-w c:\windows\Internet Logs\xDBD.tmp
2009-03-26 17:04 2,320,896 ----a-w c:\windows\Internet Logs\xDBE.tmp
2009-03-21 11:40 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-03-18 19:25 --------- d-----w c:\program files\MSBuild
2009-03-18 18:18 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-17 18:44 --------- d-----w c:\program files\Vista Start Menu
2009-03-17 18:43 --------- d-----w c:\program files\Yahoo!
2009-03-12 17:41 --------- d-----w c:\program files\Fichiers communs\Apple
2009-03-12 05:41 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-08 09:30 --------- d-----w c:\program files\Java
2009-03-05 22:59 36,864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-04 21:01 --------- d-----w c:\program files\Microsoft Silverlight
2009-03-04 18:36 --------- d-----w c:\program files\Lexmark X1100 Series
2009-02-26 11:47 2,126,336 ----a-w c:\windows\Internet Logs\xDBC.tmp
2009-02-26 11:47 1,807,360 ----a-w c:\windows\Internet Logs\xDBB.tmp
2009-02-21 09:52 --------- d-----w c:\program files\Windows Live
2009-02-17 07:50 --------- d-----w c:\program files\Green Peach
2009-02-16 18:17 --------- d-----w c:\program files\Safari
2009-02-15 14:44 --------- d-----w c:\program files\Dofus
2009-02-14 18:18 --------- d-----w c:\program files\Teamspeak2_RC2
2009-02-14 18:18 --------- d-----w c:\documents and settings\user\Application Data\teamspeak2
2009-02-14 16:51 --------- d-----w c:\program files\World of Warcraft
2009-02-11 21:29 --------- d-----w c:\documents and settings\user\Application Data\OpenOffice.org2
2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys
2009-02-08 20:56 --------- d-----w c:\program files\Google
2009-02-06 18:39 308,600 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2008-10-25 10:59 22,328 ----a-w c:\documents and settings\user\Application Data\PnkBstrK.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-03-24 321344]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-08 136600]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-04-05 1213320]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-09-15 c:\windows\KHALMNPR.Exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-16 598016]
Moniteur reseau 802.11g MIMO OLITEC.lnk - c:\program files\OLITEC\Common\RaUI.exe [2008-11-12 643072]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XVID"= xvid.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^OLITEC Wireless Utility.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\OLITEC Wireless Utility.lnk
backup=c:\windows\pss\OLITEC Wireless Utility.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2009-03-06 01:50 177472 c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen]
--a------ 2008-12-09 13:08 495616 c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2009-03-11 14:52 342312 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2009-02-06 19:51 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RetroExpress]
--a------ 2008-07-07 14:12 9499928 c:\progra~1\RETROS~1\RETROS~1.5\RetroExpress.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--------- 2009-01-26 16:31 2144088 c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2009-02-17 12:43 1830128 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"= c:\\Program Files\\BitTorrent\\bittorrent.exe
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-16 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-10-16 20560]
S2 gupdate1c9894e66121dcc;Google Update Service (gupdate1c9894e66121dcc);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 133104]
S3 ADM8511;Convertisseur USB vers Fast Ethernet ADMtek ADM8511/AN986;c:\windows\system32\drivers\ADM8511.SYS [2008-10-16 20160]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-01-28 33752]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-11-02 195752]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
.
Contenu du dossier 'Tâches planifiées'
2009-03-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2009-04-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 08:40]
2009-04-06 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 20:03]
.
.
------- Examen supplémentaire -------
.
mWindow Title =
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\zyt49pb4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=101764&l=dis
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
FF - plugin: c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\zyt49pb4.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- PARAMETRES FIREFOX ----
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-06 07:25:43
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1644491937-527237240-682003330-1004\Software\SecuROM\License information*]
"datasecu"=hex:e1,81,97,7a,62,a7,0c,4f,65,f5,64,1c,67,0d,cf,83,f4,7b,0d,68,fc,
9b,51,77,72,f3,82,53,06,29,d0,63,93,ea,7c,1b,69,97,84,85,e1,80,2e,5c,2a,28,\
"rkeysecu"=hex:68,8f,6a,94,d2,12,d5,b3,97,a5,bc,65,90,c6,70,42
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(868)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Heure de fin: 2009-04-06 7:27:04
ComboFix-quarantined-files.txt 2009-04-06 05:27:02
Avant-CF: 90 114 240 512 octets libres
Après-CF: 90,206,162,944 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
278 --- E O F --- 2009-03-20 18:24:59
je lance kapersky!
ComboFix 09-04-04.01 - user 2009-04-06 7:24:26.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2046.1471 [GMT 2:00]
Lancé depuis: c:\documents and settings\user\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090405-1] *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *disabled*
* Un nouveau point de restauration a été créé
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-03-06 au 2009-04-06 ))))))))))))))))))))))))))))))))))))
.
2009-04-05 20:28 . 2009-04-05 20:28 <REP> d-------- c:\documents and settings\All Users\Application Data\TEMP
2009-04-05 20:26 . 2009-04-05 20:28 <REP> d-------- c:\program files\Trojan Remover
2009-04-05 20:26 . 2009-04-05 20:26 <REP> d-------- c:\documents and settings\user\Application Data\Simply Super Software
2009-04-05 20:26 . 2009-04-05 20:26 <REP> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-04-05 20:26 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2009-04-05 20:26 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2009-04-05 20:26 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2009-04-05 20:26 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll
2009-04-05 20:26 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2009-04-05 15:47 . 2009-04-05 20:23 <REP> d-------- C:\ToolBar SD
2009-04-02 18:53 . 2009-04-02 18:53 <REP> d-------- c:\program files\LimeWire
2009-03-28 19:58 . 2009-03-28 19:58 <REP> d-------- c:\documents and settings\user\Application Data\SPORE
2009-03-28 19:54 . 2009-03-28 19:54 <REP> d-------- C:\ProgramData
2009-03-28 19:54 . 2009-03-28 19:54 6,830 --a------ c:\windows\system32\ealregsnapshot1.reg
2009-03-27 10:15 . 2009-03-27 10:15 <REP> d-------- c:\program files\RamBoost XP
2009-03-26 19:32 . 2009-03-26 19:33 <REP> d-------- c:\windows\ERUNT
2009-03-26 19:31 . 2008-10-16 18:04 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2009-03-26 19:31 . 2008-10-16 18:04 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2009-03-26 19:31 . 2008-10-16 16:10 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2009-03-26 19:31 . 2008-10-16 18:04 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
2009-03-26 19:31 . 2008-10-16 18:04 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2009-03-26 19:31 . 2008-10-16 18:04 <REP> d-------- c:\documents and settings\Administrateur\Favoris
2009-03-26 19:31 . 2008-10-16 18:04 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2009-03-26 19:31 . 2009-03-26 19:31 <REP> d-------- c:\documents and settings\Administrateur
2009-03-25 22:46 . 2009-03-27 10:04 <REP> d-------- C:\SDFix
2009-03-24 21:19 . 2009-04-04 13:06 <REP> d-------- c:\program files\DNA
2009-03-24 21:19 . 2009-03-24 21:19 <REP> d-------- c:\program files\BitTorrent
2009-03-24 21:19 . 2009-04-06 07:18 <REP> d-------- c:\documents and settings\user\Application Data\DNA
2009-03-24 09:20 . 2009-03-24 09:20 <REP> d-------- c:\program files\Free Video Converter
2009-03-24 09:20 . 2009-01-22 15:28 290,816 --a------ c:\windows\system32\decdll.dll
2009-03-22 14:47 . 2009-03-22 14:47 <REP> d-------- c:\windows\system32\Kaspersky Lab
2009-03-21 19:01 . 2009-03-21 19:01 <REP> d-------- c:\program files\InCode Solutions
2009-03-21 13:41 . 2009-03-21 13:41 <REP> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-21 13:40 . 2009-03-21 13:40 <REP> d-------- c:\program files\SUPERAntiSpyware
2009-03-21 13:40 . 2009-03-21 13:40 <REP> d-------- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com
2009-03-20 22:06 . 2009-03-20 22:06 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-20 22:06 . 2009-03-20 22:06 <REP> d-------- c:\documents and settings\user\Application Data\Malwarebytes
2009-03-20 22:06 . 2009-03-20 22:06 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-20 22:06 . 2009-02-11 11:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-20 22:06 . 2009-02-11 11:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-19 21:26 . 2009-03-19 21:26 <REP> d-------- c:\program files\Trend Micro
2009-03-18 21:34 . 2006-06-29 14:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-03-18 21:25 . 2009-03-18 21:34 <REP> d-------- c:\windows\system32\XPSViewer
2009-03-18 21:25 . 2009-03-18 21:25 <REP> d-------- c:\program files\Reference Assemblies
2009-03-18 21:25 . 2009-03-18 21:25 <REP> d-------- C:\505a424073f057cfb9
2009-03-18 21:25 . 2008-07-06 14:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-03-18 21:25 . 2008-07-06 14:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-03-18 21:25 . 2008-07-06 12:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-18 21:25 . 2008-07-06 14:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-03-18 21:25 . 2008-07-06 14:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-18 21:25 . 2008-07-06 14:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-03-18 21:25 . 2008-07-06 14:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-18 21:25 . 2009-03-18 21:25 210 --a------ c:\windows\system32\spupdsvc.inf
2009-03-18 21:24 . 2009-03-19 07:51 <REP> d-------- c:\windows\SxsCaPendDel
2009-03-18 20:40 . 2009-03-18 22:22 <REP> d-------- c:\program files\a-squared Free
2009-03-18 19:55 . 2009-03-18 19:55 <REP> d-------- c:\program files\Lavalys
2009-03-12 19:41 . 2009-03-12 19:42 <REP> d-------- c:\program files\iTunes
2009-03-12 19:41 . 2009-03-12 19:41 <REP> d-------- c:\program files\iPod
2009-03-12 19:41 . 2009-03-12 19:42 <REP> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-12 19:39 . 2009-03-12 19:40 <REP> d-------- c:\program files\QuickTime
2009-03-12 19:38 . 2009-03-06 00:59 1,900,544 --a------ c:\windows\system32\usbaaplrc.dll
2009-03-12 07:42 . 2008-04-13 19:33 221,184 --a------ c:\windows\system32\wmpns.dll
2009-03-08 15:09 . 2009-03-08 15:09 <REP> d-------- c:\documents and settings\NetworkService\Bureau
2009-03-08 15:09 . 2009-03-08 15:09 <REP> d-------- c:\documents and settings\LocalService\Bureau
2009-03-08 15:05 . 2009-03-26 19:55 <REP> d-------- c:\documents and settings\All Users\Application Data\RetroExp
2009-03-08 15:04 . 2009-03-08 15:04 <REP> d-------- c:\program files\Retrospect
2009-03-08 11:33 . 2009-03-08 11:46 <REP> d-------- c:\program files\RegCleaner
2009-03-08 11:31 . 2009-03-08 11:30 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-07 20:19 . 2009-03-07 20:19 <REP> d-------- c:\documents and settings\user\Application Data\DAEMON Tools Lite
2009-03-07 20:19 . 2009-03-07 20:19 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2009-03-07 20:03 . 2009-03-07 20:03 <REP> d-------- c:\windows\Logs
2009-03-07 19:59 . 2009-03-07 19:59 <REP> d-------- c:\program files\Activision
2009-03-07 19:57 . 2009-03-07 19:57 <REP> d--hs---- c:\windows\ftpcache
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-06 05:12 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-04-05 18:20 --------- d-----w c:\documents and settings\user\Application Data\BitTorrent
2009-04-04 11:02 701,060 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-04 11:02 63,954,976 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-02 17:30 --------- d-----w c:\documents and settings\user\Application Data\LimeWire
2009-04-01 20:00 --------- d-----w c:\documents and settings\user\Application Data\Apple Computer
2009-03-28 17:56 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-03-28 17:54 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-28 17:54 --------- d-----w c:\program files\Electronic Arts
2009-03-27 07:58 3,728,396 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-03-26 17:25 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-26 17:06 2,320,896 ----a-w c:\windows\Internet Logs\xDB10.tmp
2009-03-26 17:06 13,312 ----a-w c:\windows\Internet Logs\xDBF.tmp
2009-03-26 17:04 689,152 ----a-w c:\windows\Internet Logs\xDBD.tmp
2009-03-26 17:04 2,320,896 ----a-w c:\windows\Internet Logs\xDBE.tmp
2009-03-21 11:40 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-03-18 19:25 --------- d-----w c:\program files\MSBuild
2009-03-18 18:18 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-17 18:44 --------- d-----w c:\program files\Vista Start Menu
2009-03-17 18:43 --------- d-----w c:\program files\Yahoo!
2009-03-12 17:41 --------- d-----w c:\program files\Fichiers communs\Apple
2009-03-12 05:41 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-08 09:30 --------- d-----w c:\program files\Java
2009-03-05 22:59 36,864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-04 21:01 --------- d-----w c:\program files\Microsoft Silverlight
2009-03-04 18:36 --------- d-----w c:\program files\Lexmark X1100 Series
2009-02-26 11:47 2,126,336 ----a-w c:\windows\Internet Logs\xDBC.tmp
2009-02-26 11:47 1,807,360 ----a-w c:\windows\Internet Logs\xDBB.tmp
2009-02-21 09:52 --------- d-----w c:\program files\Windows Live
2009-02-17 07:50 --------- d-----w c:\program files\Green Peach
2009-02-16 18:17 --------- d-----w c:\program files\Safari
2009-02-15 14:44 --------- d-----w c:\program files\Dofus
2009-02-14 18:18 --------- d-----w c:\program files\Teamspeak2_RC2
2009-02-14 18:18 --------- d-----w c:\documents and settings\user\Application Data\teamspeak2
2009-02-14 16:51 --------- d-----w c:\program files\World of Warcraft
2009-02-11 21:29 --------- d-----w c:\documents and settings\user\Application Data\OpenOffice.org2
2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys
2009-02-08 20:56 --------- d-----w c:\program files\Google
2009-02-06 18:39 308,600 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2008-10-25 10:59 22,328 ----a-w c:\documents and settings\user\Application Data\PnkBstrK.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-03-24 321344]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-08 136600]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-04-05 1213320]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-09-15 c:\windows\KHALMNPR.Exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-16 598016]
Moniteur reseau 802.11g MIMO OLITEC.lnk - c:\program files\OLITEC\Common\RaUI.exe [2008-11-12 643072]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XVID"= xvid.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^OLITEC Wireless Utility.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\OLITEC Wireless Utility.lnk
backup=c:\windows\pss\OLITEC Wireless Utility.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2009-03-06 01:50 177472 c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen]
--a------ 2008-12-09 13:08 495616 c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2009-03-11 14:52 342312 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2009-02-06 19:51 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RetroExpress]
--a------ 2008-07-07 14:12 9499928 c:\progra~1\RETROS~1\RETROS~1.5\RetroExpress.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--------- 2009-01-26 16:31 2144088 c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2009-02-17 12:43 1830128 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"= c:\\Program Files\\BitTorrent\\bittorrent.exe
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-16 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-10-16 20560]
S2 gupdate1c9894e66121dcc;Google Update Service (gupdate1c9894e66121dcc);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 133104]
S3 ADM8511;Convertisseur USB vers Fast Ethernet ADMtek ADM8511/AN986;c:\windows\system32\drivers\ADM8511.SYS [2008-10-16 20160]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-01-28 33752]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-11-02 195752]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
.
Contenu du dossier 'Tâches planifiées'
2009-03-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2009-04-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 08:40]
2009-04-06 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 20:03]
.
.
------- Examen supplémentaire -------
.
mWindow Title =
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\zyt49pb4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=101764&l=dis
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
FF - plugin: c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\zyt49pb4.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- PARAMETRES FIREFOX ----
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-06 07:25:43
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\S-1-5-21-1644491937-527237240-682003330-1004\Software\SecuROM\License information*]
"datasecu"=hex:e1,81,97,7a,62,a7,0c,4f,65,f5,64,1c,67,0d,cf,83,f4,7b,0d,68,fc,
9b,51,77,72,f3,82,53,06,29,d0,63,93,ea,7c,1b,69,97,84,85,e1,80,2e,5c,2a,28,\
"rkeysecu"=hex:68,8f,6a,94,d2,12,d5,b3,97,a5,bc,65,90,c6,70,42
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(868)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Heure de fin: 2009-04-06 7:27:04
ComboFix-quarantined-files.txt 2009-04-06 05:27:02
Avant-CF: 90 114 240 512 octets libres
Après-CF: 90,206,162,944 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
278 --- E O F --- 2009-03-20 18:24:59
Rapport Kaspersky
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, April 06, 2009 12:13:02 PM
Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 3 (Build 2600)
Kaspersky On-line Scanner version : 5.0.84.2
Dernière mise à jour de la base antivirus Kaspersky : 6/04/2009
Enregistrements dans la base antivirus Kaspersky : 2016946
-------------------------------------------------------------------------------
Paramètres d'analyse:
Analyser avec la base antivirus suivante: étendue
Analyser les archives: vrai
Analyser les bases de messagerie: vrai
Cible de l'analyse - Poste de travail:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\
N:\
O:\
Statistiques de l'analyse:
Total d'objets analysés: 394900
Nombre de virus trouvés: 5
Nombre d'objets infectés: 8 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 04:09:54
Nom de l'objet infecté / Nom du virus / Dernière action
C:\autorun.inf\lpt3.This folder was created by Flash_Disinfector L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.120.Crwl L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.120.gthr L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.ci L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wsb L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010018.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy48.gthr L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_554.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\user\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\user\Local Settings\Application Data\Adobe\Updater6\aum.log L'objet est verrouillé ignoré
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\user\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\user\Local Settings\Historique\History.IE5\MSHist012009040620090407\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\user\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\user\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log L'objet est verrouillé ignoré
C:\System Volume Information\_restore{D895DA62-4759-4E2B-8D86-7C638133DC52}\RP171\change.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\Internet Logs\IAMDB.RDB L'objet est verrouillé ignoré
C:\WINDOWS\Internet Logs\tvDebug.log L'objet est verrouillé ignoré
C:\WINDOWS\Internet Logs\USER-1ABDFBA3FD.ldb L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\ODiag.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\OSession.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\fidbox.dat L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\fidbox.idx L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\Temp\Perflib_Perfdata_720.dat L'objet est verrouillé ignoré
C:\WINDOWS\Temp\Perflib_Perfdata_784.dat L'objet est verrouillé ignoré
C:\WINDOWS\Temp\ZLT0260c.TMP L'objet est verrouillé ignoré
C:\WINDOWS\Temp\ZLT02616.TMP L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
D:\autorun.inf\lpt3.This folder was created by Flash_Disinfector L'objet est verrouillé ignoré
D:\Downloads\Archivage\installer-43922-845-K-Lite-Codec-Pack-Full-French.exe Infecté : not-a-virus:AdWare.Win32.FakeInstaller.hl ignoré
D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
D:\System Volume Information\_restore{D895DA62-4759-4E2B-8D86-7C638133DC52}\RP163\A0072711.exe Infecté : Trojan.Win32.KillFiles.ajm ignoré
D:\System Volume Information\_restore{D895DA62-4759-4E2B-8D86-7C638133DC52}\RP171\change.log L'objet est verrouillé ignoré
E:\autorun.inf\lpt3.This folder was created by Flash_Disinfector L'objet est verrouillé ignoré
E:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
E:\System Volume Information\_restore{D895DA62-4759-4E2B-8D86-7C638133DC52}\RP171\change.log L'objet est verrouillé ignoré
F:\autorun.inf\lpt3.This folder was created by Flash_Disinfector L'objet est verrouillé ignoré
F:\Downloads\Archivage\installer-43922-845-K-Lite-Codec-Pack-Full-French.exe Infecté : not-a-virus:AdWare.Win32.FakeInstaller.hl ignoré
F:\sauvegarde partition centrale\Documents and Settings\Guillaume\Bureau\Downloads\Archivage\installer-43922-845-K-Lite-Codec-Pack-Full-French.exe Infecté : not-a-virus:AdWare.Win32.FakeInstaller.hl ignoré
F:\System Volume Information\_restore{D895DA62-4759-4E2B-8D86-7C638133DC52}\RP163\A0072717.exe Infecté : Trojan.Win32.KillFiles.ajm ignoré
F:\System Volume Information\_restore{D895DA62-4759-4E2B-8D86-7C638133DC52}\RP163\A0072720.dll Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.b ignoré
F:\System Volume Information\_restore{D895DA62-4759-4E2B-8D86-7C638133DC52}\RP163\A0072722.exe Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.h ignoré
F:\System Volume Information\_restore{D895DA62-4759-4E2B-8D86-7C638133DC52}\RP163\A0072723.dll Infecté : not-a-virus:WebToolbar.Win32.WhenU.r ignoré
F:\System Volume Information\_restore{D895DA62-4759-4E2B-8D86-7C638133DC52}\RP171\change.log L'objet est verrouillé ignoré
Analyse terminée.
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, April 06, 2009 12:13:02 PM
Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 3 (Build 2600)
Kaspersky On-line Scanner version : 5.0.84.2
Dernière mise à jour de la base antivirus Kaspersky : 6/04/2009
Enregistrements dans la base antivirus Kaspersky : 2016946
-------------------------------------------------------------------------------
Paramètres d'analyse:
Analyser avec la base antivirus suivante: étendue
Analyser les archives: vrai
Analyser les bases de messagerie: vrai
Cible de l'analyse - Poste de travail:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\
N:\
O:\
Statistiques de l'analyse:
Total d'objets analysés: 394900
Nombre de virus trouvés: 5
Nombre d'objets infectés: 8 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 04:09:54
Nom de l'objet infecté / Nom du virus / Dernière action
C:\autorun.inf\lpt3.This folder was created by Flash_Disinfector L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.120.Crwl L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.120.gthr L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.ci L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wsb L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010018.wid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy48.gthr L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_554.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\user\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\user\Local Settings\Application Data\Adobe\Updater6\aum.log L'objet est verrouillé ignoré
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\user\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\user\Local Settings\Historique\History.IE5\MSHist012009040620090407\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\user\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\user\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log L'objet est verrouillé ignoré
C:\System Volume Information\_restore{D895DA62-4759-4E2B-8D86-7C638133DC52}\RP171\change.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\Internet Logs\IAMDB.RDB L'objet est verrouillé ignoré
C:\WINDOWS\Internet Logs\tvDebug.log L'objet est verrouillé ignoré
C:\WINDOWS\Internet Logs\USER-1ABDFBA3FD.ldb L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\ODiag.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\OSession.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\fidbox.dat L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\fidbox.idx L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\Temp\Perflib_Perfdata_720.dat L'objet est verrouillé ignoré
C:\WINDOWS\Temp\Perflib_Perfdata_784.dat L'objet est verrouillé ignoré
C:\WINDOWS\Temp\ZLT0260c.TMP L'objet est verrouillé ignoré
C:\WINDOWS\Temp\ZLT02616.TMP L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
D:\autorun.inf\lpt3.This folder was created by Flash_Disinfector L'objet est verrouillé ignoré
D:\Downloads\Archivage\installer-43922-845-K-Lite-Codec-Pack-Full-French.exe Infecté : not-a-virus:AdWare.Win32.FakeInstaller.hl ignoré
D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
D:\System Volume Information\_restore{D895DA62-4759-4E2B-8D86-7C638133DC52}\RP163\A0072711.exe Infecté : Trojan.Win32.KillFiles.ajm ignoré
D:\System Volume Information\_restore{D895DA62-4759-4E2B-8D86-7C638133DC52}\RP171\change.log L'objet est verrouillé ignoré
E:\autorun.inf\lpt3.This folder was created by Flash_Disinfector L'objet est verrouillé ignoré
E:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
E:\System Volume Information\_restore{D895DA62-4759-4E2B-8D86-7C638133DC52}\RP171\change.log L'objet est verrouillé ignoré
F:\autorun.inf\lpt3.This folder was created by Flash_Disinfector L'objet est verrouillé ignoré
F:\Downloads\Archivage\installer-43922-845-K-Lite-Codec-Pack-Full-French.exe Infecté : not-a-virus:AdWare.Win32.FakeInstaller.hl ignoré
F:\sauvegarde partition centrale\Documents and Settings\Guillaume\Bureau\Downloads\Archivage\installer-43922-845-K-Lite-Codec-Pack-Full-French.exe Infecté : not-a-virus:AdWare.Win32.FakeInstaller.hl ignoré
F:\System Volume Information\_restore{D895DA62-4759-4E2B-8D86-7C638133DC52}\RP163\A0072717.exe Infecté : Trojan.Win32.KillFiles.ajm ignoré
F:\System Volume Information\_restore{D895DA62-4759-4E2B-8D86-7C638133DC52}\RP163\A0072720.dll Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.b ignoré
F:\System Volume Information\_restore{D895DA62-4759-4E2B-8D86-7C638133DC52}\RP163\A0072722.exe Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.h ignoré
F:\System Volume Information\_restore{D895DA62-4759-4E2B-8D86-7C638133DC52}\RP163\A0072723.dll Infecté : not-a-virus:WebToolbar.Win32.WhenU.r ignoré
F:\System Volume Information\_restore{D895DA62-4759-4E2B-8D86-7C638133DC52}\RP171\change.log L'objet est verrouillé ignoré
Analyse terminée.
Voici ce qu'il reste comme virus :
D:\Downloads\Archivage\installer-43922-845-K-Lite-Codec-Pack¬-Full-French.exe Infecté : not-a-virus:AdWare.Win32.FakeInstaller.hl ignoré
D:\System Volume Information\_restore{D895DA62-4759-4E2B-8D86-7C638133DC52}\R¬P163\A0072711.exe Infecté : Trojan.Win32.KillFiles.ajm ignoré
F:\Downloads\Archivage\installer-43922-845-K-Lite-Codec-Pack¬-Full-French.exe Infecté : not-a-virus:AdWare.Win32.FakeInstaller.hl ignoré
F:\sauvegarde partition centrale\Documents and Settings\Guillaume\Bureau\Downloads\Archivage\installer-4392¬2-845-K-Lite-Codec-Pack-Full-French.exe Infecté : not-a-virus:AdWare.Win32.FakeInstaller.hl ignoré
F:\System Volume Information\_restore{D895DA62-4759-4E2B-8D86-7C638133DC52}\R¬P163\A0072717.exe Infecté : Trojan.Win32.KillFiles.ajm ignoré
F:\System Volume Information\_restore{D895DA62-4759-4E2B-8D86-7C638133DC52}\R¬P163\A0072720.dll Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.b ignoré
F:\System Volume Information\_restore{D895DA62-4759-4E2B-8D86-7C638133DC52}\R¬P163\A0072722.exe Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.h ignoré
F:\System Volume Information\_restore{D895DA62-4759-4E2B-8D86-7C638133DC52}\R¬P163\A0072723.dll Infecté : not-a-virus:WebToolbar.Win32.WhenU.r ignoré
Il va falloir me supprimer ça et me vider la corbeille ensuite puis un nouvel hijackthis .
D:\Downloads\Archivage\installer-43922-845-K-Lite-Codec-Pack¬-Full-French.exe Infecté : not-a-virus:AdWare.Win32.FakeInstaller.hl ignoré
F:\sauvegarde partition centrale\Documents and Settings\Guillaume\Bureau\Downloads\Archivage\installer-4392¬2-845-K-Lite-Codec-Pack-Full-French.exe Infecté : not-a-virus:AdWare.Win32.FakeInstaller.hl ignoré
F:\Downloads\Archivage\installer-43922-845-K-Lite-Codec-Pack¬-Full-French.exe Infecté : not-a-virus:AdWare.Win32.FakeInstaller.hl ignoré
D:\Downloads\Archivage\installer-43922-845-K-Lite-Codec-Pack¬-Full-French.exe Infecté : not-a-virus:AdWare.Win32.FakeInstaller.hl ignoré
D:\System Volume Information\_restore{D895DA62-4759-4E2B-8D86-7C638133DC52}\R¬P163\A0072711.exe Infecté : Trojan.Win32.KillFiles.ajm ignoré
F:\Downloads\Archivage\installer-43922-845-K-Lite-Codec-Pack¬-Full-French.exe Infecté : not-a-virus:AdWare.Win32.FakeInstaller.hl ignoré
F:\sauvegarde partition centrale\Documents and Settings\Guillaume\Bureau\Downloads\Archivage\installer-4392¬2-845-K-Lite-Codec-Pack-Full-French.exe Infecté : not-a-virus:AdWare.Win32.FakeInstaller.hl ignoré
F:\System Volume Information\_restore{D895DA62-4759-4E2B-8D86-7C638133DC52}\R¬P163\A0072717.exe Infecté : Trojan.Win32.KillFiles.ajm ignoré
F:\System Volume Information\_restore{D895DA62-4759-4E2B-8D86-7C638133DC52}\R¬P163\A0072720.dll Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.b ignoré
F:\System Volume Information\_restore{D895DA62-4759-4E2B-8D86-7C638133DC52}\R¬P163\A0072722.exe Infecté : not-a-virus:RemoteAdmin.Win32.WinVNC-based.h ignoré
F:\System Volume Information\_restore{D895DA62-4759-4E2B-8D86-7C638133DC52}\R¬P163\A0072723.dll Infecté : not-a-virus:WebToolbar.Win32.WhenU.r ignoré
Il va falloir me supprimer ça et me vider la corbeille ensuite puis un nouvel hijackthis .
D:\Downloads\Archivage\installer-43922-845-K-Lite-Codec-Pack¬-Full-French.exe Infecté : not-a-virus:AdWare.Win32.FakeInstaller.hl ignoré
F:\sauvegarde partition centrale\Documents and Settings\Guillaume\Bureau\Downloads\Archivage\installer-4392¬2-845-K-Lite-Codec-Pack-Full-French.exe Infecté : not-a-virus:AdWare.Win32.FakeInstaller.hl ignoré
F:\Downloads\Archivage\installer-43922-845-K-Lite-Codec-Pack¬-Full-French.exe Infecté : not-a-virus:AdWare.Win32.FakeInstaller.hl ignoré
Tu m'a bien demander de supprimer les 3 fichiers en dessous de ton message? ou ceux qui st avt?
Rapport Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:34:18, on 07/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Retrospect\Retrospect Express HD 2.5\retrorun.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Trojan Remover\Trjscan.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\OLITEC\Common\RaUI.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Moniteur reseau 802.11g MIMO OLITEC.lnk = C:\Program Files\OLITEC\Common\RaUI.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c9894e66121dcc) (gupdate1c9894e66121dcc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect Express HD 2.5\retrorun.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
Rapport Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:34:18, on 07/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Retrospect\Retrospect Express HD 2.5\retrorun.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Trojan Remover\Trjscan.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\OLITEC\Common\RaUI.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Moniteur reseau 802.11g MIMO OLITEC.lnk = C:\Program Files\OLITEC\Common\RaUI.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c9894e66121dcc) (gupdate1c9894e66121dcc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect Express HD 2.5\retrorun.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
non non c'est bien les 3 dernier :
Ceci :
Télécharge Toolscleaner sur ton Bureau :
* Double-clique sur ToolsCleaner2.exe et laisse le travailler
* Clique sur Recherche et laisse le scan se terminer.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter, pour que le rapport puisse se créer.
* Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse
Puis ceci :
pour voir si ton pc est à jour :
http://www.filehippo.com/updatechecker/UpdateChecker.exe (attention certain logiciels mis en lien pour les mises à jour peuvent être en anglais, rechercher à ce moment là celui en français)
Voici un tuto
Surtout ne pas installer les versions bêta.
Et pour finir :
Purge de la restauration système
*Désactive ta restauration :
Clique droit sur poste de travail/propriétés/Restauration système/coche la case désactiver la restauration, appliquer, OK
---> Redémarre ton PC ...
*Réactive ta restauration :
Clique droit sur poste de travail/propriétés/Restauration système/décoche la case désactiver la restauration, appliquer, OK
--->Redémarre ton PC ...
( Note : tu peux aussi y accéder via panneau de configuration->" système "->" restauration système " ).
Tuto xp : http://service1.symantec.com/
tuto vista : Désactive et reactive ta restauration
Ceci :
Télécharge Toolscleaner sur ton Bureau :
* Double-clique sur ToolsCleaner2.exe et laisse le travailler
* Clique sur Recherche et laisse le scan se terminer.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter, pour que le rapport puisse se créer.
* Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse
Puis ceci :
pour voir si ton pc est à jour :
http://www.filehippo.com/updatechecker/UpdateChecker.exe (attention certain logiciels mis en lien pour les mises à jour peuvent être en anglais, rechercher à ce moment là celui en français)
Voici un tuto
Surtout ne pas installer les versions bêta.
Et pour finir :
Purge de la restauration système
*Désactive ta restauration :
Clique droit sur poste de travail/propriétés/Restauration système/coche la case désactiver la restauration, appliquer, OK
---> Redémarre ton PC ...
*Réactive ta restauration :
Clique droit sur poste de travail/propriétés/Restauration système/décoche la case désactiver la restauration, appliquer, OK
--->Redémarre ton PC ...
( Note : tu peux aussi y accéder via panneau de configuration->" système "->" restauration système " ).
Tuto xp : http://service1.symantec.com/
tuto vista : Désactive et reactive ta restauration
Premier rapport je continue le reste ;)
[ Rapport ToolsCleaner version 2.3.4 (par A.Rothstein & dj QUIOU) ]
--> Recherche:
C:\Combofix.txt: trouvé !
C:\TB.txt: trouvé !
C:\SDFIX: trouvé !
C:\Combofix: trouvé !
C:\Qoobox: trouvé !
C:\Toolbar SD: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\user\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\user\Bureau\hijackthis.log: trouvé !
C:\Documents and Settings\user\Bureau\Maintenance\SdFix.exe: trouvé !
C:\Documents and Settings\user\Bureau\Maintenance\HijackThis.lnk: trouvé !
C:\Documents and Settings\user\Recent\HijackThis.lnk: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
---------------------------------
--> Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\user\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\user\Bureau\Maintenance\SdFix.exe: supprimé !
C:\Documents and Settings\user\Bureau\Maintenance\HijackThis.lnk: supprimé !
C:\Documents and Settings\user\Recent\HijackThis.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\TB.txt: supprimé !
C:\Documents and Settings\user\Bureau\hijackthis.log: supprimé !
C:\SDFIX: supprimé !
C:\Combofix: supprimé !
C:\Qoobox: supprimé !
C:\Toolbar SD: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
Point de restauration crée !
Corbeille vidée!
Fichiers temporaires nettoyés !
Sauvegarde du registre crée !
[ Rapport ToolsCleaner version 2.3.4 (par A.Rothstein & dj QUIOU) ]
--> Recherche:
C:\Combofix.txt: trouvé !
C:\TB.txt: trouvé !
C:\SDFIX: trouvé !
C:\Combofix: trouvé !
C:\Qoobox: trouvé !
C:\Toolbar SD: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\user\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\user\Bureau\hijackthis.log: trouvé !
C:\Documents and Settings\user\Bureau\Maintenance\SdFix.exe: trouvé !
C:\Documents and Settings\user\Bureau\Maintenance\HijackThis.lnk: trouvé !
C:\Documents and Settings\user\Recent\HijackThis.lnk: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
---------------------------------
--> Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\user\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\user\Bureau\Maintenance\SdFix.exe: supprimé !
C:\Documents and Settings\user\Bureau\Maintenance\HijackThis.lnk: supprimé !
C:\Documents and Settings\user\Recent\HijackThis.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\TB.txt: supprimé !
C:\Documents and Settings\user\Bureau\hijackthis.log: supprimé !
C:\SDFIX: supprimé !
C:\Combofix: supprimé !
C:\Qoobox: supprimé !
C:\Toolbar SD: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
Point de restauration crée !
Corbeille vidée!
Fichiers temporaires nettoyés !
Sauvegarde du registre crée !
Hum après avoir fait tout ce que tu m'a demandé...j'ai fait quelques tests genre regarder des videos....hum jcrois que ça bouge plus trop! ce qui est plutôt bon signe..après faut voir!
tu veux que je te fasse autre chose pour vérifier?
tu veux que je te fasse autre chose pour vérifier?
Excuse moi jsuis en vacances j'ai pas trop trop le tps de passer -_- jreviens en fin de semaine prochaine, jsais pas trop pour mon pc faudrait que je tente de jouer ou de voir si ça lag encore quand je regarde des vidéo sur le net....jte previens si ça replante en fin de semaine prochaine!
merci bcp pour tout ce que tu as fait ;)
merci bcp pour tout ce que tu as fait ;)
