Spywares tenaces!!
samirou2103
-
chimay8 Messages postés 7947 Statut Contributeur sécurité -
chimay8 Messages postés 7947 Statut Contributeur sécurité -
Bonjour,
mon ordi est victime d'un spyware et malgré l'utilisation de spybot celui-ci est encore présent.
la seule residuelle est un fond d'écran NOIR avec une inscription WARNING.
j'aurais donc besoin de votre aidre pour résoudre définitivement le probleme.
j'ai fais un rapport avec hiJackThis, le voici :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:05:39, on 27/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.tiscali.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\Media\csrss.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [pidle] "C:\Documents and Settings\sam\Application Data\pidle\pidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\nd3a1c.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\temp\ntdll64.dll
O10 - Unknown file in Winsock LSP: c:\windows\temp\ntdll64.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16293524-21E5-474A-966B-AF4CBF48EC4B}: NameServer = 213.36.80.1 213.36.80.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{16293524-21E5-474A-966B-AF4CBF48EC4B}: NameServer = 213.36.80.1 213.36.80.1
O18 - Protocol: bw+0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: c:\windows\system32\yonugese.dll,C:\WINDOWS\system32\gunowini.dll
O20 - Winlogon Notify: ssqNGXQJ - C:\WINDOWS\
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yonugese.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yonugese.dll (file missing)
O22 - SharedTaskScheduler: jso8joigm409gopgmrlgd - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\yhs783ijfo3fe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Update Service (gupdate1c9a431286796c0) (gupdate1c9a431286796c0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.470.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe (file missing)
mon ordi est victime d'un spyware et malgré l'utilisation de spybot celui-ci est encore présent.
la seule residuelle est un fond d'écran NOIR avec une inscription WARNING.
j'aurais donc besoin de votre aidre pour résoudre définitivement le probleme.
j'ai fais un rapport avec hiJackThis, le voici :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:05:39, on 27/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.tiscali.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\Media\csrss.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [pidle] "C:\Documents and Settings\sam\Application Data\pidle\pidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\nd3a1c.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\temp\ntdll64.dll
O10 - Unknown file in Winsock LSP: c:\windows\temp\ntdll64.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16293524-21E5-474A-966B-AF4CBF48EC4B}: NameServer = 213.36.80.1 213.36.80.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{16293524-21E5-474A-966B-AF4CBF48EC4B}: NameServer = 213.36.80.1 213.36.80.1
O18 - Protocol: bw+0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: c:\windows\system32\yonugese.dll,C:\WINDOWS\system32\gunowini.dll
O20 - Winlogon Notify: ssqNGXQJ - C:\WINDOWS\
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yonugese.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yonugese.dll (file missing)
O22 - SharedTaskScheduler: jso8joigm409gopgmrlgd - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\yhs783ijfo3fe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Update Service (gupdate1c9a431286796c0) (gupdate1c9a431286796c0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.470.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe (file missing)
47 réponses
Il y a peu, je me suis fais remonter les bretelles par un "modo/helper" qui me reprochait de lancer Malwarebytes d' entrée ... !!!
en fait,MBAM est fort généraliste,mais pas combo...du tout!!
si par exemple tu lances MBAM et que dedans il y a du navipromo,tu n'éradiques pas les certificats qui vont avec...et il y a d'autres exemples!
donc le modo/helper à raison de te dire de ne pas lancer MBAM directement
combo cible plus les infections de type BD,trojans spécifiques ainsi que des infections chinoises,mais en aucun cas ne va te dégommer une toolbar néfaste(ce que risque de faire MBAM)
en fait,MBAM est fort généraliste,mais pas combo...du tout!!
si par exemple tu lances MBAM et que dedans il y a du navipromo,tu n'éradiques pas les certificats qui vont avec...et il y a d'autres exemples!
donc le modo/helper à raison de te dire de ne pas lancer MBAM directement
combo cible plus les infections de type BD,trojans spécifiques ainsi que des infections chinoises,mais en aucun cas ne va te dégommer une toolbar néfaste(ce que risque de faire MBAM)
rhaa! quelle chance j'ai de ne pas avoir de virus depuis au moins trois ans
je sais pas comment je fais,vu que je suis un gros dégueulasse qui nettoie jamais
je sais pas comment je fais,vu que je suis un gros dégueulasse qui nettoie jamais
salut,
y a de tout...(grossesinfections)
Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
**Désactive les logiciels de protection** (Antivirus, Antispywares) puis :
deconnecte toi d'internet,ferme tout les programmes
Double-clique sur combofix,si il te demande d'installer la console,fais le(voir plus bas)
ensuite,
il va te poser une question, réponds par la touche 1 et entrée pour valider.
ne touche plus à rien, même pas ta souris!!
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
-----------------------------------------------------
installer la Console de Récupération sur ton pc(cela permettra de réparer ton système au cas où le pc ne redémarrerait plus suite à la désinfection.)
Clique sur le lien ci-dessous pour aller sur le site Web de Microsoft:
https://support.microsoft.com/en-us/help/310994
descend jusqu'à "Téléchargement du fichier programme des disquettes d'installation" et clique sur le téléchargement correspondant à ta version de Windows XP (Édition familiale ou Professionnel) et au Service Pack que tu as installé.
**note: pour le SP3 charge le Service Pack 2
pour Windows XP Media Center charge XP Pro Service Pack 2.
enregistre le sur ton bureau.
fais un glisser/déposer du fichier sur l'icone de combofix comme ceci
http://img.bleepingcomputer.com/combofix/usage/rc.gif
Combofix va installer la console de récupération sur ton pc
a la fin de l'installation,combofix va afficher un message qui te signale que la console est installée.
---------------------------------------------------------------------
y a de tout...(grossesinfections)
Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
**Désactive les logiciels de protection** (Antivirus, Antispywares) puis :
deconnecte toi d'internet,ferme tout les programmes
Double-clique sur combofix,si il te demande d'installer la console,fais le(voir plus bas)
ensuite,
il va te poser une question, réponds par la touche 1 et entrée pour valider.
ne touche plus à rien, même pas ta souris!!
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
-----------------------------------------------------
installer la Console de Récupération sur ton pc(cela permettra de réparer ton système au cas où le pc ne redémarrerait plus suite à la désinfection.)
Clique sur le lien ci-dessous pour aller sur le site Web de Microsoft:
https://support.microsoft.com/en-us/help/310994
descend jusqu'à "Téléchargement du fichier programme des disquettes d'installation" et clique sur le téléchargement correspondant à ta version de Windows XP (Édition familiale ou Professionnel) et au Service Pack que tu as installé.
**note: pour le SP3 charge le Service Pack 2
pour Windows XP Media Center charge XP Pro Service Pack 2.
enregistre le sur ton bureau.
fais un glisser/déposer du fichier sur l'icone de combofix comme ceci
http://img.bleepingcomputer.com/combofix/usage/rc.gif
Combofix va installer la console de récupération sur ton pc
a la fin de l'installation,combofix va afficher un message qui te signale que la console est installée.
---------------------------------------------------------------------
Salut,
Sur ton bureau, télécharge Toolbar S&D
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2 (Team IDN)
Lance l'installation du programme en exécutant le fichier téléchargé.
Double-clique maintenant sur le raccourci de Toolbar-S&D.
Sélectionne la langue de ton choix puis, valide avec la touche "Entrée".
Ensuite, choisis l'option 1 (Recherche).
Patiente jusqu'à la fin de la recherche.
Le contenu du rapport est situé dans : C:\TB.txt
Poste-le.
---
P'tête pas utile que je propose ToolBar S&D puisque l' artillerie lourde est lancée avec ComboFix !
Dans un premier temps, peut-être aurait-il été bon de lancer des otils comme Ad-Remover, Lop S&D, etc ...
Sur ton bureau, télécharge Toolbar S&D
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2 (Team IDN)
Lance l'installation du programme en exécutant le fichier téléchargé.
Double-clique maintenant sur le raccourci de Toolbar-S&D.
Sélectionne la langue de ton choix puis, valide avec la touche "Entrée".
Ensuite, choisis l'option 1 (Recherche).
Patiente jusqu'à la fin de la recherche.
Le contenu du rapport est situé dans : C:\TB.txt
Poste-le.
---
P'tête pas utile que je propose ToolBar S&D puisque l' artillerie lourde est lancée avec ComboFix !
Dans un premier temps, peut-être aurait-il été bon de lancer des otils comme Ad-Remover, Lop S&D, etc ...
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
tout d'abord merci de votre interet,
voici le rapport de comboFix :
ComboFix 09-04-25.A3 - sam 27/04/2009 16:41.4 - [color=red][b]FAT32[/b][/color]x86
Lancé depuis: c:\documents and settings\sam\Bureau\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\sam\LOCALS~1\Temp\mousehook.dll
c:\docume~1\sam\LOCALS~1\Temp\ntdll64.dll
c:\documents and settings\LocalService\Application Data\NetMon
c:\documents and settings\LocalService\Application Data\NetMon\domains.txt
c:\documents and settings\LocalService\Application Data\NetMon\log.txt
c:\documents and settings\sam\Application Data\Microsoft\dtsc
c:\documents and settings\sam\Application Data\Microsoft\dtsc\s
c:\documents and settings\sam\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\network monitor
c:\program files\network monitor\netmon.exe
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\temp\vtmp2
c:\temp\vtmp2\ktnv33.log
c:\windows\accesss.exe
c:\windows\astctl32.ocx
c:\windows\avpcc.dll
c:\windows\clrssn.exe
c:\windows\cpan.dll
c:\windows\ctfmon32.exe
c:\windows\ctrlpan.dll
c:\windows\default.htm
c:\windows\directx32.exe
c:\windows\dnsrelay.dll
c:\windows\editpad.exe
c:\windows\explore.exe
c:\windows\explorer32.exe
c:\windows\funniest.exe
c:\windows\funny.exe
c:\windows\gfmnaaa.dll
c:\windows\helpcvs.exe
c:\windows\iedll.exe
c:\windows\iexplorer.exe
c:\windows\inetinf.exe
c:\windows\internet.exe
c:\windows\loader.exe
c:\windows\mainms.vpi
c:\windows\megavid.cdt
c:\windows\msconfd.dll
c:\windows\msspi.dll
c:\windows\mssys.exe
c:\windows\msupdate.exe
c:\windows\mswsc10.dll
c:\windows\mswsc20.dll
c:\windows\mtwirl32.dll
c:\windows\muotr.so
c:\windows\notepad32.exe
c:\windows\olehelp.exe
c:\windows\qttasks.exe
c:\windows\quicken.exe
c:\windows\rundll16.exe
c:\windows\rundll32.vbe
c:\windows\searchword.dll
c:\windows\sistem.exe
c:\windows\svchost32.exe
c:\windows\svcinit.exe
c:\windows\systeem.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\ahtn.htm
c:\windows\system32\atmtd.dll
c:\windows\system32\atmtd.dll._
c:\windows\system32\drivers\ovfsthwfdefisqsjkxehnqtbkixyrurpyolvdb.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\frmwrk32.exe
c:\windows\system32\hljwugsf.bin
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\ilevobam.ini
c:\windows\system32\msnav32.ax
c:\windows\system32\MUtvGfhk.ini
c:\windows\system32\MUtvGfhk.ini2
c:\windows\system32\ntdll64.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\olebudom.ini
c:\windows\system32\ovfsthkxbjhsjycbhaxrjasvchhnoobcmuwksa.dat
c:\windows\system32\ovfsthpllbkcqtfklrfymuhdbtuflhiacygtln.dll
c:\windows\system32\ovfsthqnnqqtcfpeduilttpuvqufqensnuxxrf.dat
c:\windows\system32\ovfsthtfrqdsxljmpocbxofcqcbjokwjvvunul.dll
c:\windows\system32\ovfsthurpfvjanpsumilafpklgehulyopdxgec.dll
c:\windows\system32\p2hhr.bat
c:\windows\system32\Process.exe
c:\windows\system32\rpryxetd.ini
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\uniq.tll
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\warning.gif
c:\windows\system32\win32hlp.cnf
c:\windows\system32\winpfz33.sys
c:\windows\system32\WS2Fix.exe
c:\windows\system32\yhs783ijfo3fe.dll
c:\windows\system32\zxdnt3d.cfg
c:\windows\systemcritical.exe
c:\windows\TEMP\ntdll64.dll
c:\windows\time.exe
c:\windows\users32.exe
c:\windows\waol.exe
c:\windows\win32e.exe
c:\windows\win64.exe
c:\windows\winajbm.dll
c:\windows\window.exe
c:\windows\winmgnt.exe
c:\windows\x.exe
c:\windows\xplugin.dll
c:\windows\xxxvideo.hta
c:\windows\y.exe
[color=blue]Une copie infectée de c:\windows\system32\userinit.exe a été trouvée et désinfectée
opie restaurée à partir de - c:\qoobox\Quarantine\C\WINDOWS\system32\userinit.exe.vir[/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_ovfsthctklwnbkpfsdqatwfhfemkuwtdtbvvrc
-------\Legacy_MSSECURITY1.209.4
-------\Legacy_NETWORK_MONITOR
-------\Legacy_PLUGPLAYRPC
-------\Service_Boonty Games
-------\Service_MsSecurity1.209.4
-------\Service_Network Monitor
-------\Service_PlugPlayRPC
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-27 au 2009-4-27 ))))))))))))))))))))))))))))))))))))
.
2009-04-27 12:35 . 2009-04-27 12:36 4096 ----a-w c:\windows\system32\winglsetup.exe
2009-04-27 11:44 . 2009-04-27 11:44 24064 ----a-w c:\windows\system32\loader266.exe
2009-04-26 20:44 . 2009-04-26 20:44 -------- d-----w c:\documents and settings\sam\Application Data\pidle
2009-04-15 16:59 . 2009-03-06 14:46 286208 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-15 16:59 . 2009-02-09 10:20 473088 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 16:59 . 2009-02-06 16:39 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 16:59 . 2009-02-09 10:20 685056 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 16:59 . 2009-02-09 10:08 111104 ------w c:\windows\system32\dllcache\services.exe
2009-04-15 16:59 . 2009-02-09 10:20 739840 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 16:59 . 2009-02-09 10:20 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 16:58 . 2008-12-16 12:49 351232 ------w c:\windows\system32\dllcache\winhttp.dll
2009-04-15 16:58 . 2008-04-21 21:27 219136 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-15 08:46 . 2009-04-26 17:20 54156 ---ha-w c:\windows\QTFont.qfn
2009-04-15 08:46 . 2009-04-15 08:46 1409 ----a-w c:\windows\QTFont.for
2009-04-13 04:23 . 2009-04-13 04:23 -------- d-sh--w C:\FOUND.073
2009-04-13 03:53 . 2009-04-13 03:53 -------- d-sh--w C:\FOUND.072
2009-04-07 08:00 . 2009-04-07 08:00 -------- d-sh--w C:\FOUND.071
2009-03-31 18:51 . 2009-03-31 18:51 -------- d-sh--w C:\FOUND.070
2009-03-31 18:27 . 2009-03-31 18:27 -------- d-sh--w C:\FOUND.069
2009-03-30 10:04 . 2009-03-30 10:04 -------- d-sh--w C:\FOUND.068
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-27 13:34 . 2009-04-27 12:44 1258 ----a-w C:\rapport.txt
2009-04-27 10:30 . 2009-01-27 10:30 79872 --sha-w C:\ARKA.tmp
2009-04-27 10:30 . 2009-01-27 10:30 87552 --sha-w C:\ARKB.tmp
2009-04-22 10:27 . 2005-01-23 10:37 78148 ----a-w c:\windows\system32\perfc00C.dat
2009-04-22 10:27 . 2005-01-23 10:37 476284 ----a-w c:\windows\system32\perfh00C.dat
2009-03-24 19:20 . 2006-06-25 15:49 51800 ----a-w c:\documents and settings\sam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-24 19:12 . 2009-03-24 19:12 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-24 19:11 . 2009-03-24 19:11 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-03-24 19:09 . 2009-03-24 19:09 -------- d-----w c:\program files\Microsoft
2009-03-24 19:09 . 2009-03-24 19:09 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-24 19:02 . 2009-03-24 19:02 -------- d-----w c:\program files\Fichiers communs\Windows Live
2009-03-21 14:20 . 2004-08-05 04:00 1051136 ----a-w c:\windows\system32\dllcache\kernel32.dll
2009-03-20 08:42 . 2009-03-20 08:42 -------- d-----w c:\documents and settings\sam\Application Data\Mumble
2009-03-20 08:39 . 2009-03-20 08:39 -------- d-----w c:\program files\Mumble
2009-03-11 16:59 . 2008-05-09 10:24 268 ---ha-w C:\sqmdata03.sqm
2009-03-11 16:59 . 2008-05-09 10:24 244 ---ha-w C:\sqmnoopt03.sqm
2009-03-06 14:46 . 2004-08-05 03:00 286208 ----a-w c:\windows\system32\pdh.dll
2009-03-03 12:12 . 2008-09-10 21:00 3476 ----a-w c:\program files\mpc7.reg
2009-03-03 12:12 . 2008-09-10 21:00 680 ----a-w c:\program files\mpc2.reg
2009-03-03 12:12 . 2008-09-10 21:00 558 ----a-w c:\program files\mpc1.reg
2009-03-03 12:12 . 2008-09-10 21:00 3554 ----a-w c:\program files\ffdssetts.reg
2009-03-03 12:12 . 2008-09-10 21:00 31570 ----a-w c:\program files\ffdsvsetts.reg
2009-03-03 12:12 . 2008-09-10 21:00 3026 ----a-w c:\program files\mpc3.reg
2009-03-03 12:12 . 2008-09-10 21:00 18156 ----a-w c:\program files\mpc6.reg
2009-03-03 12:12 . 2008-09-10 21:00 16240 ----a-w c:\program files\mpc5.reg
2009-03-03 12:12 . 2008-09-10 21:00 1292 ----a-w c:\program files\ffdsasetts.reg
2009-03-03 00:13 . 2005-07-03 01:16 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-03 00:13 . 2005-07-03 01:16 826368 ------w c:\windows\system32\dllcache\wininet.dll
2009-02-28 04:54 . 2007-08-13 16:43 636072 ------w c:\windows\system32\dllcache\iexplore.exe
2009-02-25 09:43 . 2008-05-08 22:35 268 ---ha-w C:\sqmdata02.sqm
2009-02-25 09:43 . 2008-05-08 22:35 244 ---ha-w C:\sqmnoopt02.sqm
2009-02-24 17:19 . 2007-10-31 15:51 244 ---ha-w C:\sqmnoopt01.sqm
2009-02-24 17:19 . 2007-10-31 15:51 232 ---ha-w C:\sqmdata01.sqm
2009-02-20 10:20 . 2007-12-16 17:00 13824 ------w c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 10:20 . 2007-08-13 16:39 70656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:14 . 2004-08-05 03:00 161792 ------w c:\windows\system32\dllcache\ieakui.dll
2009-02-09 13:17 . 2005-03-02 17:07 1846400 ----a-w c:\windows\system32\win32k.sys
2009-02-09 13:17 . 2005-03-02 17:07 1846400 ----a-w c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:50 . 2006-12-19 17:22 2017792 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-09 11:50 . 2006-12-19 17:22 2059776 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-09 11:50 . 2005-03-02 17:07 2059776 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:50 . 2006-12-19 17:22 2182528 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-09 11:50 . 2006-12-19 17:22 2138112 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-09 11:50 . 2005-03-02 17:08 2182528 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 10:20 . 2005-04-28 18:32 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2005-04-28 18:32 399360 ----a-w c:\windows\system32\dllcache\rpcss.dll
2009-02-09 10:20 . 2004-10-28 00:24 730112 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2004-10-28 00:24 730112 ----a-w c:\windows\system32\dllcache\lsasrv.dll
2009-02-09 10:20 . 2004-08-05 03:00 685056 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:20 . 2004-08-05 03:00 739840 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:08 . 2004-08-05 03:00 111104 ----a-w c:\windows\system32\services.exe
2009-02-06 17:39 . 2009-02-06 17:39 308600 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 16:54 . 2004-08-05 03:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 16:54 . 2004-08-05 03:00 35328 ----a-w c:\windows\system32\dllcache\sc.exe
2009-02-06 16:52 . 2009-02-06 16:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-03 20:10 . 2009-02-03 20:10 55808 ------w c:\windows\system32\dllcache\secur32.dll
2009-02-03 20:10 . 2004-08-05 03:00 55808 ----a-w c:\windows\system32\secur32.dll
2009-02-01 14:18 . 2009-02-01 14:15 249856 ------w c:\windows\Setup1.exe
2009-02-01 14:18 . 2009-02-01 14:15 73216 ----a-w c:\windows\ST6UNST.EXE
2008-10-18 09:49 . 2006-12-10 12:14 51216 ----a-w c:\documents and settings\sam\Application Data\GDIPFONTCACHEV1.DAT
2008-09-10 21:00 . 2008-09-10 20:59 4688 ----a-w c:\program files\satsukidecodersettings.ini
2007-12-01 14:22 . 2007-12-01 14:22 126 ----a-w c:\documents and settings\sam\Local Settings\Application Data\fusioncache.dat
2007-11-01 17:57 . 2007-11-01 17:57 27140 ----a-w c:\documents and settings\sam\TB2Categories000.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-14 7323648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]aswBoot.exe /M:83c595e7a /A:* /L:English /KBD:2
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk
backup=c:\windows\pss\DSLMON.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^sam^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=c:\documents and settings\sam\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^sam^Menu Démarrer^Programmes^Démarrage^Deewoo.lnk]
path=c:\documents and settings\sam\Menu Démarrer\Programmes\Démarrage\Deewoo.lnk
backup=c:\windows\pss\Deewoo.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^sam^Menu Démarrer^Programmes^Démarrage^DW_Start.lnk]
path=c:\documents and settings\sam\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
backup=c:\windows\pss\DW_Start.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^sam^Menu Démarrer^Programmes^Démarrage^reminder-Enregistrement du produit ScanSoft.lnk]
path=c:\documents and settings\sam\Menu Démarrer\Programmes\Démarrage\reminder-Enregistrement du produit ScanSoft.lnk
backup=c:\windows\pss\reminder-Enregistrement du produit ScanSoft.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Steam\\SteamApps\\tirailleur93\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\tirailleur93\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\System32\\dpvsetup.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\MSNMSGR.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1234:TCP"= 1234:TCP:mon port 1234
R2 gupdate1c9a431286796c0;Google Update Service (gupdate1c9a431286796c0);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 133104]
R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2004-08-05 3584]
R3 Ltn_stk7070P;PCTV based TV tuner device;c:\windows\system32\DRIVERS\Ltn_stk7070P.sys [2007-06-14 466048]
R3 Ltn_stkrc;PCTV Infrared Receiver;c:\windows\system32\DRIVERS\Ltn_stkrc.sys [2007-06-13 13440]
S2 LBeepKE;LBeepKE;c:\windows\system32\Drivers\LBeepKE.sys [2006-05-24 3712]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - wd_windows_tools\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db0d770a-1c54-11dd-93ec-4d6564696130}]
\Shell\AutoRun\command - wd_windows_tools\setup.exe
.
Contenu du dossier 'Tâches planifiées'
2009-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]
2009-04-27 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 22:12]
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-pidle - c:\documents and settings\sam\Application Data\pidle\pidle.exe
HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
HKU-Default-Run-Windows Resurections - c:\windows\TEMP\nd3a1c.exe
SharedTaskScheduler-{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yonugese.dll
SharedTaskScheduler-{B2BA40A2-74F0-42BD-F434-12345A2C8953} - c:\windows\system32\yhs783ijfo3fe.dll
ShellExecuteHooks-{BF0CA4FC-6378-4062-B546-3CDE8A28B1E0} - (no file)
Notify-ssqNGXQJ - (no file)
Notify-WgaLogon - (no file)
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar =
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = hxxp://www.tiscali.fr/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Recherche sur eBay - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\sam\Application Data\Mozilla\Firefox\Profiles\sgzs1f5v.default\
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-27 16:45
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,d8,46,1e,e0,fe,
b0,a7,4a,e2,63,26,f1,3f,c8,ff,68,41,cd,5c,92,98,dc,5f,34,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,af,a7,71,d2,c2,
65,d1,95,6a,9c,d6,61,af,45,84,18,97,5c,c7,a9,ac,d8,2e,34,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,19,73,60,19,f5,
be,a0,6e,ff,7c,85,e0,43,d4,0e,fe,77,f2,ed,6c,36,a0,d7,69,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,6a,8a,70,49,3b,
46,d6,e7,86,8c,21,01,be,91,eb,e7,1c,8f,97,a4,81,9a,42,43,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,31,2d,dd,e8,50,
cc,aa,a3,f5,1d,4d,73,a8,13,5c,05,d6,c0,b4,93,a5,7a,98,64,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,80,1a,80,bb,c0,
8c,e0,06,df,20,58,62,78,6b,cf,c8,0a,c5,1f,7a,f2,a5,fa,62,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,71,db,d4,77,b1,
e8,27,e4,fb,a7,78,e6,12,2f,9a,ea,95,82,1c,42,1c,d0,5c,e3,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,7b,87,3d,72,2e,
2c,b8,5d,01,3a,48,fc,e8,04,4a,f1,17,e5,47,b6,86,fa,24,39,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,a7,ba,7a,c1,2e,
ff,cb,0d,f6,0f,4e,58,98,5b,89,c9,f8,a5,8f,df,9d,34,aa,2b,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,89,db,89,84,63,
2a,55,4a,3d,ce,ea,26,2d,45,aa,78,a6,b2,96,6c,c7,eb,e6,2e,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,a4,40,40,39,85,
ba,96,2a,2a,b7,cc,b5,b9,7f,41,e7,4e,99,bf,55,de,9b,55,0d,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,4a,b6,4c,c1,98,
cb,fc,ec,6c,43,2d,1e,aa,22,2f,9c,c1,e7,c1,be,8a,82,ee,b2,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(3424)
c:\progra~1\FICHIE~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\program files\Fichiers communs\Microsoft Shared\Web Components\10\1036\OWCI10.DLL
c:\windows\system32\msls31.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE
c:\program files\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
c:\program files\JAVA\JRE6\BIN\JQS.EXE
c:\windows\SYSTEM32\NVSVC32.EXE
c:\windows\SYSTEM32\WBEM\WMIAPSRV.EXE
.
**************************************************************************
.
Heure de fin: 2009-04-27 16:48 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-04-27 14:48
Avant-CF: 14 568 587 264 octets libres
Après-CF: 15 800 893 440 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn
434 --- E O F --- 2009-04-16 10:57
Je procede actuellement à la deuxieme étape ...
merciii en tout cas
voici le rapport de comboFix :
ComboFix 09-04-25.A3 - sam 27/04/2009 16:41.4 - [color=red][b]FAT32[/b][/color]x86
Lancé depuis: c:\documents and settings\sam\Bureau\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\sam\LOCALS~1\Temp\mousehook.dll
c:\docume~1\sam\LOCALS~1\Temp\ntdll64.dll
c:\documents and settings\LocalService\Application Data\NetMon
c:\documents and settings\LocalService\Application Data\NetMon\domains.txt
c:\documents and settings\LocalService\Application Data\NetMon\log.txt
c:\documents and settings\sam\Application Data\Microsoft\dtsc
c:\documents and settings\sam\Application Data\Microsoft\dtsc\s
c:\documents and settings\sam\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\network monitor
c:\program files\network monitor\netmon.exe
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\temp\vtmp2
c:\temp\vtmp2\ktnv33.log
c:\windows\accesss.exe
c:\windows\astctl32.ocx
c:\windows\avpcc.dll
c:\windows\clrssn.exe
c:\windows\cpan.dll
c:\windows\ctfmon32.exe
c:\windows\ctrlpan.dll
c:\windows\default.htm
c:\windows\directx32.exe
c:\windows\dnsrelay.dll
c:\windows\editpad.exe
c:\windows\explore.exe
c:\windows\explorer32.exe
c:\windows\funniest.exe
c:\windows\funny.exe
c:\windows\gfmnaaa.dll
c:\windows\helpcvs.exe
c:\windows\iedll.exe
c:\windows\iexplorer.exe
c:\windows\inetinf.exe
c:\windows\internet.exe
c:\windows\loader.exe
c:\windows\mainms.vpi
c:\windows\megavid.cdt
c:\windows\msconfd.dll
c:\windows\msspi.dll
c:\windows\mssys.exe
c:\windows\msupdate.exe
c:\windows\mswsc10.dll
c:\windows\mswsc20.dll
c:\windows\mtwirl32.dll
c:\windows\muotr.so
c:\windows\notepad32.exe
c:\windows\olehelp.exe
c:\windows\qttasks.exe
c:\windows\quicken.exe
c:\windows\rundll16.exe
c:\windows\rundll32.vbe
c:\windows\searchword.dll
c:\windows\sistem.exe
c:\windows\svchost32.exe
c:\windows\svcinit.exe
c:\windows\systeem.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\ahtn.htm
c:\windows\system32\atmtd.dll
c:\windows\system32\atmtd.dll._
c:\windows\system32\drivers\ovfsthwfdefisqsjkxehnqtbkixyrurpyolvdb.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\frmwrk32.exe
c:\windows\system32\hljwugsf.bin
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\ilevobam.ini
c:\windows\system32\msnav32.ax
c:\windows\system32\MUtvGfhk.ini
c:\windows\system32\MUtvGfhk.ini2
c:\windows\system32\ntdll64.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\olebudom.ini
c:\windows\system32\ovfsthkxbjhsjycbhaxrjasvchhnoobcmuwksa.dat
c:\windows\system32\ovfsthpllbkcqtfklrfymuhdbtuflhiacygtln.dll
c:\windows\system32\ovfsthqnnqqtcfpeduilttpuvqufqensnuxxrf.dat
c:\windows\system32\ovfsthtfrqdsxljmpocbxofcqcbjokwjvvunul.dll
c:\windows\system32\ovfsthurpfvjanpsumilafpklgehulyopdxgec.dll
c:\windows\system32\p2hhr.bat
c:\windows\system32\Process.exe
c:\windows\system32\rpryxetd.ini
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\uniq.tll
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\warning.gif
c:\windows\system32\win32hlp.cnf
c:\windows\system32\winpfz33.sys
c:\windows\system32\WS2Fix.exe
c:\windows\system32\yhs783ijfo3fe.dll
c:\windows\system32\zxdnt3d.cfg
c:\windows\systemcritical.exe
c:\windows\TEMP\ntdll64.dll
c:\windows\time.exe
c:\windows\users32.exe
c:\windows\waol.exe
c:\windows\win32e.exe
c:\windows\win64.exe
c:\windows\winajbm.dll
c:\windows\window.exe
c:\windows\winmgnt.exe
c:\windows\x.exe
c:\windows\xplugin.dll
c:\windows\xxxvideo.hta
c:\windows\y.exe
[color=blue]Une copie infectée de c:\windows\system32\userinit.exe a été trouvée et désinfectée
opie restaurée à partir de - c:\qoobox\Quarantine\C\WINDOWS\system32\userinit.exe.vir[/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_ovfsthctklwnbkpfsdqatwfhfemkuwtdtbvvrc
-------\Legacy_MSSECURITY1.209.4
-------\Legacy_NETWORK_MONITOR
-------\Legacy_PLUGPLAYRPC
-------\Service_Boonty Games
-------\Service_MsSecurity1.209.4
-------\Service_Network Monitor
-------\Service_PlugPlayRPC
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-27 au 2009-4-27 ))))))))))))))))))))))))))))))))))))
.
2009-04-27 12:35 . 2009-04-27 12:36 4096 ----a-w c:\windows\system32\winglsetup.exe
2009-04-27 11:44 . 2009-04-27 11:44 24064 ----a-w c:\windows\system32\loader266.exe
2009-04-26 20:44 . 2009-04-26 20:44 -------- d-----w c:\documents and settings\sam\Application Data\pidle
2009-04-15 16:59 . 2009-03-06 14:46 286208 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-15 16:59 . 2009-02-09 10:20 473088 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 16:59 . 2009-02-06 16:39 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 16:59 . 2009-02-09 10:20 685056 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 16:59 . 2009-02-09 10:08 111104 ------w c:\windows\system32\dllcache\services.exe
2009-04-15 16:59 . 2009-02-09 10:20 739840 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 16:59 . 2009-02-09 10:20 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 16:58 . 2008-12-16 12:49 351232 ------w c:\windows\system32\dllcache\winhttp.dll
2009-04-15 16:58 . 2008-04-21 21:27 219136 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-15 08:46 . 2009-04-26 17:20 54156 ---ha-w c:\windows\QTFont.qfn
2009-04-15 08:46 . 2009-04-15 08:46 1409 ----a-w c:\windows\QTFont.for
2009-04-13 04:23 . 2009-04-13 04:23 -------- d-sh--w C:\FOUND.073
2009-04-13 03:53 . 2009-04-13 03:53 -------- d-sh--w C:\FOUND.072
2009-04-07 08:00 . 2009-04-07 08:00 -------- d-sh--w C:\FOUND.071
2009-03-31 18:51 . 2009-03-31 18:51 -------- d-sh--w C:\FOUND.070
2009-03-31 18:27 . 2009-03-31 18:27 -------- d-sh--w C:\FOUND.069
2009-03-30 10:04 . 2009-03-30 10:04 -------- d-sh--w C:\FOUND.068
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-27 13:34 . 2009-04-27 12:44 1258 ----a-w C:\rapport.txt
2009-04-27 10:30 . 2009-01-27 10:30 79872 --sha-w C:\ARKA.tmp
2009-04-27 10:30 . 2009-01-27 10:30 87552 --sha-w C:\ARKB.tmp
2009-04-22 10:27 . 2005-01-23 10:37 78148 ----a-w c:\windows\system32\perfc00C.dat
2009-04-22 10:27 . 2005-01-23 10:37 476284 ----a-w c:\windows\system32\perfh00C.dat
2009-03-24 19:20 . 2006-06-25 15:49 51800 ----a-w c:\documents and settings\sam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-24 19:12 . 2009-03-24 19:12 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-24 19:11 . 2009-03-24 19:11 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-03-24 19:09 . 2009-03-24 19:09 -------- d-----w c:\program files\Microsoft
2009-03-24 19:09 . 2009-03-24 19:09 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-24 19:02 . 2009-03-24 19:02 -------- d-----w c:\program files\Fichiers communs\Windows Live
2009-03-21 14:20 . 2004-08-05 04:00 1051136 ----a-w c:\windows\system32\dllcache\kernel32.dll
2009-03-20 08:42 . 2009-03-20 08:42 -------- d-----w c:\documents and settings\sam\Application Data\Mumble
2009-03-20 08:39 . 2009-03-20 08:39 -------- d-----w c:\program files\Mumble
2009-03-11 16:59 . 2008-05-09 10:24 268 ---ha-w C:\sqmdata03.sqm
2009-03-11 16:59 . 2008-05-09 10:24 244 ---ha-w C:\sqmnoopt03.sqm
2009-03-06 14:46 . 2004-08-05 03:00 286208 ----a-w c:\windows\system32\pdh.dll
2009-03-03 12:12 . 2008-09-10 21:00 3476 ----a-w c:\program files\mpc7.reg
2009-03-03 12:12 . 2008-09-10 21:00 680 ----a-w c:\program files\mpc2.reg
2009-03-03 12:12 . 2008-09-10 21:00 558 ----a-w c:\program files\mpc1.reg
2009-03-03 12:12 . 2008-09-10 21:00 3554 ----a-w c:\program files\ffdssetts.reg
2009-03-03 12:12 . 2008-09-10 21:00 31570 ----a-w c:\program files\ffdsvsetts.reg
2009-03-03 12:12 . 2008-09-10 21:00 3026 ----a-w c:\program files\mpc3.reg
2009-03-03 12:12 . 2008-09-10 21:00 18156 ----a-w c:\program files\mpc6.reg
2009-03-03 12:12 . 2008-09-10 21:00 16240 ----a-w c:\program files\mpc5.reg
2009-03-03 12:12 . 2008-09-10 21:00 1292 ----a-w c:\program files\ffdsasetts.reg
2009-03-03 00:13 . 2005-07-03 01:16 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-03 00:13 . 2005-07-03 01:16 826368 ------w c:\windows\system32\dllcache\wininet.dll
2009-02-28 04:54 . 2007-08-13 16:43 636072 ------w c:\windows\system32\dllcache\iexplore.exe
2009-02-25 09:43 . 2008-05-08 22:35 268 ---ha-w C:\sqmdata02.sqm
2009-02-25 09:43 . 2008-05-08 22:35 244 ---ha-w C:\sqmnoopt02.sqm
2009-02-24 17:19 . 2007-10-31 15:51 244 ---ha-w C:\sqmnoopt01.sqm
2009-02-24 17:19 . 2007-10-31 15:51 232 ---ha-w C:\sqmdata01.sqm
2009-02-20 10:20 . 2007-12-16 17:00 13824 ------w c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 10:20 . 2007-08-13 16:39 70656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:14 . 2004-08-05 03:00 161792 ------w c:\windows\system32\dllcache\ieakui.dll
2009-02-09 13:17 . 2005-03-02 17:07 1846400 ----a-w c:\windows\system32\win32k.sys
2009-02-09 13:17 . 2005-03-02 17:07 1846400 ----a-w c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:50 . 2006-12-19 17:22 2017792 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-09 11:50 . 2006-12-19 17:22 2059776 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-09 11:50 . 2005-03-02 17:07 2059776 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:50 . 2006-12-19 17:22 2182528 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-09 11:50 . 2006-12-19 17:22 2138112 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-09 11:50 . 2005-03-02 17:08 2182528 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 10:20 . 2005-04-28 18:32 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2005-04-28 18:32 399360 ----a-w c:\windows\system32\dllcache\rpcss.dll
2009-02-09 10:20 . 2004-10-28 00:24 730112 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2004-10-28 00:24 730112 ----a-w c:\windows\system32\dllcache\lsasrv.dll
2009-02-09 10:20 . 2004-08-05 03:00 685056 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:20 . 2004-08-05 03:00 739840 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:08 . 2004-08-05 03:00 111104 ----a-w c:\windows\system32\services.exe
2009-02-06 17:39 . 2009-02-06 17:39 308600 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 16:54 . 2004-08-05 03:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 16:54 . 2004-08-05 03:00 35328 ----a-w c:\windows\system32\dllcache\sc.exe
2009-02-06 16:52 . 2009-02-06 16:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-03 20:10 . 2009-02-03 20:10 55808 ------w c:\windows\system32\dllcache\secur32.dll
2009-02-03 20:10 . 2004-08-05 03:00 55808 ----a-w c:\windows\system32\secur32.dll
2009-02-01 14:18 . 2009-02-01 14:15 249856 ------w c:\windows\Setup1.exe
2009-02-01 14:18 . 2009-02-01 14:15 73216 ----a-w c:\windows\ST6UNST.EXE
2008-10-18 09:49 . 2006-12-10 12:14 51216 ----a-w c:\documents and settings\sam\Application Data\GDIPFONTCACHEV1.DAT
2008-09-10 21:00 . 2008-09-10 20:59 4688 ----a-w c:\program files\satsukidecodersettings.ini
2007-12-01 14:22 . 2007-12-01 14:22 126 ----a-w c:\documents and settings\sam\Local Settings\Application Data\fusioncache.dat
2007-11-01 17:57 . 2007-11-01 17:57 27140 ----a-w c:\documents and settings\sam\TB2Categories000.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-14 7323648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]aswBoot.exe /M:83c595e7a /A:* /L:English /KBD:2
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk
backup=c:\windows\pss\DSLMON.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^sam^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=c:\documents and settings\sam\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^sam^Menu Démarrer^Programmes^Démarrage^Deewoo.lnk]
path=c:\documents and settings\sam\Menu Démarrer\Programmes\Démarrage\Deewoo.lnk
backup=c:\windows\pss\Deewoo.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^sam^Menu Démarrer^Programmes^Démarrage^DW_Start.lnk]
path=c:\documents and settings\sam\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
backup=c:\windows\pss\DW_Start.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^sam^Menu Démarrer^Programmes^Démarrage^reminder-Enregistrement du produit ScanSoft.lnk]
path=c:\documents and settings\sam\Menu Démarrer\Programmes\Démarrage\reminder-Enregistrement du produit ScanSoft.lnk
backup=c:\windows\pss\reminder-Enregistrement du produit ScanSoft.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Steam\\SteamApps\\tirailleur93\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\tirailleur93\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\System32\\dpvsetup.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\MSNMSGR.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1234:TCP"= 1234:TCP:mon port 1234
R2 gupdate1c9a431286796c0;Google Update Service (gupdate1c9a431286796c0);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 133104]
R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2004-08-05 3584]
R3 Ltn_stk7070P;PCTV based TV tuner device;c:\windows\system32\DRIVERS\Ltn_stk7070P.sys [2007-06-14 466048]
R3 Ltn_stkrc;PCTV Infrared Receiver;c:\windows\system32\DRIVERS\Ltn_stkrc.sys [2007-06-13 13440]
S2 LBeepKE;LBeepKE;c:\windows\system32\Drivers\LBeepKE.sys [2006-05-24 3712]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - wd_windows_tools\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db0d770a-1c54-11dd-93ec-4d6564696130}]
\Shell\AutoRun\command - wd_windows_tools\setup.exe
.
Contenu du dossier 'Tâches planifiées'
2009-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]
2009-04-27 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 22:12]
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-pidle - c:\documents and settings\sam\Application Data\pidle\pidle.exe
HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
HKU-Default-Run-Windows Resurections - c:\windows\TEMP\nd3a1c.exe
SharedTaskScheduler-{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yonugese.dll
SharedTaskScheduler-{B2BA40A2-74F0-42BD-F434-12345A2C8953} - c:\windows\system32\yhs783ijfo3fe.dll
ShellExecuteHooks-{BF0CA4FC-6378-4062-B546-3CDE8A28B1E0} - (no file)
Notify-ssqNGXQJ - (no file)
Notify-WgaLogon - (no file)
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar =
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = hxxp://www.tiscali.fr/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Recherche sur eBay - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\sam\Application Data\Mozilla\Firefox\Profiles\sgzs1f5v.default\
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-27 16:45
Windows 5.1.2600 Service Pack 2 FAT NTAPI
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,d8,46,1e,e0,fe,
b0,a7,4a,e2,63,26,f1,3f,c8,ff,68,41,cd,5c,92,98,dc,5f,34,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,af,a7,71,d2,c2,
65,d1,95,6a,9c,d6,61,af,45,84,18,97,5c,c7,a9,ac,d8,2e,34,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,19,73,60,19,f5,
be,a0,6e,ff,7c,85,e0,43,d4,0e,fe,77,f2,ed,6c,36,a0,d7,69,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,6a,8a,70,49,3b,
46,d6,e7,86,8c,21,01,be,91,eb,e7,1c,8f,97,a4,81,9a,42,43,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,31,2d,dd,e8,50,
cc,aa,a3,f5,1d,4d,73,a8,13,5c,05,d6,c0,b4,93,a5,7a,98,64,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,80,1a,80,bb,c0,
8c,e0,06,df,20,58,62,78,6b,cf,c8,0a,c5,1f,7a,f2,a5,fa,62,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,71,db,d4,77,b1,
e8,27,e4,fb,a7,78,e6,12,2f,9a,ea,95,82,1c,42,1c,d0,5c,e3,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,7b,87,3d,72,2e,
2c,b8,5d,01,3a,48,fc,e8,04,4a,f1,17,e5,47,b6,86,fa,24,39,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,a7,ba,7a,c1,2e,
ff,cb,0d,f6,0f,4e,58,98,5b,89,c9,f8,a5,8f,df,9d,34,aa,2b,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,89,db,89,84,63,
2a,55,4a,3d,ce,ea,26,2d,45,aa,78,a6,b2,96,6c,c7,eb,e6,2e,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,a4,40,40,39,85,
ba,96,2a,2a,b7,cc,b5,b9,7f,41,e7,4e,99,bf,55,de,9b,55,0d,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,4a,b6,4c,c1,98,
cb,fc,ec,6c,43,2d,1e,aa,22,2f,9c,c1,e7,c1,be,8a,82,ee,b2,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(3424)
c:\progra~1\FICHIE~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\program files\Fichiers communs\Microsoft Shared\Web Components\10\1036\OWCI10.DLL
c:\windows\system32\msls31.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE
c:\program files\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
c:\program files\JAVA\JRE6\BIN\JQS.EXE
c:\windows\SYSTEM32\NVSVC32.EXE
c:\windows\SYSTEM32\WBEM\WMIAPSRV.EXE
.
**************************************************************************
.
Heure de fin: 2009-04-27 16:48 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-04-27 14:48
Avant-CF: 14 568 587 264 octets libres
Après-CF: 15 800 893 440 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn
434 --- E O F --- 2009-04-16 10:57
Je procede actuellement à la deuxieme étape ...
merciii en tout cas
...
"perte de temps sur ce genre de log...non? ...
Certes, on va gagner du temps ; mais, ...
n' est-il pas plus judiciable de lancer des outils types pour telle ou telle infection.
Il y a peu, je me suis fais remonter les bretelles par un "modo/helper" qui me reprochait de lancer Malwarebytes d' entrée ... !!!
Donc, pour moi, la politique de désinfection de ce forum manque de cohérence.
"perte de temps sur ce genre de log...non? ...
Certes, on va gagner du temps ; mais, ...
n' est-il pas plus judiciable de lancer des outils types pour telle ou telle infection.
Il y a peu, je me suis fais remonter les bretelles par un "modo/helper" qui me reprochait de lancer Malwarebytes d' entrée ... !!!
Donc, pour moi, la politique de désinfection de ce forum manque de cohérence.
écoutez désolée d'avoir déclanché une polémique^^!
en tout cas, merci à tous de vos interventions qui m'ont vraiment aidés, n'y connaissant pas grand chose!
merci à vous et continuez ainsi ne changez rien ;)
bonne soirée
en tout cas, merci à tous de vos interventions qui m'ont vraiment aidés, n'y connaissant pas grand chose!
merci à vous et continuez ainsi ne changez rien ;)
bonne soirée
houla!!
ne t'en va pas,c'est pas terminé...puis tu n'as pas créé de polémique du tout!
tu as fais ce qu'il demandais?
c'est a dire le passage de toolbar s&d?
voir le poste 2!
ne t'en va pas,c'est pas terminé...puis tu n'as pas créé de polémique du tout!
tu as fais ce qu'il demandais?
c'est a dire le passage de toolbar s&d?
voir le poste 2!
Ouii je l'ai fais désolée j'avais oublié d'envoyer le rapport, vu que je n'avais plus de soucis (plus de messages bizarres etc etc)
le voici et merci :
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3400+ )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : sam ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Not Activated)
C:\ (Local Disk) - FAT32 - Total:72 Go (Free:14 Go)
D:\ (Local Disk) - FAT32 - Total:73 Go (Free:3 Go)
E:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
L:\ (Local Disk) - FAT32 - Total:698 Go (Free:57 Go)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 27/04/2009|19:16 )
-----------\\ Recherche de Fichiers / Dossiers ...
C:\DOCUME~1\sam\APPLIC~1\Search Settings
C:\DOCUME~1\sam\APPLIC~1\Search Settings\kb127
C:\DOCUME~1\sam\APPLIC~1\Search Settings\kb127\temp
C:\DOCUME~1\sam\APPLIC~1\Search Settings\kb127\res
C:\DOCUME~1\sam\APPLIC~1\Search Settings\kb127\temp\ws-14358.log
C:\DOCUME~1\sam\APPLIC~1\Search Settings\kb127\temp\ws-14360.log
C:\DOCUME~1\sam\APPLIC~1\Search Settings\kb127\temp\ws-14361.log
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb127
C:\Program Files\Search Settings\kb127\res
C:\Program Files\Search Settings\kb127\temp
C:\Program Files\Search Settings\kb127\SearchSettings.dll
C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll
C:\WINDOWS\Prefetch\WAVVSNET.TMP-195010E3.pf
-----------\\ Extensions
(sam) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://home.sweetim.com/"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\sam\Application Data\uTorrent\Adobe.Photoshop.CS2.v9.0.1.FR.Incl-Crack.et.Keygen.rar.torrent
C:\DOCUME~1\sam\Application Data\uTorrent\Avast AntiVirus PRO Edition v4.8.1169 + Keygen + 9 Serials.torrent
1 - "C:\ToolBar SD\TB_1.txt" - 27/04/2009|19:17 - Option : [1]
-----------\\ Fin du rapport a 19:17:04,37
merci encore ^^
(tant mieux que je n'ai pas lancé de polémique lol)
le voici et merci :
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3400+ )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : sam ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Not Activated)
C:\ (Local Disk) - FAT32 - Total:72 Go (Free:14 Go)
D:\ (Local Disk) - FAT32 - Total:73 Go (Free:3 Go)
E:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
L:\ (Local Disk) - FAT32 - Total:698 Go (Free:57 Go)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 27/04/2009|19:16 )
-----------\\ Recherche de Fichiers / Dossiers ...
C:\DOCUME~1\sam\APPLIC~1\Search Settings
C:\DOCUME~1\sam\APPLIC~1\Search Settings\kb127
C:\DOCUME~1\sam\APPLIC~1\Search Settings\kb127\temp
C:\DOCUME~1\sam\APPLIC~1\Search Settings\kb127\res
C:\DOCUME~1\sam\APPLIC~1\Search Settings\kb127\temp\ws-14358.log
C:\DOCUME~1\sam\APPLIC~1\Search Settings\kb127\temp\ws-14360.log
C:\DOCUME~1\sam\APPLIC~1\Search Settings\kb127\temp\ws-14361.log
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb127
C:\Program Files\Search Settings\kb127\res
C:\Program Files\Search Settings\kb127\temp
C:\Program Files\Search Settings\kb127\SearchSettings.dll
C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll
C:\WINDOWS\Prefetch\WAVVSNET.TMP-195010E3.pf
-----------\\ Extensions
(sam) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://home.sweetim.com/"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\sam\Application Data\uTorrent\Adobe.Photoshop.CS2.v9.0.1.FR.Incl-Crack.et.Keygen.rar.torrent
C:\DOCUME~1\sam\Application Data\uTorrent\Avast AntiVirus PRO Edition v4.8.1169 + Keygen + 9 Serials.torrent
1 - "C:\ToolBar SD\TB_1.txt" - 27/04/2009|19:17 - Option : [1]
-----------\\ Fin du rapport a 19:17:04,37
merci encore ^^
(tant mieux que je n'ai pas lancé de polémique lol)
...
Relance Toolbar-S&D en double-cliquant sur le raccourci.
Fais le choix 2, puis valide en appuyant sur Entrée.
Ne ferme pas la fenêtre lors de la suppression !
Un rapport est généré. Poste-le dans ta prochaine réponse.
PS : si ton bureau ne réapparaît pas, appuie simultanément sur
Ctrl/Alt/Suppr pour ouvrir le Gestionnaire de tâches.
Rends-toi sur l’ onglet "Processus" ; clique en haut, à gauche sur
"Fichier" et choisis "Exécuter..."
Tape explorer, puis valide.
Pour le reste, (lop.com, etc ...) je laisse la main à chimay.
Bonne désinfection.
Relance Toolbar-S&D en double-cliquant sur le raccourci.
Fais le choix 2, puis valide en appuyant sur Entrée.
Ne ferme pas la fenêtre lors de la suppression !
Un rapport est généré. Poste-le dans ta prochaine réponse.
PS : si ton bureau ne réapparaît pas, appuie simultanément sur
Ctrl/Alt/Suppr pour ouvrir le Gestionnaire de tâches.
Rends-toi sur l’ onglet "Processus" ; clique en haut, à gauche sur
"Fichier" et choisis "Exécuter..."
Tape explorer, puis valide.
Pour le reste, (lop.com, etc ...) je laisse la main à chimay.
Bonne désinfection.
okok, en tappant 2 je viens de le faire, le voici :
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3400+ )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : sam ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Not Activated)
C:\ (Local Disk) - FAT32 - Total:72 Go (Free:14 Go)
D:\ (Local Disk) - FAT32 - Total:73 Go (Free:3 Go)
E:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
L:\ (Local Disk) - FAT32 - Total:698 Go (Free:57 Go)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 27/04/2009|19:49 )
-----------\\ SUPPRESSION
Supprime! - C:\DOCUME~1\sam\APPLIC~1\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\kb127
Supprime! - C:\WINDOWS\Prefetch\WAVVSNET.TMP-195010E3.pf
Supprime! - C:\DOCUME~1\sam\APPLIC~1\Search Settings
Supprime! - C:\Program Files\Search Settings
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ Extensions
(sam) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\sam\Application Data\uTorrent\Adobe.Photoshop.CS2.v9.0.1.FR.Incl-Crack.et.Keygen.rar.torrent
C:\DOCUME~1\sam\Application Data\uTorrent\Avast AntiVirus PRO Edition v4.8.1169 + Keygen + 9 Serials.torrent
1 - "C:\ToolBar SD\TB_1.txt" - 27/04/2009|19:17 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 27/04/2009|19:49 - Option : [2]
-----------\\ Fin du rapport a 19:49:48,15
c'est pas concluant on dirait nan??
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3400+ )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : sam ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Not Activated)
C:\ (Local Disk) - FAT32 - Total:72 Go (Free:14 Go)
D:\ (Local Disk) - FAT32 - Total:73 Go (Free:3 Go)
E:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
L:\ (Local Disk) - FAT32 - Total:698 Go (Free:57 Go)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 27/04/2009|19:49 )
-----------\\ SUPPRESSION
Supprime! - C:\DOCUME~1\sam\APPLIC~1\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\kb127
Supprime! - C:\WINDOWS\Prefetch\WAVVSNET.TMP-195010E3.pf
Supprime! - C:\DOCUME~1\sam\APPLIC~1\Search Settings
Supprime! - C:\Program Files\Search Settings
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ Extensions
(sam) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\sam\Application Data\uTorrent\Adobe.Photoshop.CS2.v9.0.1.FR.Incl-Crack.et.Keygen.rar.torrent
C:\DOCUME~1\sam\Application Data\uTorrent\Avast AntiVirus PRO Edition v4.8.1169 + Keygen + 9 Serials.torrent
1 - "C:\ToolBar SD\TB_1.txt" - 27/04/2009|19:17 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 27/04/2009|19:49 - Option : [2]
-----------\\ Fin du rapport a 19:49:48,15
c'est pas concluant on dirait nan??
ok, le voici :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:18:56, on 27/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.tiscali.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [pidle] "C:\Documents and Settings\sam\Application Data\pidle\pidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16293524-21E5-474A-966B-AF4CBF48EC4B}: NameServer = 213.36.80.1 213.36.80.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{16293524-21E5-474A-966B-AF4CBF48EC4B}: NameServer = 213.36.80.1 213.36.80.1
O18 - Protocol: bw+0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: ssqNGXQJ - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Update Service (gupdate1c9a431286796c0) (gupdate1c9a431286796c0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:18:56, on 27/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.tiscali.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [pidle] "C:\Documents and Settings\sam\Application Data\pidle\pidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16293524-21E5-474A-966B-AF4CBF48EC4B}: NameServer = 213.36.80.1 213.36.80.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{16293524-21E5-474A-966B-AF4CBF48EC4B}: NameServer = 213.36.80.1 213.36.80.1
O18 - Protocol: bw+0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: ssqNGXQJ - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Update Service (gupdate1c9a431286796c0) (gupdate1c9a431286796c0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
bien,
relance hijack(scan only) et coche ces lignes
R3 - Default URLSearchHook is missing
O4 - HKCU\..\Run: [pidle] "C:\Documents and Settings\sam\Application Data\pidle\pidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
clic sur fix checked
ensuite
Télécharge LOP S&D de Eric71.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
Double-clique dessus pour lancer l'installation.
Double-clique sur le raccourci Lop S&D présent sur ton bureau.
Séléctionne la langue souhaitée, puis choisis l'Option 1 ( Recherche )
Patiente jusqu'à la fin du scan.
Poste le rapport généré ( Il se trouve ici: C:\lopR.txt )
Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr , choisis l' onglet Fichier , puis clique sur Nouvelle tâche; tape alors explorer.exe et valide.
relance hijack(scan only) et coche ces lignes
R3 - Default URLSearchHook is missing
O4 - HKCU\..\Run: [pidle] "C:\Documents and Settings\sam\Application Data\pidle\pidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
clic sur fix checked
ensuite
Télécharge LOP S&D de Eric71.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
Double-clique dessus pour lancer l'installation.
Double-clique sur le raccourci Lop S&D présent sur ton bureau.
Séléctionne la langue souhaitée, puis choisis l'Option 1 ( Recherche )
Patiente jusqu'à la fin du scan.
Poste le rapport généré ( Il se trouve ici: C:\lopR.txt )
Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr , choisis l' onglet Fichier , puis clique sur Nouvelle tâche; tape alors explorer.exe et valide.
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3400+ )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : sam ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Not Activated)
C:\ (Local Disk) - FAT32 - Total:72 Go (Free:14 Go)
D:\ (Local Disk) - FAT32 - Total:73 Go (Free:3 Go)
E:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
L:\ (Local Disk) - FAT32 - Total:698 Go (Free:57 Go)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 27/04/2009|21:51 )
--------------------\\ Listing des dossiers dans APPLIC~1
[22/03/2006|08:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\CyberLink
[23/01/2005|12:07] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[23/01/2005|11:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[23/01/2005|12:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
[30/08/2007|01:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[05/05/2008|20:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
[05/12/2008|16:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\aHisoft
[04/07/2007|15:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[27/07/2006|16:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[09/08/2007|15:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7
[01/11/2007|18:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[09/07/2006|17:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[22/03/2006|08:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[02/11/2007|08:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\eBay
[22/05/2006|13:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\eConsole
[10/06/2008|21:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ESET
[16/06/2006|20:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[01/11/2007|10:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[22/05/2008|23:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IM
[22/05/2008|23:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IncrediMail
[24/06/2007|02:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[18/08/2007|20:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[18/03/2008|16:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Memeo
[20/05/2006|16:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[23/01/2005|11:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[13/01/2009|23:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo
[30/05/2008|10:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Software
[25/04/2008|20:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[29/03/2008|18:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NtiDvdCopy
[08/12/2007|17:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[21/07/2008|20:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle
[21/07/2008|20:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle Studio
[15/11/2008|11:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[21/07/2008|21:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SmartSound Software Inc
[31/10/2007|20:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[23/01/2005|12:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[13/05/2007|12:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[13/05/2007|12:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TERMINAL Studio
[16/12/2007|19:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WholeSecurity
[11/08/2006|13:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[11/04/2008|10:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[01/01/2009|22:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
[23/01/2005|11:51] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[16/06/2006|20:25] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec
[09/08/2007|15:29] C:\DOCUME~1\LOCALS~1\APPLIC~1\AVG7
[10/06/2008|21:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
[10/06/2008|21:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
[23/01/2005|11:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[23/05/2006|13:00] C:\DOCUME~1\sam\APPLIC~1\Adobe
[17/06/2006|12:32] C:\DOCUME~1\sam\APPLIC~1\AdobeUM
[27/07/2006|16:51] C:\DOCUME~1\sam\APPLIC~1\Apple Computer
[04/02/2007|09:53] C:\DOCUME~1\sam\APPLIC~1\ArcSoft
[30/04/2008|16:22] C:\DOCUME~1\sam\APPLIC~1\Atari
[09/08/2007|15:22] C:\DOCUME~1\sam\APPLIC~1\AVG7
[30/11/2006|17:55] C:\DOCUME~1\sam\APPLIC~1\Canon
[22/03/2006|08:58] C:\DOCUME~1\sam\APPLIC~1\CyberLink
[27/02/2007|18:38] C:\DOCUME~1\sam\APPLIC~1\DivX
[05/12/2007|12:57] C:\DOCUME~1\sam\APPLIC~1\dvdcss
[02/11/2007|08:25] C:\DOCUME~1\sam\APPLIC~1\eBay
[10/07/2007|10:26] C:\DOCUME~1\sam\APPLIC~1\F-Secure
[16/06/2006|20:43] C:\DOCUME~1\sam\APPLIC~1\Google
[27/06/2007|19:20] C:\DOCUME~1\sam\APPLIC~1\Help
[23/06/2008|20:20] C:\DOCUME~1\sam\APPLIC~1\HLSW
[07/11/2007|13:35] C:\DOCUME~1\sam\APPLIC~1\ICQ
[07/11/2007|13:37] C:\DOCUME~1\sam\APPLIC~1\ICQ Toolbar
[23/01/2005|12:07] C:\DOCUME~1\sam\APPLIC~1\Identities
[10/07/2007|10:22] C:\DOCUME~1\sam\APPLIC~1\ispnews
[20/05/2006|17:00] C:\DOCUME~1\sam\APPLIC~1\Lavasoft
[16/05/2008|16:41] C:\DOCUME~1\sam\APPLIC~1\LimeWire
[19/10/2006|20:46] C:\DOCUME~1\sam\APPLIC~1\Lionhead Studios
[15/12/2007|19:27] C:\DOCUME~1\sam\APPLIC~1\Logitech
[21/05/2006|12:27] C:\DOCUME~1\sam\APPLIC~1\Macromedia
[30/05/2008|07:30] C:\DOCUME~1\sam\APPLIC~1\Media Player Classic
[23/02/2007|18:50] C:\DOCUME~1\sam\APPLIC~1\Messaging-Names
[23/01/2005|11:51] C:\DOCUME~1\sam\APPLIC~1\Microsoft
[08/07/2007|15:26] C:\DOCUME~1\sam\APPLIC~1\Mozilla
[20/03/2009|10:42] C:\DOCUME~1\sam\APPLIC~1\Mumble
[25/04/2008|22:04] C:\DOCUME~1\sam\APPLIC~1\Nero
[08/07/2007|15:26] C:\DOCUME~1\sam\APPLIC~1\Nvu
[20/05/2006|18:55] C:\DOCUME~1\sam\APPLIC~1\OpenOffice.org2
[04/02/2008|15:07] C:\DOCUME~1\sam\APPLIC~1\Opera
[10/07/2007|10:26] C:\DOCUME~1\sam\APPLIC~1\PEX
[26/04/2009|22:44] C:\DOCUME~1\sam\APPLIC~1\pidle
[23/03/2007|21:03] C:\DOCUME~1\sam\APPLIC~1\Real
[05/03/2007|19:00] C:\DOCUME~1\sam\APPLIC~1\Screenshot Sender
[28/05/2007|22:55] C:\DOCUME~1\sam\APPLIC~1\Sphinx
[20/05/2006|18:06] C:\DOCUME~1\sam\APPLIC~1\Sun
[23/01/2005|12:13] C:\DOCUME~1\sam\APPLIC~1\Symantec
[05/06/2008|08:42] C:\DOCUME~1\sam\APPLIC~1\TaoUSign
[01/04/2008|17:10] C:\DOCUME~1\sam\APPLIC~1\teamspeak2
[07/02/2008|20:00] C:\DOCUME~1\sam\APPLIC~1\uTorrent
[26/11/2008|08:42] C:\DOCUME~1\sam\APPLIC~1\vlc
[18/07/2007|15:41] C:\DOCUME~1\sam\APPLIC~1\WholeSecurity
[01/11/2007|12:20] C:\DOCUME~1\sam\APPLIC~1\WinRAR
[21/11/2008|18:11] C:\DOCUME~1\sam\APPLIC~1\Yahoo!
[01/01/2009|22:51] C:\DOCUME~1\sam\APPLIC~1\Zylom
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[27/04/2009 20:57][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[14/04/2009 21:55][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[27/04/2009 16:58][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 05:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[13/04/2008|21:31] C:\Program Files\3nity CD DVD Burner
[25/01/2009|18:32] C:\Program Files\5 LUXOR GAMES FULL
[22/03/2006|08:42] C:\Program Files\Acer
[23/01/2005|12:10] C:\Program Files\Adobe
[07/09/2006|17:48] C:\Program Files\Alwil Software
[23/01/2005|12:16] C:\Program Files\AMD
[10/12/2006|12:09] C:\Program Files\Apple Software Update
[30/11/2006|17:21] C:\Program Files\ArcSoft
[30/04/2008|16:26] C:\Program Files\Atari
[08/10/2008|20:39] C:\Program Files\AV Vcs 6.0 DIAMOND
[20/11/2008|20:53] C:\Program Files\Avira
[21/08/2006|22:03] C:\Program Files\AxBx
[01/11/2007|17:54] C:\Program Files\Bluetack
[18/06/2007|22:58] C:\Program Files\Boonty
[30/11/2006|17:21] C:\Program Files\Caere
[18/12/2007|13:56] C:\Program Files\Canon
[01/11/2007|11:17] C:\Program Files\CCleaner
[25/07/2008|01:00] C:\Program Files\Code de la Route pour les Nuls
[23/01/2005|11:56] C:\Program Files\ComPlus Applications
[23/01/2005|12:13] C:\Program Files\CyberLink
[02/08/2006|20:32] C:\Program Files\directx
[24/02/2007|17:27] C:\Program Files\DivX
[18/07/2007|15:41] C:\Program Files\eBay
[20/05/2006|19:27] C:\Program Files\eMule
[10/06/2008|21:36] C:\Program Files\ESET
[27/06/2007|19:20] C:\Program Files\ETAJV PC
[23/01/2005|11:52] C:\Program Files\Fichiers communs
[02/05/2008|20:01] C:\Program Files\Free Audio Pack
[09/07/2007|16:10] C:\Program Files\F-Secure Internet Security
[11/09/2007|19:37] C:\Program Files\GEOGRAPHIE
[16/06/2006|20:43] C:\Program Files\Google
[09/08/2007|15:22] C:\Program Files\Grisoft
[23/06/2008|20:20] C:\Program Files\HLSW
[07/11/2007|13:36] C:\Program Files\ICQToolbar
[23/01/2005|12:07] C:\Program Files\InstallShield Installation Information
[02/08/2006|20:30] C:\Program Files\InterActual
[23/01/2005|11:56] C:\Program Files\Internet Explorer
[03/05/2008|09:45] C:\Program Files\iPod
[03/05/2008|09:45] C:\Program Files\iTunes
[22/03/2006|08:39] C:\Program Files\Java
[16/02/2008|12:49] C:\Program Files\Labtec
[08/02/2008|23:04] C:\Program Files\Lecteur CANALPLAY
[15/12/2007|19:23] C:\Program Files\Logitech
[13/01/2009|23:29] C:\Program Files\Luxor 3
[02/01/2009|11:54] C:\Program Files\Luxor Amun Rising
[27/06/2007|18:46] C:\Program Files\Maxis
[11/08/2007|23:38] C:\Program Files\Média-Kit
[23/01/2005|11:55] C:\Program Files\Messenger
[05/03/2007|18:59] C:\Program Files\Messenger Plus! Live
[20/05/2006|16:19] C:\Program Files\MessengerPlus! 3
[24/03/2009|21:09] C:\Program Files\Microsoft
[12/04/2008|23:51] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[23/01/2005|11:58] C:\Program Files\microsoft frontpage
[07/12/2006|20:51] C:\Program Files\Microsoft Office
[24/03/2009|21:12] C:\Program Files\Microsoft Silverlight
[24/03/2009|21:11] C:\Program Files\Microsoft SQL Server Compact Edition
[23/01/2005|11:56] C:\Program Files\Movie Maker
[21/11/2008|19:48] C:\Program Files\Mozilla Firefox
[30/05/2008|10:36] C:\Program Files\MPEGTOAVI
[23/01/2005|11:55] C:\Program Files\MSN
[23/01/2005|11:55] C:\Program Files\MSN Gaming Zone
[20/05/2006|16:51] C:\Program Files\MSN Messenger
[17/02/2008|21:28] C:\Program Files\MSXML 4.0
[20/03/2009|10:39] C:\Program Files\Mumble
[12/08/2007|21:59] C:\Program Files\Namo
[10/06/2008|22:33] C:\Program Files\Navilog1
[30/05/2008|10:43] C:\Program Files\NCH Software
[25/04/2008|20:54] C:\Program Files\Nero
[23/01/2005|11:56] C:\Program Files\NetMeeting
[23/01/2005|12:11] C:\Program Files\NewTech Infosystems
[16/11/2007|13:08] C:\Program Files\Norton Security Scan
[08/07/2007|15:26] C:\Program Files\Nvu
[13/05/2007|12:48] C:\Program Files\Oberon Media
[23/01/2005|11:55] C:\Program Files\Online Services
[20/05/2006|18:53] C:\Program Files\OpenOffice.org 2.0
[04/02/2008|15:06] C:\Program Files\Opera
[23/01/2005|11:56] C:\Program Files\Outlook Express
[21/07/2008|20:55] C:\Program Files\Pinnacle
[12/08/2007|21:43] C:\Program Files\Popims
[03/05/2008|09:43] C:\Program Files\QuickTime
[23/03/2007|21:04] C:\Program Files\Real
[16/09/2007|18:03] C:\Program Files\Realtek AC97
[05/12/2006|13:34] C:\Program Files\SAGEM
[30/05/2008|12:57] C:\Program Files\Satsuki Decoder Pack
[23/01/2005|11:57] C:\Program Files\Services en ligne
[26/06/2007|17:15] C:\Program Files\SimCity 4
[21/07/2008|21:03] C:\Program Files\SmartSound Software
[31/10/2007|20:49] C:\Program Files\Spybot - Search & Destroy
[19/05/2007|14:50] C:\Program Files\Stardock
[15/09/2007|21:11] C:\Program Files\Steam
[01/02/2009|16:15] C:\Program Files\SubSync
[24/10/2008|12:56] C:\Program Files\Sun
[01/04/2008|17:15] C:\Program Files\Teamspeak2_RC2
[13/12/2008|13:54] C:\Program Files\TimeAdjuster
[01/11/2007|13:05] C:\Program Files\Trend Micro
[17/05/2008|10:26] C:\Program Files\TSO
[23/01/2005|12:07] C:\Program Files\Uninstall Information
[01/02/2009|16:31] C:\Program Files\URUSoft
[07/02/2008|20:00] C:\Program Files\uTorrent
[05/12/2008|16:36] C:\Program Files\VDOWNLOADER
[16/10/2007|12:11] C:\Program Files\VideoLAN
[18/03/2008|16:33] C:\Program Files\Western Digital
[18/03/2008|16:29] C:\Program Files\Western Digital Technologies
[11/04/2008|10:07] C:\Program Files\Windows Live
[02/03/2007|15:16] C:\Program Files\Windows Live Safety Center
[24/03/2009|21:09] C:\Program Files\Windows Live SkyDrive
[31/12/2006|12:57] C:\Program Files\Windows Media Connect 2
[23/01/2005|11:55] C:\Program Files\Windows Media Player
[23/01/2005|11:55] C:\Program Files\Windows NT
[23/01/2005|11:57] C:\Program Files\WindowsUpdate
[26/07/2006|23:00] C:\Program Files\WinRAR
[03/06/2006|13:32] C:\Program Files\WinZip
[23/01/2005|11:58] C:\Program Files\xerox
[21/11/2008|18:09] C:\Program Files\Yahoo!
[01/01/2009|22:51] C:\Program Files\Zylom Games
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[23/01/2005|12:10] C:\Program Files\Fichiers communs\Adobe
[05/05/2008|20:01] C:\Program Files\Fichiers communs\Adobe Systems Shared
[14/06/2008|15:35] C:\Program Files\Fichiers communs\AIPTEK HD-DV
[18/01/2008|11:58] C:\Program Files\Fichiers communs\Apple
[22/03/2006|08:41] C:\Program Files\Fichiers communs\ArcSoft
[27/10/2007|14:02] C:\Program Files\Fichiers communs\BitDefender
[09/07/2006|17:17] C:\Program Files\Fichiers communs\BOONTY Shared
[30/11/2006|17:21] C:\Program Files\Fichiers communs\Caere
[07/12/2006|20:51] C:\Program Files\Fichiers communs\Designer
[23/01/2005|12:05] C:\Program Files\Fichiers communs\InstallShield
[22/03/2006|08:39] C:\Program Files\Fichiers communs\Java
[16/02/2008|12:51] C:\Program Files\Fichiers communs\Labtec
[16/02/2008|12:50] C:\Program Files\Fichiers communs\LogiShrd
[15/04/2007|21:14] C:\Program Files\Fichiers communs\Logitech
[23/01/2005|11:52] C:\Program Files\Fichiers communs\Microsoft Shared
[23/01/2005|11:56] C:\Program Files\Fichiers communs\MSSoap
[23/01/2005|12:12] C:\Program Files\Fichiers communs\muvee Technologies
[25/04/2008|20:54] C:\Program Files\Fichiers communs\Nero
[23/01/2005|12:11] C:\Program Files\Fichiers communs\NewTech Infosystems
[26/04/2007|20:33] C:\Program Files\Fichiers communs\NSV
[23/01/2005|11:52] C:\Program Files\Fichiers communs\ODBC
[30/04/2008|16:27] C:\Program Files\Fichiers communs\PocketSoft
[23/03/2007|21:04] C:\Program Files\Fichiers communs\Real
[23/01/2005|11:56] C:\Program Files\Fichiers communs\Services
[16/08/2007|22:28] C:\Program Files\Fichiers communs\Softwin
[23/01/2005|11:52] C:\Program Files\Fichiers communs\SpeechEngines
[16/11/2007|14:47] C:\Program Files\Fichiers communs\Symantec Shared
[23/01/2005|11:56] C:\Program Files\Fichiers communs\System
[24/03/2009|21:02] C:\Program Files\Fichiers communs\Windows Live
[11/04/2008|10:07] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[23/03/2007|21:04] C:\Program Files\Fichiers communs\xing shared
--------------------\\ Process
( 38 Processes )
iexplore.exe ~ [PID:2508]
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOCUME~1\sam\Cookies\sam@advertising[2].txt
C:\DOCUME~1\sam\Cookies\sam@advertising[1].txt
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-27 21:52:12
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\sam\Application Data\uTorrent\Adobe.Photoshop.CS2.v9.0.1.FR.Incl-Crack.et.Keygen.rar.torrent
C:\DOCUME~1\sam\Application Data\uTorrent\Avast AntiVirus PRO Edition v4.8.1169 + Keygen + 9 Serials.torrent
[F:15][D:6]-> C:\DOCUME~1\sam\LOCALS~1\Temp
[F:201][D:0]-> C:\DOCUME~1\sam\Cookies
[F:5016][D:8]-> C:\DOCUME~1\sam\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> C:\Recycled
1 - "C:\Lop SD\LopR_1.txt" - 27/04/2009|21:52 - Option : [1]
--------------------\\ Fin du rapport a 21:52:30
mercii encore
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3400+ )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : sam ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Not Activated)
C:\ (Local Disk) - FAT32 - Total:72 Go (Free:14 Go)
D:\ (Local Disk) - FAT32 - Total:73 Go (Free:3 Go)
E:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
L:\ (Local Disk) - FAT32 - Total:698 Go (Free:57 Go)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 27/04/2009|21:51 )
--------------------\\ Listing des dossiers dans APPLIC~1
[22/03/2006|08:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\CyberLink
[23/01/2005|12:07] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[23/01/2005|11:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[23/01/2005|12:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
[30/08/2007|01:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[05/05/2008|20:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
[05/12/2008|16:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\aHisoft
[04/07/2007|15:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[27/07/2006|16:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[09/08/2007|15:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7
[01/11/2007|18:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[09/07/2006|17:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[22/03/2006|08:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[02/11/2007|08:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\eBay
[22/05/2006|13:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\eConsole
[10/06/2008|21:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ESET
[16/06/2006|20:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[01/11/2007|10:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[22/05/2008|23:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IM
[22/05/2008|23:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IncrediMail
[24/06/2007|02:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[18/08/2007|20:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[18/03/2008|16:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Memeo
[20/05/2006|16:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[23/01/2005|11:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[13/01/2009|23:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo
[30/05/2008|10:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Software
[25/04/2008|20:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[29/03/2008|18:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NtiDvdCopy
[08/12/2007|17:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[21/07/2008|20:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle
[21/07/2008|20:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle Studio
[15/11/2008|11:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[21/07/2008|21:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SmartSound Software Inc
[31/10/2007|20:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[23/01/2005|12:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[13/05/2007|12:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[13/05/2007|12:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TERMINAL Studio
[16/12/2007|19:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WholeSecurity
[11/08/2006|13:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[11/04/2008|10:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[01/01/2009|22:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
[23/01/2005|11:51] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[16/06/2006|20:25] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec
[09/08/2007|15:29] C:\DOCUME~1\LOCALS~1\APPLIC~1\AVG7
[10/06/2008|21:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
[10/06/2008|21:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
[23/01/2005|11:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[23/05/2006|13:00] C:\DOCUME~1\sam\APPLIC~1\Adobe
[17/06/2006|12:32] C:\DOCUME~1\sam\APPLIC~1\AdobeUM
[27/07/2006|16:51] C:\DOCUME~1\sam\APPLIC~1\Apple Computer
[04/02/2007|09:53] C:\DOCUME~1\sam\APPLIC~1\ArcSoft
[30/04/2008|16:22] C:\DOCUME~1\sam\APPLIC~1\Atari
[09/08/2007|15:22] C:\DOCUME~1\sam\APPLIC~1\AVG7
[30/11/2006|17:55] C:\DOCUME~1\sam\APPLIC~1\Canon
[22/03/2006|08:58] C:\DOCUME~1\sam\APPLIC~1\CyberLink
[27/02/2007|18:38] C:\DOCUME~1\sam\APPLIC~1\DivX
[05/12/2007|12:57] C:\DOCUME~1\sam\APPLIC~1\dvdcss
[02/11/2007|08:25] C:\DOCUME~1\sam\APPLIC~1\eBay
[10/07/2007|10:26] C:\DOCUME~1\sam\APPLIC~1\F-Secure
[16/06/2006|20:43] C:\DOCUME~1\sam\APPLIC~1\Google
[27/06/2007|19:20] C:\DOCUME~1\sam\APPLIC~1\Help
[23/06/2008|20:20] C:\DOCUME~1\sam\APPLIC~1\HLSW
[07/11/2007|13:35] C:\DOCUME~1\sam\APPLIC~1\ICQ
[07/11/2007|13:37] C:\DOCUME~1\sam\APPLIC~1\ICQ Toolbar
[23/01/2005|12:07] C:\DOCUME~1\sam\APPLIC~1\Identities
[10/07/2007|10:22] C:\DOCUME~1\sam\APPLIC~1\ispnews
[20/05/2006|17:00] C:\DOCUME~1\sam\APPLIC~1\Lavasoft
[16/05/2008|16:41] C:\DOCUME~1\sam\APPLIC~1\LimeWire
[19/10/2006|20:46] C:\DOCUME~1\sam\APPLIC~1\Lionhead Studios
[15/12/2007|19:27] C:\DOCUME~1\sam\APPLIC~1\Logitech
[21/05/2006|12:27] C:\DOCUME~1\sam\APPLIC~1\Macromedia
[30/05/2008|07:30] C:\DOCUME~1\sam\APPLIC~1\Media Player Classic
[23/02/2007|18:50] C:\DOCUME~1\sam\APPLIC~1\Messaging-Names
[23/01/2005|11:51] C:\DOCUME~1\sam\APPLIC~1\Microsoft
[08/07/2007|15:26] C:\DOCUME~1\sam\APPLIC~1\Mozilla
[20/03/2009|10:42] C:\DOCUME~1\sam\APPLIC~1\Mumble
[25/04/2008|22:04] C:\DOCUME~1\sam\APPLIC~1\Nero
[08/07/2007|15:26] C:\DOCUME~1\sam\APPLIC~1\Nvu
[20/05/2006|18:55] C:\DOCUME~1\sam\APPLIC~1\OpenOffice.org2
[04/02/2008|15:07] C:\DOCUME~1\sam\APPLIC~1\Opera
[10/07/2007|10:26] C:\DOCUME~1\sam\APPLIC~1\PEX
[26/04/2009|22:44] C:\DOCUME~1\sam\APPLIC~1\pidle
[23/03/2007|21:03] C:\DOCUME~1\sam\APPLIC~1\Real
[05/03/2007|19:00] C:\DOCUME~1\sam\APPLIC~1\Screenshot Sender
[28/05/2007|22:55] C:\DOCUME~1\sam\APPLIC~1\Sphinx
[20/05/2006|18:06] C:\DOCUME~1\sam\APPLIC~1\Sun
[23/01/2005|12:13] C:\DOCUME~1\sam\APPLIC~1\Symantec
[05/06/2008|08:42] C:\DOCUME~1\sam\APPLIC~1\TaoUSign
[01/04/2008|17:10] C:\DOCUME~1\sam\APPLIC~1\teamspeak2
[07/02/2008|20:00] C:\DOCUME~1\sam\APPLIC~1\uTorrent
[26/11/2008|08:42] C:\DOCUME~1\sam\APPLIC~1\vlc
[18/07/2007|15:41] C:\DOCUME~1\sam\APPLIC~1\WholeSecurity
[01/11/2007|12:20] C:\DOCUME~1\sam\APPLIC~1\WinRAR
[21/11/2008|18:11] C:\DOCUME~1\sam\APPLIC~1\Yahoo!
[01/01/2009|22:51] C:\DOCUME~1\sam\APPLIC~1\Zylom
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[27/04/2009 20:57][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[14/04/2009 21:55][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[27/04/2009 16:58][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 05:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[13/04/2008|21:31] C:\Program Files\3nity CD DVD Burner
[25/01/2009|18:32] C:\Program Files\5 LUXOR GAMES FULL
[22/03/2006|08:42] C:\Program Files\Acer
[23/01/2005|12:10] C:\Program Files\Adobe
[07/09/2006|17:48] C:\Program Files\Alwil Software
[23/01/2005|12:16] C:\Program Files\AMD
[10/12/2006|12:09] C:\Program Files\Apple Software Update
[30/11/2006|17:21] C:\Program Files\ArcSoft
[30/04/2008|16:26] C:\Program Files\Atari
[08/10/2008|20:39] C:\Program Files\AV Vcs 6.0 DIAMOND
[20/11/2008|20:53] C:\Program Files\Avira
[21/08/2006|22:03] C:\Program Files\AxBx
[01/11/2007|17:54] C:\Program Files\Bluetack
[18/06/2007|22:58] C:\Program Files\Boonty
[30/11/2006|17:21] C:\Program Files\Caere
[18/12/2007|13:56] C:\Program Files\Canon
[01/11/2007|11:17] C:\Program Files\CCleaner
[25/07/2008|01:00] C:\Program Files\Code de la Route pour les Nuls
[23/01/2005|11:56] C:\Program Files\ComPlus Applications
[23/01/2005|12:13] C:\Program Files\CyberLink
[02/08/2006|20:32] C:\Program Files\directx
[24/02/2007|17:27] C:\Program Files\DivX
[18/07/2007|15:41] C:\Program Files\eBay
[20/05/2006|19:27] C:\Program Files\eMule
[10/06/2008|21:36] C:\Program Files\ESET
[27/06/2007|19:20] C:\Program Files\ETAJV PC
[23/01/2005|11:52] C:\Program Files\Fichiers communs
[02/05/2008|20:01] C:\Program Files\Free Audio Pack
[09/07/2007|16:10] C:\Program Files\F-Secure Internet Security
[11/09/2007|19:37] C:\Program Files\GEOGRAPHIE
[16/06/2006|20:43] C:\Program Files\Google
[09/08/2007|15:22] C:\Program Files\Grisoft
[23/06/2008|20:20] C:\Program Files\HLSW
[07/11/2007|13:36] C:\Program Files\ICQToolbar
[23/01/2005|12:07] C:\Program Files\InstallShield Installation Information
[02/08/2006|20:30] C:\Program Files\InterActual
[23/01/2005|11:56] C:\Program Files\Internet Explorer
[03/05/2008|09:45] C:\Program Files\iPod
[03/05/2008|09:45] C:\Program Files\iTunes
[22/03/2006|08:39] C:\Program Files\Java
[16/02/2008|12:49] C:\Program Files\Labtec
[08/02/2008|23:04] C:\Program Files\Lecteur CANALPLAY
[15/12/2007|19:23] C:\Program Files\Logitech
[13/01/2009|23:29] C:\Program Files\Luxor 3
[02/01/2009|11:54] C:\Program Files\Luxor Amun Rising
[27/06/2007|18:46] C:\Program Files\Maxis
[11/08/2007|23:38] C:\Program Files\Média-Kit
[23/01/2005|11:55] C:\Program Files\Messenger
[05/03/2007|18:59] C:\Program Files\Messenger Plus! Live
[20/05/2006|16:19] C:\Program Files\MessengerPlus! 3
[24/03/2009|21:09] C:\Program Files\Microsoft
[12/04/2008|23:51] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[23/01/2005|11:58] C:\Program Files\microsoft frontpage
[07/12/2006|20:51] C:\Program Files\Microsoft Office
[24/03/2009|21:12] C:\Program Files\Microsoft Silverlight
[24/03/2009|21:11] C:\Program Files\Microsoft SQL Server Compact Edition
[23/01/2005|11:56] C:\Program Files\Movie Maker
[21/11/2008|19:48] C:\Program Files\Mozilla Firefox
[30/05/2008|10:36] C:\Program Files\MPEGTOAVI
[23/01/2005|11:55] C:\Program Files\MSN
[23/01/2005|11:55] C:\Program Files\MSN Gaming Zone
[20/05/2006|16:51] C:\Program Files\MSN Messenger
[17/02/2008|21:28] C:\Program Files\MSXML 4.0
[20/03/2009|10:39] C:\Program Files\Mumble
[12/08/2007|21:59] C:\Program Files\Namo
[10/06/2008|22:33] C:\Program Files\Navilog1
[30/05/2008|10:43] C:\Program Files\NCH Software
[25/04/2008|20:54] C:\Program Files\Nero
[23/01/2005|11:56] C:\Program Files\NetMeeting
[23/01/2005|12:11] C:\Program Files\NewTech Infosystems
[16/11/2007|13:08] C:\Program Files\Norton Security Scan
[08/07/2007|15:26] C:\Program Files\Nvu
[13/05/2007|12:48] C:\Program Files\Oberon Media
[23/01/2005|11:55] C:\Program Files\Online Services
[20/05/2006|18:53] C:\Program Files\OpenOffice.org 2.0
[04/02/2008|15:06] C:\Program Files\Opera
[23/01/2005|11:56] C:\Program Files\Outlook Express
[21/07/2008|20:55] C:\Program Files\Pinnacle
[12/08/2007|21:43] C:\Program Files\Popims
[03/05/2008|09:43] C:\Program Files\QuickTime
[23/03/2007|21:04] C:\Program Files\Real
[16/09/2007|18:03] C:\Program Files\Realtek AC97
[05/12/2006|13:34] C:\Program Files\SAGEM
[30/05/2008|12:57] C:\Program Files\Satsuki Decoder Pack
[23/01/2005|11:57] C:\Program Files\Services en ligne
[26/06/2007|17:15] C:\Program Files\SimCity 4
[21/07/2008|21:03] C:\Program Files\SmartSound Software
[31/10/2007|20:49] C:\Program Files\Spybot - Search & Destroy
[19/05/2007|14:50] C:\Program Files\Stardock
[15/09/2007|21:11] C:\Program Files\Steam
[01/02/2009|16:15] C:\Program Files\SubSync
[24/10/2008|12:56] C:\Program Files\Sun
[01/04/2008|17:15] C:\Program Files\Teamspeak2_RC2
[13/12/2008|13:54] C:\Program Files\TimeAdjuster
[01/11/2007|13:05] C:\Program Files\Trend Micro
[17/05/2008|10:26] C:\Program Files\TSO
[23/01/2005|12:07] C:\Program Files\Uninstall Information
[01/02/2009|16:31] C:\Program Files\URUSoft
[07/02/2008|20:00] C:\Program Files\uTorrent
[05/12/2008|16:36] C:\Program Files\VDOWNLOADER
[16/10/2007|12:11] C:\Program Files\VideoLAN
[18/03/2008|16:33] C:\Program Files\Western Digital
[18/03/2008|16:29] C:\Program Files\Western Digital Technologies
[11/04/2008|10:07] C:\Program Files\Windows Live
[02/03/2007|15:16] C:\Program Files\Windows Live Safety Center
[24/03/2009|21:09] C:\Program Files\Windows Live SkyDrive
[31/12/2006|12:57] C:\Program Files\Windows Media Connect 2
[23/01/2005|11:55] C:\Program Files\Windows Media Player
[23/01/2005|11:55] C:\Program Files\Windows NT
[23/01/2005|11:57] C:\Program Files\WindowsUpdate
[26/07/2006|23:00] C:\Program Files\WinRAR
[03/06/2006|13:32] C:\Program Files\WinZip
[23/01/2005|11:58] C:\Program Files\xerox
[21/11/2008|18:09] C:\Program Files\Yahoo!
[01/01/2009|22:51] C:\Program Files\Zylom Games
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[23/01/2005|12:10] C:\Program Files\Fichiers communs\Adobe
[05/05/2008|20:01] C:\Program Files\Fichiers communs\Adobe Systems Shared
[14/06/2008|15:35] C:\Program Files\Fichiers communs\AIPTEK HD-DV
[18/01/2008|11:58] C:\Program Files\Fichiers communs\Apple
[22/03/2006|08:41] C:\Program Files\Fichiers communs\ArcSoft
[27/10/2007|14:02] C:\Program Files\Fichiers communs\BitDefender
[09/07/2006|17:17] C:\Program Files\Fichiers communs\BOONTY Shared
[30/11/2006|17:21] C:\Program Files\Fichiers communs\Caere
[07/12/2006|20:51] C:\Program Files\Fichiers communs\Designer
[23/01/2005|12:05] C:\Program Files\Fichiers communs\InstallShield
[22/03/2006|08:39] C:\Program Files\Fichiers communs\Java
[16/02/2008|12:51] C:\Program Files\Fichiers communs\Labtec
[16/02/2008|12:50] C:\Program Files\Fichiers communs\LogiShrd
[15/04/2007|21:14] C:\Program Files\Fichiers communs\Logitech
[23/01/2005|11:52] C:\Program Files\Fichiers communs\Microsoft Shared
[23/01/2005|11:56] C:\Program Files\Fichiers communs\MSSoap
[23/01/2005|12:12] C:\Program Files\Fichiers communs\muvee Technologies
[25/04/2008|20:54] C:\Program Files\Fichiers communs\Nero
[23/01/2005|12:11] C:\Program Files\Fichiers communs\NewTech Infosystems
[26/04/2007|20:33] C:\Program Files\Fichiers communs\NSV
[23/01/2005|11:52] C:\Program Files\Fichiers communs\ODBC
[30/04/2008|16:27] C:\Program Files\Fichiers communs\PocketSoft
[23/03/2007|21:04] C:\Program Files\Fichiers communs\Real
[23/01/2005|11:56] C:\Program Files\Fichiers communs\Services
[16/08/2007|22:28] C:\Program Files\Fichiers communs\Softwin
[23/01/2005|11:52] C:\Program Files\Fichiers communs\SpeechEngines
[16/11/2007|14:47] C:\Program Files\Fichiers communs\Symantec Shared
[23/01/2005|11:56] C:\Program Files\Fichiers communs\System
[24/03/2009|21:02] C:\Program Files\Fichiers communs\Windows Live
[11/04/2008|10:07] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[23/03/2007|21:04] C:\Program Files\Fichiers communs\xing shared
--------------------\\ Process
( 38 Processes )
iexplore.exe ~ [PID:2508]
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOCUME~1\sam\Cookies\sam@advertising[2].txt
C:\DOCUME~1\sam\Cookies\sam@advertising[1].txt
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-27 21:52:12
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\sam\Application Data\uTorrent\Adobe.Photoshop.CS2.v9.0.1.FR.Incl-Crack.et.Keygen.rar.torrent
C:\DOCUME~1\sam\Application Data\uTorrent\Avast AntiVirus PRO Edition v4.8.1169 + Keygen + 9 Serials.torrent
[F:15][D:6]-> C:\DOCUME~1\sam\LOCALS~1\Temp
[F:201][D:0]-> C:\DOCUME~1\sam\Cookies
[F:5016][D:8]-> C:\DOCUME~1\sam\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> C:\Recycled
1 - "C:\Lop SD\LopR_1.txt" - 27/04/2009|21:52 - Option : [1]
--------------------\\ Fin du rapport a 21:52:30
mercii encore
boah,ta presque terminé!
Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
*** Ne ferme pas la fenêtre lors de la suppression ***
Un rapport sera créé, poste son contenu ici.
poste aussi un nouveau rapport hijack pour vérifier que les lignes cochées ne sont pas revenue
Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
*** Ne ferme pas la fenêtre lors de la suppression ***
Un rapport sera créé, poste son contenu ici.
poste aussi un nouveau rapport hijack pour vérifier que les lignes cochées ne sont pas revenue
bonjour !!!
voici le rapport toolbar :
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3400+ )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : sam ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Not Activated)
C:\ (Local Disk) - FAT32 - Total:72 Go (Free:14 Go)
D:\ (Local Disk) - FAT32 - Total:73 Go (Free:3 Go)
E:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
L:\ (Local Disk) - FAT32 - Total:698 Go (Free:57 Go)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 28/04/2009|10:27 )
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ Extensions
(sam) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://home.sweetim.com/"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\sam\Application Data\uTorrent\Adobe.Photoshop.CS2.v9.0.1.FR.Incl-Crack.et.Keygen.rar.torrent
C:\DOCUME~1\sam\Application Data\uTorrent\Avast AntiVirus PRO Edition v4.8.1169 + Keygen + 9 Serials.torrent
1 - "C:\ToolBar SD\TB_1.txt" - 27/04/2009|19:17 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 27/04/2009|19:49 - Option : [2]
3 - "C:\ToolBar SD\TB_3.txt" - 28/04/2009|10:28 - Option : [2]
-----------\\ Fin du rapport a 10:28:17,21
et voici ke rapport hijackhis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:03, on 28/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.tiscali.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [pidle] "C:\Documents and Settings\sam\Application Data\pidle\pidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16293524-21E5-474A-966B-AF4CBF48EC4B}: NameServer = 213.36.80.1 213.36.80.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{16293524-21E5-474A-966B-AF4CBF48EC4B}: NameServer = 213.36.80.1 213.36.80.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{16293524-21E5-474A-966B-AF4CBF48EC4B}: NameServer = 213.36.80.1 213.36.80.1
O18 - Protocol: bw+0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: ssqNGXQJ - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Update Service (gupdate1c9a431286796c0) (gupdate1c9a431286796c0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
voici le rapport toolbar :
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3400+ )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : sam ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Not Activated)
C:\ (Local Disk) - FAT32 - Total:72 Go (Free:14 Go)
D:\ (Local Disk) - FAT32 - Total:73 Go (Free:3 Go)
E:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
L:\ (Local Disk) - FAT32 - Total:698 Go (Free:57 Go)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 28/04/2009|10:27 )
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ Extensions
(sam) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://home.sweetim.com/"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\sam\Application Data\uTorrent\Adobe.Photoshop.CS2.v9.0.1.FR.Incl-Crack.et.Keygen.rar.torrent
C:\DOCUME~1\sam\Application Data\uTorrent\Avast AntiVirus PRO Edition v4.8.1169 + Keygen + 9 Serials.torrent
1 - "C:\ToolBar SD\TB_1.txt" - 27/04/2009|19:17 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 27/04/2009|19:49 - Option : [2]
3 - "C:\ToolBar SD\TB_3.txt" - 28/04/2009|10:28 - Option : [2]
-----------\\ Fin du rapport a 10:28:17,21
et voici ke rapport hijackhis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:03, on 28/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.tiscali.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [pidle] "C:\Documents and Settings\sam\Application Data\pidle\pidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16293524-21E5-474A-966B-AF4CBF48EC4B}: NameServer = 213.36.80.1 213.36.80.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{16293524-21E5-474A-966B-AF4CBF48EC4B}: NameServer = 213.36.80.1 213.36.80.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{16293524-21E5-474A-966B-AF4CBF48EC4B}: NameServer = 213.36.80.1 213.36.80.1
O18 - Protocol: bw+0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: ssqNGXQJ - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Update Service (gupdate1c9a431286796c0) (gupdate1c9a431286796c0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
oups,excuse moi,je me suis trompé de fiche
Relance LOP S&D
Choisis cette fois ci l'Option 2 ( Suppression )
Ne ferme pas la fenêtre lors de la suppression !
Poste le rapport généré ( C:\lopR.txt )
( Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet Fichier,
Nouvelle tâche, tape explorer.exe et valide )
Relance LOP S&D
Choisis cette fois ci l'Option 2 ( Suppression )
Ne ferme pas la fenêtre lors de la suppression !
Poste le rapport généré ( C:\lopR.txt )
( Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet Fichier,
Nouvelle tâche, tape explorer.exe et valide )
voici le rapport :
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3400+ )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : sam ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Not Activated)
C:\ (Local Disk) - FAT32 - Total:72 Go (Free:14 Go)
D:\ (Local Disk) - FAT32 - Total:73 Go (Free:3 Go)
E:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
L:\ (Local Disk) - FAT32 - Total:698 Go (Free:57 Go)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 28/04/2009|11:21 )
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
Supprime! - C:\DOCUME~1\sam\Cookies\sam@advertising[2].txt
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans APPLIC~1
[22/03/2006|08:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\CyberLink
[23/01/2005|12:07] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[23/01/2005|11:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[23/01/2005|12:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
[30/08/2007|01:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[05/05/2008|20:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
[05/12/2008|16:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\aHisoft
[04/07/2007|15:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[27/07/2006|16:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[09/08/2007|15:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7
[01/11/2007|18:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[09/07/2006|17:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[22/03/2006|08:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[02/11/2007|08:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\eBay
[22/05/2006|13:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\eConsole
[10/06/2008|21:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ESET
[16/06/2006|20:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[01/11/2007|10:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[22/05/2008|23:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IM
[22/05/2008|23:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IncrediMail
[24/06/2007|02:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[18/08/2007|20:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[18/03/2008|16:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Memeo
[20/05/2006|16:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[23/01/2005|11:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[13/01/2009|23:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo
[30/05/2008|10:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Software
[25/04/2008|20:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[29/03/2008|18:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NtiDvdCopy
[08/12/2007|17:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[21/07/2008|20:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle
[21/07/2008|20:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle Studio
[15/11/2008|11:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[21/07/2008|21:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SmartSound Software Inc
[31/10/2007|20:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[23/01/2005|12:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[13/05/2007|12:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[13/05/2007|12:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TERMINAL Studio
[16/12/2007|19:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WholeSecurity
[11/08/2006|13:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[11/04/2008|10:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[01/01/2009|22:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
[23/01/2005|11:51] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[16/06/2006|20:25] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec
[09/08/2007|15:29] C:\DOCUME~1\LOCALS~1\APPLIC~1\AVG7
[10/06/2008|21:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
[10/06/2008|21:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
[23/01/2005|11:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[23/05/2006|13:00] C:\DOCUME~1\sam\APPLIC~1\Adobe
[17/06/2006|12:32] C:\DOCUME~1\sam\APPLIC~1\AdobeUM
[27/07/2006|16:51] C:\DOCUME~1\sam\APPLIC~1\Apple Computer
[04/02/2007|09:53] C:\DOCUME~1\sam\APPLIC~1\ArcSoft
[30/04/2008|16:22] C:\DOCUME~1\sam\APPLIC~1\Atari
[09/08/2007|15:22] C:\DOCUME~1\sam\APPLIC~1\AVG7
[30/11/2006|17:55] C:\DOCUME~1\sam\APPLIC~1\Canon
[22/03/2006|08:58] C:\DOCUME~1\sam\APPLIC~1\CyberLink
[27/02/2007|18:38] C:\DOCUME~1\sam\APPLIC~1\DivX
[05/12/2007|12:57] C:\DOCUME~1\sam\APPLIC~1\dvdcss
[02/11/2007|08:25] C:\DOCUME~1\sam\APPLIC~1\eBay
[10/07/2007|10:26] C:\DOCUME~1\sam\APPLIC~1\F-Secure
[16/06/2006|20:43] C:\DOCUME~1\sam\APPLIC~1\Google
[27/06/2007|19:20] C:\DOCUME~1\sam\APPLIC~1\Help
[23/06/2008|20:20] C:\DOCUME~1\sam\APPLIC~1\HLSW
[07/11/2007|13:35] C:\DOCUME~1\sam\APPLIC~1\ICQ
[07/11/2007|13:37] C:\DOCUME~1\sam\APPLIC~1\ICQ Toolbar
[23/01/2005|12:07] C:\DOCUME~1\sam\APPLIC~1\Identities
[10/07/2007|10:22] C:\DOCUME~1\sam\APPLIC~1\ispnews
[20/05/2006|17:00] C:\DOCUME~1\sam\APPLIC~1\Lavasoft
[16/05/2008|16:41] C:\DOCUME~1\sam\APPLIC~1\LimeWire
[19/10/2006|20:46] C:\DOCUME~1\sam\APPLIC~1\Lionhead Studios
[15/12/2007|19:27] C:\DOCUME~1\sam\APPLIC~1\Logitech
[21/05/2006|12:27] C:\DOCUME~1\sam\APPLIC~1\Macromedia
[30/05/2008|07:30] C:\DOCUME~1\sam\APPLIC~1\Media Player Classic
[23/02/2007|18:50] C:\DOCUME~1\sam\APPLIC~1\Messaging-Names
[23/01/2005|11:51] C:\DOCUME~1\sam\APPLIC~1\Microsoft
[08/07/2007|15:26] C:\DOCUME~1\sam\APPLIC~1\Mozilla
[20/03/2009|10:42] C:\DOCUME~1\sam\APPLIC~1\Mumble
[25/04/2008|22:04] C:\DOCUME~1\sam\APPLIC~1\Nero
[08/07/2007|15:26] C:\DOCUME~1\sam\APPLIC~1\Nvu
[20/05/2006|18:55] C:\DOCUME~1\sam\APPLIC~1\OpenOffice.org2
[04/02/2008|15:07] C:\DOCUME~1\sam\APPLIC~1\Opera
[10/07/2007|10:26] C:\DOCUME~1\sam\APPLIC~1\PEX
[26/04/2009|22:44] C:\DOCUME~1\sam\APPLIC~1\pidle
[23/03/2007|21:03] C:\DOCUME~1\sam\APPLIC~1\Real
[05/03/2007|19:00] C:\DOCUME~1\sam\APPLIC~1\Screenshot Sender
[28/05/2007|22:55] C:\DOCUME~1\sam\APPLIC~1\Sphinx
[20/05/2006|18:06] C:\DOCUME~1\sam\APPLIC~1\Sun
[23/01/2005|12:13] C:\DOCUME~1\sam\APPLIC~1\Symantec
[05/06/2008|08:42] C:\DOCUME~1\sam\APPLIC~1\TaoUSign
[01/04/2008|17:10] C:\DOCUME~1\sam\APPLIC~1\teamspeak2
[07/02/2008|20:00] C:\DOCUME~1\sam\APPLIC~1\uTorrent
[26/11/2008|08:42] C:\DOCUME~1\sam\APPLIC~1\vlc
[18/07/2007|15:41] C:\DOCUME~1\sam\APPLIC~1\WholeSecurity
[01/11/2007|12:20] C:\DOCUME~1\sam\APPLIC~1\WinRAR
[21/11/2008|18:11] C:\DOCUME~1\sam\APPLIC~1\Yahoo!
[01/01/2009|22:51] C:\DOCUME~1\sam\APPLIC~1\Zylom
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[28/04/2009 10:21][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[14/04/2009 21:55][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[28/04/2009 10:21][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 05:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[13/04/2008|21:31] C:\Program Files\3nity CD DVD Burner
[25/01/2009|18:32] C:\Program Files\5 LUXOR GAMES FULL
[22/03/2006|08:42] C:\Program Files\Acer
[23/01/2005|12:10] C:\Program Files\Adobe
[07/09/2006|17:48] C:\Program Files\Alwil Software
[23/01/2005|12:16] C:\Program Files\AMD
[10/12/2006|12:09] C:\Program Files\Apple Software Update
[30/11/2006|17:21] C:\Program Files\ArcSoft
[30/04/2008|16:26] C:\Program Files\Atari
[08/10/2008|20:39] C:\Program Files\AV Vcs 6.0 DIAMOND
[20/11/2008|20:53] C:\Program Files\Avira
[21/08/2006|22:03] C:\Program Files\AxBx
[01/11/2007|17:54] C:\Program Files\Bluetack
[18/06/2007|22:58] C:\Program Files\Boonty
[30/11/2006|17:21] C:\Program Files\Caere
[18/12/2007|13:56] C:\Program Files\Canon
[01/11/2007|11:17] C:\Program Files\CCleaner
[25/07/2008|01:00] C:\Program Files\Code de la Route pour les Nuls
[23/01/2005|11:56] C:\Program Files\ComPlus Applications
[23/01/2005|12:13] C:\Program Files\CyberLink
[02/08/2006|20:32] C:\Program Files\directx
[24/02/2007|17:27] C:\Program Files\DivX
[18/07/2007|15:41] C:\Program Files\eBay
[20/05/2006|19:27] C:\Program Files\eMule
[10/06/2008|21:36] C:\Program Files\ESET
[27/06/2007|19:20] C:\Program Files\ETAJV PC
[23/01/2005|11:52] C:\Program Files\Fichiers communs
[02/05/2008|20:01] C:\Program Files\Free Audio Pack
[09/07/2007|16:10] C:\Program Files\F-Secure Internet Security
[11/09/2007|19:37] C:\Program Files\GEOGRAPHIE
[16/06/2006|20:43] C:\Program Files\Google
[09/08/2007|15:22] C:\Program Files\Grisoft
[23/06/2008|20:20] C:\Program Files\HLSW
[07/11/2007|13:36] C:\Program Files\ICQToolbar
[23/01/2005|12:07] C:\Program Files\InstallShield Installation Information
[02/08/2006|20:30] C:\Program Files\InterActual
[23/01/2005|11:56] C:\Program Files\Internet Explorer
[03/05/2008|09:45] C:\Program Files\iPod
[03/05/2008|09:45] C:\Program Files\iTunes
[22/03/2006|08:39] C:\Program Files\Java
[16/02/2008|12:49] C:\Program Files\Labtec
[08/02/2008|23:04] C:\Program Files\Lecteur CANALPLAY
[15/12/2007|19:23] C:\Program Files\Logitech
[13/01/2009|23:29] C:\Program Files\Luxor 3
[02/01/2009|11:54] C:\Program Files\Luxor Amun Rising
[27/06/2007|18:46] C:\Program Files\Maxis
[11/08/2007|23:38] C:\Program Files\Média-Kit
[23/01/2005|11:55] C:\Program Files\Messenger
[05/03/2007|18:59] C:\Program Files\Messenger Plus! Live
[20/05/2006|16:19] C:\Program Files\MessengerPlus! 3
[24/03/2009|21:09] C:\Program Files\Microsoft
[12/04/2008|23:51] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[23/01/2005|11:58] C:\Program Files\microsoft frontpage
[07/12/2006|20:51] C:\Program Files\Microsoft Office
[24/03/2009|21:12] C:\Program Files\Microsoft Silverlight
[24/03/2009|21:11] C:\Program Files\Microsoft SQL Server Compact Edition
[23/01/2005|11:56] C:\Program Files\Movie Maker
[21/11/2008|19:48] C:\Program Files\Mozilla Firefox
[30/05/2008|10:36] C:\Program Files\MPEGTOAVI
[23/01/2005|11:55] C:\Program Files\MSN
[23/01/2005|11:55] C:\Program Files\MSN Gaming Zone
[20/05/2006|16:51] C:\Program Files\MSN Messenger
[17/02/2008|21:28] C:\Program Files\MSXML 4.0
[20/03/2009|10:39] C:\Program Files\Mumble
[12/08/2007|21:59] C:\Program Files\Namo
[10/06/2008|22:33] C:\Program Files\Navilog1
[30/05/2008|10:43] C:\Program Files\NCH Software
[25/04/2008|20:54] C:\Program Files\Nero
[23/01/2005|11:56] C:\Program Files\NetMeeting
[23/01/2005|12:11] C:\Program Files\NewTech Infosystems
[16/11/2007|13:08] C:\Program Files\Norton Security Scan
[08/07/2007|15:26] C:\Program Files\Nvu
[13/05/2007|12:48] C:\Program Files\Oberon Media
[23/01/2005|11:55] C:\Program Files\Online Services
[20/05/2006|18:53] C:\Program Files\OpenOffice.org 2.0
[04/02/2008|15:06] C:\Program Files\Opera
[23/01/2005|11:56] C:\Program Files\Outlook Express
[21/07/2008|20:55] C:\Program Files\Pinnacle
[12/08/2007|21:43] C:\Program Files\Popims
[03/05/2008|09:43] C:\Program Files\QuickTime
[23/03/2007|21:04] C:\Program Files\Real
[16/09/2007|18:03] C:\Program Files\Realtek AC97
[05/12/2006|13:34] C:\Program Files\SAGEM
[30/05/2008|12:57] C:\Program Files\Satsuki Decoder Pack
[23/01/2005|11:57] C:\Program Files\Services en ligne
[26/06/2007|17:15] C:\Program Files\SimCity 4
[21/07/2008|21:03] C:\Program Files\SmartSound Software
[31/10/2007|20:49] C:\Program Files\Spybot - Search & Destroy
[19/05/2007|14:50] C:\Program Files\Stardock
[15/09/2007|21:11] C:\Program Files\Steam
[01/02/2009|16:15] C:\Program Files\SubSync
[24/10/2008|12:56] C:\Program Files\Sun
[01/04/2008|17:15] C:\Program Files\Teamspeak2_RC2
[13/12/2008|13:54] C:\Program Files\TimeAdjuster
[01/11/2007|13:05] C:\Program Files\Trend Micro
[17/05/2008|10:26] C:\Program Files\TSO
[23/01/2005|12:07] C:\Program Files\Uninstall Information
[01/02/2009|16:31] C:\Program Files\URUSoft
[07/02/2008|20:00] C:\Program Files\uTorrent
[05/12/2008|16:36] C:\Program Files\VDOWNLOADER
[16/10/2007|12:11] C:\Program Files\VideoLAN
[18/03/2008|16:33] C:\Program Files\Western Digital
[18/03/2008|16:29] C:\Program Files\Western Digital Technologies
[11/04/2008|10:07] C:\Program Files\Windows Live
[02/03/2007|15:16] C:\Program Files\Windows Live Safety Center
[24/03/2009|21:09] C:\Program Files\Windows Live SkyDrive
[31/12/2006|12:57] C:\Program Files\Windows Media Connect 2
[23/01/2005|11:55] C:\Program Files\Windows Media Player
[23/01/2005|11:55] C:\Program Files\Windows NT
[23/01/2005|11:57] C:\Program Files\WindowsUpdate
[26/07/2006|23:00] C:\Program Files\WinRAR
[03/06/2006|13:32] C:\Program Files\WinZip
[23/01/2005|11:58] C:\Program Files\xerox
[21/11/2008|18:09] C:\Program Files\Yahoo!
[01/01/2009|22:51] C:\Program Files\Zylom Games
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[23/01/2005|12:10] C:\Program Files\Fichiers communs\Adobe
[05/05/2008|20:01] C:\Program Files\Fichiers communs\Adobe Systems Shared
[14/06/2008|15:35] C:\Program Files\Fichiers communs\AIPTEK HD-DV
[18/01/2008|11:58] C:\Program Files\Fichiers communs\Apple
[22/03/2006|08:41] C:\Program Files\Fichiers communs\ArcSoft
[27/10/2007|14:02] C:\Program Files\Fichiers communs\BitDefender
[09/07/2006|17:17] C:\Program Files\Fichiers communs\BOONTY Shared
[30/11/2006|17:21] C:\Program Files\Fichiers communs\Caere
[07/12/2006|20:51] C:\Program Files\Fichiers communs\Designer
[23/01/2005|12:05] C:\Program Files\Fichiers communs\InstallShield
[22/03/2006|08:39] C:\Program Files\Fichiers communs\Java
[16/02/2008|12:51] C:\Program Files\Fichiers communs\Labtec
[16/02/2008|12:50] C:\Program Files\Fichiers communs\LogiShrd
[15/04/2007|21:14] C:\Program Files\Fichiers communs\Logitech
[23/01/2005|11:52] C:\Program Files\Fichiers communs\Microsoft Shared
[23/01/2005|11:56] C:\Program Files\Fichiers communs\MSSoap
[23/01/2005|12:12] C:\Program Files\Fichiers communs\muvee Technologies
[25/04/2008|20:54] C:\Program Files\Fichiers communs\Nero
[23/01/2005|12:11] C:\Program Files\Fichiers communs\NewTech Infosystems
[26/04/2007|20:33] C:\Program Files\Fichiers communs\NSV
[23/01/2005|11:52] C:\Program Files\Fichiers communs\ODBC
[30/04/2008|16:27] C:\Program Files\Fichiers communs\PocketSoft
[23/03/2007|21:04] C:\Program Files\Fichiers communs\Real
[23/01/2005|11:56] C:\Program Files\Fichiers communs\Services
[16/08/2007|22:28] C:\Program Files\Fichiers communs\Softwin
[23/01/2005|11:52] C:\Program Files\Fichiers communs\SpeechEngines
[16/11/2007|14:47] C:\Program Files\Fichiers communs\Symantec Shared
[23/01/2005|11:56] C:\Program Files\Fichiers communs\System
[24/03/2009|21:02] C:\Program Files\Fichiers communs\Windows Live
[11/04/2008|10:07] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[23/03/2007|21:04] C:\Program Files\Fichiers communs\xing shared
--------------------\\ Process
( 34 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOCUME~1\sam\Cookies\sam@advertising[3].txt
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-28 11:22:41
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\sam\Application Data\uTorrent\Adobe.Photoshop.CS2.v9.0.1.FR.Incl-Crack.et.Keygen.rar.torrent
C:\DOCUME~1\sam\Application Data\uTorrent\Avast AntiVirus PRO Edition v4.8.1169 + Keygen + 9 Serials.torrent
[F:19][D:7]-> C:\DOCUME~1\sam\LOCALS~1\Temp
[F:217][D:0]-> C:\DOCUME~1\sam\Cookies
[F:6248][D:8]-> C:\DOCUME~1\sam\LOCALS~1\TEMPOR~1\content.IE5
[F:3][D:0]-> C:\Recycled
1 - "C:\Lop SD\LopR_1.txt" - 27/04/2009|21:52 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 28/04/2009|11:22 - Option : [2]
--------------------\\ Fin du rapport a 11:22:58
merci
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3400+ )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : sam ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Not Activated)
C:\ (Local Disk) - FAT32 - Total:72 Go (Free:14 Go)
D:\ (Local Disk) - FAT32 - Total:73 Go (Free:3 Go)
E:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
L:\ (Local Disk) - FAT32 - Total:698 Go (Free:57 Go)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 28/04/2009|11:21 )
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
Supprime! - C:\DOCUME~1\sam\Cookies\sam@advertising[2].txt
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans APPLIC~1
[22/03/2006|08:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\CyberLink
[23/01/2005|12:07] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[23/01/2005|11:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[23/01/2005|12:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
[30/08/2007|01:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[05/05/2008|20:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
[05/12/2008|16:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\aHisoft
[04/07/2007|15:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[27/07/2006|16:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[09/08/2007|15:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg7
[01/11/2007|18:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[09/07/2006|17:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[22/03/2006|08:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[02/11/2007|08:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\eBay
[22/05/2006|13:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\eConsole
[10/06/2008|21:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ESET
[16/06/2006|20:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[01/11/2007|10:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[22/05/2008|23:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IM
[22/05/2008|23:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IncrediMail
[24/06/2007|02:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[18/08/2007|20:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[18/03/2008|16:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Memeo
[20/05/2006|16:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[23/01/2005|11:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[13/01/2009|23:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo
[30/05/2008|10:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Software
[25/04/2008|20:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[29/03/2008|18:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NtiDvdCopy
[08/12/2007|17:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[21/07/2008|20:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle
[21/07/2008|20:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle Studio
[15/11/2008|11:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[21/07/2008|21:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SmartSound Software Inc
[31/10/2007|20:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[23/01/2005|12:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[13/05/2007|12:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[13/05/2007|12:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TERMINAL Studio
[16/12/2007|19:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WholeSecurity
[11/08/2006|13:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[11/04/2008|10:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[01/01/2009|22:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
[23/01/2005|11:51] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[16/06/2006|20:25] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec
[09/08/2007|15:29] C:\DOCUME~1\LOCALS~1\APPLIC~1\AVG7
[10/06/2008|21:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
[10/06/2008|21:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
[23/01/2005|11:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[23/05/2006|13:00] C:\DOCUME~1\sam\APPLIC~1\Adobe
[17/06/2006|12:32] C:\DOCUME~1\sam\APPLIC~1\AdobeUM
[27/07/2006|16:51] C:\DOCUME~1\sam\APPLIC~1\Apple Computer
[04/02/2007|09:53] C:\DOCUME~1\sam\APPLIC~1\ArcSoft
[30/04/2008|16:22] C:\DOCUME~1\sam\APPLIC~1\Atari
[09/08/2007|15:22] C:\DOCUME~1\sam\APPLIC~1\AVG7
[30/11/2006|17:55] C:\DOCUME~1\sam\APPLIC~1\Canon
[22/03/2006|08:58] C:\DOCUME~1\sam\APPLIC~1\CyberLink
[27/02/2007|18:38] C:\DOCUME~1\sam\APPLIC~1\DivX
[05/12/2007|12:57] C:\DOCUME~1\sam\APPLIC~1\dvdcss
[02/11/2007|08:25] C:\DOCUME~1\sam\APPLIC~1\eBay
[10/07/2007|10:26] C:\DOCUME~1\sam\APPLIC~1\F-Secure
[16/06/2006|20:43] C:\DOCUME~1\sam\APPLIC~1\Google
[27/06/2007|19:20] C:\DOCUME~1\sam\APPLIC~1\Help
[23/06/2008|20:20] C:\DOCUME~1\sam\APPLIC~1\HLSW
[07/11/2007|13:35] C:\DOCUME~1\sam\APPLIC~1\ICQ
[07/11/2007|13:37] C:\DOCUME~1\sam\APPLIC~1\ICQ Toolbar
[23/01/2005|12:07] C:\DOCUME~1\sam\APPLIC~1\Identities
[10/07/2007|10:22] C:\DOCUME~1\sam\APPLIC~1\ispnews
[20/05/2006|17:00] C:\DOCUME~1\sam\APPLIC~1\Lavasoft
[16/05/2008|16:41] C:\DOCUME~1\sam\APPLIC~1\LimeWire
[19/10/2006|20:46] C:\DOCUME~1\sam\APPLIC~1\Lionhead Studios
[15/12/2007|19:27] C:\DOCUME~1\sam\APPLIC~1\Logitech
[21/05/2006|12:27] C:\DOCUME~1\sam\APPLIC~1\Macromedia
[30/05/2008|07:30] C:\DOCUME~1\sam\APPLIC~1\Media Player Classic
[23/02/2007|18:50] C:\DOCUME~1\sam\APPLIC~1\Messaging-Names
[23/01/2005|11:51] C:\DOCUME~1\sam\APPLIC~1\Microsoft
[08/07/2007|15:26] C:\DOCUME~1\sam\APPLIC~1\Mozilla
[20/03/2009|10:42] C:\DOCUME~1\sam\APPLIC~1\Mumble
[25/04/2008|22:04] C:\DOCUME~1\sam\APPLIC~1\Nero
[08/07/2007|15:26] C:\DOCUME~1\sam\APPLIC~1\Nvu
[20/05/2006|18:55] C:\DOCUME~1\sam\APPLIC~1\OpenOffice.org2
[04/02/2008|15:07] C:\DOCUME~1\sam\APPLIC~1\Opera
[10/07/2007|10:26] C:\DOCUME~1\sam\APPLIC~1\PEX
[26/04/2009|22:44] C:\DOCUME~1\sam\APPLIC~1\pidle
[23/03/2007|21:03] C:\DOCUME~1\sam\APPLIC~1\Real
[05/03/2007|19:00] C:\DOCUME~1\sam\APPLIC~1\Screenshot Sender
[28/05/2007|22:55] C:\DOCUME~1\sam\APPLIC~1\Sphinx
[20/05/2006|18:06] C:\DOCUME~1\sam\APPLIC~1\Sun
[23/01/2005|12:13] C:\DOCUME~1\sam\APPLIC~1\Symantec
[05/06/2008|08:42] C:\DOCUME~1\sam\APPLIC~1\TaoUSign
[01/04/2008|17:10] C:\DOCUME~1\sam\APPLIC~1\teamspeak2
[07/02/2008|20:00] C:\DOCUME~1\sam\APPLIC~1\uTorrent
[26/11/2008|08:42] C:\DOCUME~1\sam\APPLIC~1\vlc
[18/07/2007|15:41] C:\DOCUME~1\sam\APPLIC~1\WholeSecurity
[01/11/2007|12:20] C:\DOCUME~1\sam\APPLIC~1\WinRAR
[21/11/2008|18:11] C:\DOCUME~1\sam\APPLIC~1\Yahoo!
[01/01/2009|22:51] C:\DOCUME~1\sam\APPLIC~1\Zylom
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[28/04/2009 10:21][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[14/04/2009 21:55][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[28/04/2009 10:21][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 05:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[13/04/2008|21:31] C:\Program Files\3nity CD DVD Burner
[25/01/2009|18:32] C:\Program Files\5 LUXOR GAMES FULL
[22/03/2006|08:42] C:\Program Files\Acer
[23/01/2005|12:10] C:\Program Files\Adobe
[07/09/2006|17:48] C:\Program Files\Alwil Software
[23/01/2005|12:16] C:\Program Files\AMD
[10/12/2006|12:09] C:\Program Files\Apple Software Update
[30/11/2006|17:21] C:\Program Files\ArcSoft
[30/04/2008|16:26] C:\Program Files\Atari
[08/10/2008|20:39] C:\Program Files\AV Vcs 6.0 DIAMOND
[20/11/2008|20:53] C:\Program Files\Avira
[21/08/2006|22:03] C:\Program Files\AxBx
[01/11/2007|17:54] C:\Program Files\Bluetack
[18/06/2007|22:58] C:\Program Files\Boonty
[30/11/2006|17:21] C:\Program Files\Caere
[18/12/2007|13:56] C:\Program Files\Canon
[01/11/2007|11:17] C:\Program Files\CCleaner
[25/07/2008|01:00] C:\Program Files\Code de la Route pour les Nuls
[23/01/2005|11:56] C:\Program Files\ComPlus Applications
[23/01/2005|12:13] C:\Program Files\CyberLink
[02/08/2006|20:32] C:\Program Files\directx
[24/02/2007|17:27] C:\Program Files\DivX
[18/07/2007|15:41] C:\Program Files\eBay
[20/05/2006|19:27] C:\Program Files\eMule
[10/06/2008|21:36] C:\Program Files\ESET
[27/06/2007|19:20] C:\Program Files\ETAJV PC
[23/01/2005|11:52] C:\Program Files\Fichiers communs
[02/05/2008|20:01] C:\Program Files\Free Audio Pack
[09/07/2007|16:10] C:\Program Files\F-Secure Internet Security
[11/09/2007|19:37] C:\Program Files\GEOGRAPHIE
[16/06/2006|20:43] C:\Program Files\Google
[09/08/2007|15:22] C:\Program Files\Grisoft
[23/06/2008|20:20] C:\Program Files\HLSW
[07/11/2007|13:36] C:\Program Files\ICQToolbar
[23/01/2005|12:07] C:\Program Files\InstallShield Installation Information
[02/08/2006|20:30] C:\Program Files\InterActual
[23/01/2005|11:56] C:\Program Files\Internet Explorer
[03/05/2008|09:45] C:\Program Files\iPod
[03/05/2008|09:45] C:\Program Files\iTunes
[22/03/2006|08:39] C:\Program Files\Java
[16/02/2008|12:49] C:\Program Files\Labtec
[08/02/2008|23:04] C:\Program Files\Lecteur CANALPLAY
[15/12/2007|19:23] C:\Program Files\Logitech
[13/01/2009|23:29] C:\Program Files\Luxor 3
[02/01/2009|11:54] C:\Program Files\Luxor Amun Rising
[27/06/2007|18:46] C:\Program Files\Maxis
[11/08/2007|23:38] C:\Program Files\Média-Kit
[23/01/2005|11:55] C:\Program Files\Messenger
[05/03/2007|18:59] C:\Program Files\Messenger Plus! Live
[20/05/2006|16:19] C:\Program Files\MessengerPlus! 3
[24/03/2009|21:09] C:\Program Files\Microsoft
[12/04/2008|23:51] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[23/01/2005|11:58] C:\Program Files\microsoft frontpage
[07/12/2006|20:51] C:\Program Files\Microsoft Office
[24/03/2009|21:12] C:\Program Files\Microsoft Silverlight
[24/03/2009|21:11] C:\Program Files\Microsoft SQL Server Compact Edition
[23/01/2005|11:56] C:\Program Files\Movie Maker
[21/11/2008|19:48] C:\Program Files\Mozilla Firefox
[30/05/2008|10:36] C:\Program Files\MPEGTOAVI
[23/01/2005|11:55] C:\Program Files\MSN
[23/01/2005|11:55] C:\Program Files\MSN Gaming Zone
[20/05/2006|16:51] C:\Program Files\MSN Messenger
[17/02/2008|21:28] C:\Program Files\MSXML 4.0
[20/03/2009|10:39] C:\Program Files\Mumble
[12/08/2007|21:59] C:\Program Files\Namo
[10/06/2008|22:33] C:\Program Files\Navilog1
[30/05/2008|10:43] C:\Program Files\NCH Software
[25/04/2008|20:54] C:\Program Files\Nero
[23/01/2005|11:56] C:\Program Files\NetMeeting
[23/01/2005|12:11] C:\Program Files\NewTech Infosystems
[16/11/2007|13:08] C:\Program Files\Norton Security Scan
[08/07/2007|15:26] C:\Program Files\Nvu
[13/05/2007|12:48] C:\Program Files\Oberon Media
[23/01/2005|11:55] C:\Program Files\Online Services
[20/05/2006|18:53] C:\Program Files\OpenOffice.org 2.0
[04/02/2008|15:06] C:\Program Files\Opera
[23/01/2005|11:56] C:\Program Files\Outlook Express
[21/07/2008|20:55] C:\Program Files\Pinnacle
[12/08/2007|21:43] C:\Program Files\Popims
[03/05/2008|09:43] C:\Program Files\QuickTime
[23/03/2007|21:04] C:\Program Files\Real
[16/09/2007|18:03] C:\Program Files\Realtek AC97
[05/12/2006|13:34] C:\Program Files\SAGEM
[30/05/2008|12:57] C:\Program Files\Satsuki Decoder Pack
[23/01/2005|11:57] C:\Program Files\Services en ligne
[26/06/2007|17:15] C:\Program Files\SimCity 4
[21/07/2008|21:03] C:\Program Files\SmartSound Software
[31/10/2007|20:49] C:\Program Files\Spybot - Search & Destroy
[19/05/2007|14:50] C:\Program Files\Stardock
[15/09/2007|21:11] C:\Program Files\Steam
[01/02/2009|16:15] C:\Program Files\SubSync
[24/10/2008|12:56] C:\Program Files\Sun
[01/04/2008|17:15] C:\Program Files\Teamspeak2_RC2
[13/12/2008|13:54] C:\Program Files\TimeAdjuster
[01/11/2007|13:05] C:\Program Files\Trend Micro
[17/05/2008|10:26] C:\Program Files\TSO
[23/01/2005|12:07] C:\Program Files\Uninstall Information
[01/02/2009|16:31] C:\Program Files\URUSoft
[07/02/2008|20:00] C:\Program Files\uTorrent
[05/12/2008|16:36] C:\Program Files\VDOWNLOADER
[16/10/2007|12:11] C:\Program Files\VideoLAN
[18/03/2008|16:33] C:\Program Files\Western Digital
[18/03/2008|16:29] C:\Program Files\Western Digital Technologies
[11/04/2008|10:07] C:\Program Files\Windows Live
[02/03/2007|15:16] C:\Program Files\Windows Live Safety Center
[24/03/2009|21:09] C:\Program Files\Windows Live SkyDrive
[31/12/2006|12:57] C:\Program Files\Windows Media Connect 2
[23/01/2005|11:55] C:\Program Files\Windows Media Player
[23/01/2005|11:55] C:\Program Files\Windows NT
[23/01/2005|11:57] C:\Program Files\WindowsUpdate
[26/07/2006|23:00] C:\Program Files\WinRAR
[03/06/2006|13:32] C:\Program Files\WinZip
[23/01/2005|11:58] C:\Program Files\xerox
[21/11/2008|18:09] C:\Program Files\Yahoo!
[01/01/2009|22:51] C:\Program Files\Zylom Games
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[23/01/2005|12:10] C:\Program Files\Fichiers communs\Adobe
[05/05/2008|20:01] C:\Program Files\Fichiers communs\Adobe Systems Shared
[14/06/2008|15:35] C:\Program Files\Fichiers communs\AIPTEK HD-DV
[18/01/2008|11:58] C:\Program Files\Fichiers communs\Apple
[22/03/2006|08:41] C:\Program Files\Fichiers communs\ArcSoft
[27/10/2007|14:02] C:\Program Files\Fichiers communs\BitDefender
[09/07/2006|17:17] C:\Program Files\Fichiers communs\BOONTY Shared
[30/11/2006|17:21] C:\Program Files\Fichiers communs\Caere
[07/12/2006|20:51] C:\Program Files\Fichiers communs\Designer
[23/01/2005|12:05] C:\Program Files\Fichiers communs\InstallShield
[22/03/2006|08:39] C:\Program Files\Fichiers communs\Java
[16/02/2008|12:51] C:\Program Files\Fichiers communs\Labtec
[16/02/2008|12:50] C:\Program Files\Fichiers communs\LogiShrd
[15/04/2007|21:14] C:\Program Files\Fichiers communs\Logitech
[23/01/2005|11:52] C:\Program Files\Fichiers communs\Microsoft Shared
[23/01/2005|11:56] C:\Program Files\Fichiers communs\MSSoap
[23/01/2005|12:12] C:\Program Files\Fichiers communs\muvee Technologies
[25/04/2008|20:54] C:\Program Files\Fichiers communs\Nero
[23/01/2005|12:11] C:\Program Files\Fichiers communs\NewTech Infosystems
[26/04/2007|20:33] C:\Program Files\Fichiers communs\NSV
[23/01/2005|11:52] C:\Program Files\Fichiers communs\ODBC
[30/04/2008|16:27] C:\Program Files\Fichiers communs\PocketSoft
[23/03/2007|21:04] C:\Program Files\Fichiers communs\Real
[23/01/2005|11:56] C:\Program Files\Fichiers communs\Services
[16/08/2007|22:28] C:\Program Files\Fichiers communs\Softwin
[23/01/2005|11:52] C:\Program Files\Fichiers communs\SpeechEngines
[16/11/2007|14:47] C:\Program Files\Fichiers communs\Symantec Shared
[23/01/2005|11:56] C:\Program Files\Fichiers communs\System
[24/03/2009|21:02] C:\Program Files\Fichiers communs\Windows Live
[11/04/2008|10:07] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[23/03/2007|21:04] C:\Program Files\Fichiers communs\xing shared
--------------------\\ Process
( 34 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOCUME~1\sam\Cookies\sam@advertising[3].txt
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-28 11:22:41
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\sam\Application Data\uTorrent\Adobe.Photoshop.CS2.v9.0.1.FR.Incl-Crack.et.Keygen.rar.torrent
C:\DOCUME~1\sam\Application Data\uTorrent\Avast AntiVirus PRO Edition v4.8.1169 + Keygen + 9 Serials.torrent
[F:19][D:7]-> C:\DOCUME~1\sam\LOCALS~1\Temp
[F:217][D:0]-> C:\DOCUME~1\sam\Cookies
[F:6248][D:8]-> C:\DOCUME~1\sam\LOCALS~1\TEMPOR~1\content.IE5
[F:3][D:0]-> C:\Recycled
1 - "C:\Lop SD\LopR_1.txt" - 27/04/2009|21:52 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 28/04/2009|11:22 - Option : [2]
--------------------\\ Fin du rapport a 11:22:58
merci
