Interpretation hijackthis
Fermé
Franck92
Messages postés
7
Date d'inscription
vendredi 6 janvier 2006
Statut
Membre
Dernière intervention
25 janvier 2006
-
6 janv. 2006 à 23:04
aranjuez31 Messages postés 8052 Date d'inscription lundi 7 novembre 2005 Statut Contributeur Dernière intervention 9 juillet 2006 - 25 janv. 2006 à 23:07
aranjuez31 Messages postés 8052 Date d'inscription lundi 7 novembre 2005 Statut Contributeur Dernière intervention 9 juillet 2006 - 25 janv. 2006 à 23:07
A voir également:
- Interpretation hijackthis
- Hijackthis windows 10 - Télécharger - Antivirus & Antimalwares
- HIJACKTHIS tutorial ✓ - Forum Logiciels
- Hijackthis analyse - Forum Virus
- Télécharger logiciel astrologie gratuit avec interprétation - Forum Logiciels
- Interprétation des Reves. - Forum Loisirs / Divertissements
8 réponses
Kristopher
Messages postés
3731
Date d'inscription
vendredi 18 novembre 2005
Statut
Contributeur
Dernière intervention
10 juillet 2009
106
6 janv. 2006 à 23:12
6 janv. 2006 à 23:12
Bonsoir,
-Fais toutes les mises à jour via Windows update : http://www.windowsupdate.com
-Télécharge CCleaner et lance le Nettoyeur uniquement : http://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
-Scanne ton PC avec cet antivirus en ligne : http://www.pandasoftware.com/activescan/fr/activescan_principal.htm
Tu peux également télécharger le logiciel SmitfraudFix crée par les pros de ce forum :)
http://siri.urz.free.fr/Fix/SmitfraudFix.zip et décompresse le.
- Exécute le, Double clic sur "Smitfraudfix.cmd", choisit l’option 1, il va générer un rapport.
Copie et colle le sur le poste
Ensuite
Fais cette manipulation :
- Redémarre le PC en mode sans échec : tu tapotes sur la touche F8 de ton clavier (ou bien F5 selon la version de Windows) et tu choisis le mode sans échec)
- Tu relances SmitfraudFix cette fois-ci en choisissant l'option 2 et tu réponds oui à tout.
Colle le nouveau rapport ensuite.
Bonne Nuit zzZZzz
-Fais toutes les mises à jour via Windows update : http://www.windowsupdate.com
-Télécharge CCleaner et lance le Nettoyeur uniquement : http://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
-Scanne ton PC avec cet antivirus en ligne : http://www.pandasoftware.com/activescan/fr/activescan_principal.htm
Tu peux également télécharger le logiciel SmitfraudFix crée par les pros de ce forum :)
http://siri.urz.free.fr/Fix/SmitfraudFix.zip et décompresse le.
- Exécute le, Double clic sur "Smitfraudfix.cmd", choisit l’option 1, il va générer un rapport.
Copie et colle le sur le poste
Ensuite
Fais cette manipulation :
- Redémarre le PC en mode sans échec : tu tapotes sur la touche F8 de ton clavier (ou bien F5 selon la version de Windows) et tu choisis le mode sans échec)
- Tu relances SmitfraudFix cette fois-ci en choisissant l'option 2 et tu réponds oui à tout.
Colle le nouveau rapport ensuite.
Bonne Nuit zzZZzz
aranjuez31
Messages postés
8052
Date d'inscription
lundi 7 novembre 2005
Statut
Contributeur
Dernière intervention
9 juillet 2006
354
7 janv. 2006 à 01:02
7 janv. 2006 à 01:02
bsr
d'autres devoirs à faire
les m'thodes que tout internaute se doit de posséder
avant log hijackthis1 - avoir 1 seul antivirus & 1 seul pare-feu (à jour)
2 - éviter les sites warez , p.t.p, msn, etc....
3 - être à jour de WindowsUpdate
4 - dégragmenter réguliérement (évite lenteur)
5 - n'avoir que p-f et av au démarrage ( évite lenteur)
6 - nettoyer réguliérement avec
Ad-Aware (gratuit) :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/11643.html
Le patch en Français pour Ad-Aware (gratuit) :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/25543.html
Spybot (gratuit) :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/26157.html
a-squared
http://www.emsisoft.net/fr/software/download/
ewido (dowload)
http://www.ewido.net/fr/download/
spycatcher express free
http://www.tenebril.com/downloads/
regcleaner ( nettoyeur de registre)
http://www.01net.com/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/4894.html
- et cleanup40 (nettoyeur de cookies+temps+tempos+prefetch+historique+etc..)
http://pageperso.aol.fr/balltrap34/democleanup.htm
¤Télécharger CleanUp40 (qui élimine les fichiers temporaires) sur ce lien : http://pageperso.aol.fr/Balltrap34/CleanUp40.exe
7 - scanner online de tps à autre pour contrôle
http://assiste.free.fr/p/antivirus_gratuits_en_ligne/antivirus_en_ligne.php
8 - se souvenir que se croire bien protégé est une utopie
9 - lire et relire les bibles
http://assiste.free.fr/index.html
http://sebsauvage.net/safehex.html
______
qd tu auras fait cela relance un hijack
d'autres devoirs à faire
les m'thodes que tout internaute se doit de posséder
avant log hijackthis1 - avoir 1 seul antivirus & 1 seul pare-feu (à jour)
2 - éviter les sites warez , p.t.p, msn, etc....
3 - être à jour de WindowsUpdate
4 - dégragmenter réguliérement (évite lenteur)
5 - n'avoir que p-f et av au démarrage ( évite lenteur)
6 - nettoyer réguliérement avec
Ad-Aware (gratuit) :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/11643.html
Le patch en Français pour Ad-Aware (gratuit) :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/25543.html
Spybot (gratuit) :
http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/26157.html
a-squared
http://www.emsisoft.net/fr/software/download/
ewido (dowload)
http://www.ewido.net/fr/download/
spycatcher express free
http://www.tenebril.com/downloads/
regcleaner ( nettoyeur de registre)
http://www.01net.com/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/4894.html
- et cleanup40 (nettoyeur de cookies+temps+tempos+prefetch+historique+etc..)
http://pageperso.aol.fr/balltrap34/democleanup.htm
¤Télécharger CleanUp40 (qui élimine les fichiers temporaires) sur ce lien : http://pageperso.aol.fr/Balltrap34/CleanUp40.exe
7 - scanner online de tps à autre pour contrôle
http://assiste.free.fr/p/antivirus_gratuits_en_ligne/antivirus_en_ligne.php
8 - se souvenir que se croire bien protégé est une utopie
9 - lire et relire les bibles
http://assiste.free.fr/index.html
http://sebsauvage.net/safehex.html
______
qd tu auras fait cela relance un hijack
jpdeclermont
Messages postés
1790
Date d'inscription
mercredi 7 décembre 2005
Statut
Membre
Dernière intervention
3 septembre 2006
382
7 janv. 2006 à 01:12
7 janv. 2006 à 01:12
bonsoir,
encore un client pour l'Ukraine :))
-------------------------------
... WinErr 01B : Erreur illégale - Windows ne vous a pas autorisé à avoir cette erreur
encore un client pour l'Ukraine :))
-------------------------------
... WinErr 01B : Erreur illégale - Windows ne vous a pas autorisé à avoir cette erreur
aranjuez31
Messages postés
8052
Date d'inscription
lundi 7 novembre 2005
Statut
Contributeur
Dernière intervention
9 juillet 2006
354
10 janv. 2006 à 02:17
10 janv. 2006 à 02:17
bsr
fixe ces 016 pour le plaisir
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
et celles-ci pour t'eviter l'Ukraine (dixit le clermontois)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A44F261-BF77-415A-9BB3-9748457B97D4}: NameServer = 85.255.114.93,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EFBAB3C-82C7-4FF9-AE2C-3573D94CC67D}: NameServer = 85.255.114.93,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{9665B43E-646B-4167-B54D-999D8E49209D}: NameServer = 85.255.114.93,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E8F2670-9C6F-4F21-BB8C-32861F855686}: NameServer = 85.255.114.93,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8A1218B-F99C-45D5-BBEE-B3712BDA729D}: NameServer = 85.255.114.93 85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB5A3504-96BF-4148-80DF-ECB50EF31CF9}: NameServer = 85.255.114.93,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF9FD69F-78C0-4E04-BA2A-B73E6A32DBBA}: NameServer = 85.255.114.93,85.255.112.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{3A44F261-BF77-415A-9BB3-9748457B97D4}: NameServer = 85.255.114.93,85.255.112.6
O17 - HKLM\System\CS2\Services\Tcpip\..\{3A44F261-BF77-415A-9BB3-9748457B97D4}: NameServer = 85.255.114.93,85.255.112.6
fixe ces 016 pour le plaisir
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
et celles-ci pour t'eviter l'Ukraine (dixit le clermontois)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A44F261-BF77-415A-9BB3-9748457B97D4}: NameServer = 85.255.114.93,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EFBAB3C-82C7-4FF9-AE2C-3573D94CC67D}: NameServer = 85.255.114.93,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{9665B43E-646B-4167-B54D-999D8E49209D}: NameServer = 85.255.114.93,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E8F2670-9C6F-4F21-BB8C-32861F855686}: NameServer = 85.255.114.93,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8A1218B-F99C-45D5-BBEE-B3712BDA729D}: NameServer = 85.255.114.93 85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB5A3504-96BF-4148-80DF-ECB50EF31CF9}: NameServer = 85.255.114.93,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF9FD69F-78C0-4E04-BA2A-B73E6A32DBBA}: NameServer = 85.255.114.93,85.255.112.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{3A44F261-BF77-415A-9BB3-9748457B97D4}: NameServer = 85.255.114.93,85.255.112.6
O17 - HKLM\System\CS2\Services\Tcpip\..\{3A44F261-BF77-415A-9BB3-9748457B97D4}: NameServer = 85.255.114.93,85.255.112.6
Franck92
Messages postés
7
Date d'inscription
vendredi 6 janvier 2006
Statut
Membre
Dernière intervention
25 janvier 2006
11 janv. 2006 à 23:05
11 janv. 2006 à 23:05
Bonsoir aranjuez31,
Pour ma culture, à quoi correspondent ces 017 qui peuvent "me valoir l'ukraine?"
En tout cas merci pour votre aide
Pour ma culture, à quoi correspondent ces 017 qui peuvent "me valoir l'ukraine?"
En tout cas merci pour votre aide
Kristopher
Messages postés
3731
Date d'inscription
vendredi 18 novembre 2005
Statut
Contributeur
Dernière intervention
10 juillet 2009
106
>
Franck92
Messages postés
7
Date d'inscription
vendredi 6 janvier 2006
Statut
Membre
Dernière intervention
25 janvier 2006
11 janv. 2006 à 23:20
11 janv. 2006 à 23:20
Bonsoir Franck92,
Les lignes O17 correspondent aux Pirates du domaine Lop.com
Tu trouvera plus d'info ici : http://www.zebulon.fr/articles/HijackThis.php
++
Les lignes O17 correspondent aux Pirates du domaine Lop.com
Tu trouvera plus d'info ici : http://www.zebulon.fr/articles/HijackThis.php
++
aranjuez31
Messages postés
8052
Date d'inscription
lundi 7 novembre 2005
Statut
Contributeur
Dernière intervention
9 juillet 2006
354
12 janv. 2006 à 03:09
12 janv. 2006 à 03:09
bsr
il faut être prudent avec les 017, si les derniéres précitées désignent bien un serveur dns basé en ukra, il faut savoir reconnaître les ip du fai utilisé pour ne pas couper la connection internet du "client"
bon je ne vais pas faire un cours ici .....
il faut être prudent avec les 017, si les derniéres précitées désignent bien un serveur dns basé en ukra, il faut savoir reconnaître les ip du fai utilisé pour ne pas couper la connection internet du "client"
bon je ne vais pas faire un cours ici .....
Franck92
Messages postés
7
Date d'inscription
vendredi 6 janvier 2006
Statut
Membre
Dernière intervention
25 janvier 2006
17 janv. 2006 à 21:12
17 janv. 2006 à 21:12
Merci aranjuez31 pour les infos.
En fait, effectivement quand je supprime tous les 017, je n'ai plus accés à internet.
Dois je les tester 1 par 1?
Sinon, j'ai maintenant installé Firefox comme navigateur, et jusqu'à présent (je touche du bois!!), plus de redirection intempestive depuis Google....
Sinon, toujours mon pb avec l'explorateur windows: soit ca plante, soit ca dure des plombes pour creer un nouveau dossier.
En fait, effectivement quand je supprime tous les 017, je n'ai plus accés à internet.
Dois je les tester 1 par 1?
Sinon, j'ai maintenant installé Firefox comme navigateur, et jusqu'à présent (je touche du bois!!), plus de redirection intempestive depuis Google....
Sinon, toujours mon pb avec l'explorateur windows: soit ca plante, soit ca dure des plombes pour creer un nouveau dossier.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
aranjuez31
Messages postés
8052
Date d'inscription
lundi 7 novembre 2005
Statut
Contributeur
Dernière intervention
9 juillet 2006
354
18 janv. 2006 à 00:41
18 janv. 2006 à 00:41
bonsoir franck
on te croyait mort
scan et colle rapport de
ewido (dowload)
http://www.ewido.net/fr/download/
ton hijac est trop vieux, il faut en remettre un nouveau
on te croyait mort
scan et colle rapport de
ewido (dowload)
http://www.ewido.net/fr/download/
ton hijac est trop vieux, il faut en remettre un nouveau
Franck92
Messages postés
7
Date d'inscription
vendredi 6 janvier 2006
Statut
Membre
Dernière intervention
25 janvier 2006
18 janv. 2006 à 22:13
18 janv. 2006 à 22:13
aranjuez31
Ben non pas mort, mais occupé!
ci dessous, rapport Ewido
ewido anti-malware - Rapport de scan
---------------------------------------------------------
+ Créé le: 22:06:04, 18/01/2006
+ Somme de contrôle: 9D73C8A1
+ Résultats du scan:
[980] VM_03530000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[1012] VM_00DA0000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[1184] VM_009E0000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[3208] VM_00980000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[3268] VM_00A90000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[3280] VM_00920000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[3360] VM_009A0000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[3368] VM_00A20000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[3380] VM_00910000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[3408] VM_009D0000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[3568] VM_00900000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[3588] VM_00A20000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[3596] VM_00970000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[3640] VM_00B40000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[3688] VM_003B0000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[3736] VM_009B0000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[3768] VM_00E30000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[2136] VM_003F0000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[2148] VM_00870000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[2316] VM_00870000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[460] VM_00D40000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[2416] VM_00380000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[552] VM_00B80000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[1304] VM_003D0000 -> Downloader.Agent.uj : Erreur durant le nettoyage
C:\Documents and Settings\Franck\Cookies\franck@adtech[2].txt -> Spyware.Cookie.Adtech : Nettoyer et sauvegarder
C:\Documents and Settings\Franck\Cookies\franck@estat[1].txt -> Spyware.Cookie.Estat : Nettoyer et sauvegarder
C:\Documents and Settings\Franck\Cookies\franck@wreport.weborama[1].txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder
C:\Documents and Settings\Franck\Cookies\franck@www.smartadserver[1].txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder
C:\Documents and Settings\Franck\Cookies\franck@findwhat[1].txt -> Spyware.Cookie.Findwhat : Nettoyer et sauvegarder
C:\Documents and Settings\Franck\Cookies\franck@weborama[2].txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder
:mozilla.9:C:\Documents and Settings\Franck\Application Data\Mozilla\Firefox\Profiles\e8ve6nwu.default\cookies.txt -> Spyware.Cookie.247realmedia : Nettoyer et sauvegarder
:mozilla.25:C:\Documents and Settings\Franck\Application Data\Mozilla\Firefox\Profiles\e8ve6nwu.default\cookies.txt -> Spyware.Cookie.Doubleclick : Nettoyer et sauvegarder
:mozilla.26:C:\Documents and Settings\Franck\Application Data\Mozilla\Firefox\Profiles\e8ve6nwu.default\cookies.txt -> Spyware.Cookie.Mediaplex : Nettoyer et sauvegarder
:mozilla.27:C:\Documents and Settings\Franck\Application Data\Mozilla\Firefox\Profiles\e8ve6nwu.default\cookies.txt -> Spyware.Cookie.Doubleclick : Nettoyer et sauvegarder
:mozilla.7:C:\Documents and Settings\Catherine\Application Data\Mozilla\Firefox\Profiles\oohlbf3r.default\cookies.txt -> Spyware.Cookie.Doubleclick : Nettoyer et sauvegarder
:mozilla.9:C:\Documents and Settings\Catherine\Application Data\Mozilla\Firefox\Profiles\oohlbf3r.default\cookies.txt -> Spyware.Cookie.Adtech : Nettoyer et sauvegarder
:mozilla.10:C:\Documents and Settings\Catherine\Application Data\Mozilla\Firefox\Profiles\oohlbf3r.default\cookies.txt -> Spyware.Cookie.Adtech : Nettoyer et sauvegarder
:mozilla.12:C:\Documents and Settings\Catherine\Application Data\Mozilla\Firefox\Profiles\oohlbf3r.default\cookies.txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder
:mozilla.13:C:\Documents and Settings\Catherine\Application Data\Mozilla\Firefox\Profiles\oohlbf3r.default\cookies.txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder
:mozilla.14:C:\Documents and Settings\Catherine\Application Data\Mozilla\Firefox\Profiles\oohlbf3r.default\cookies.txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder
::Fin du rapport
et un petit hijackthis pour la route!!!!
Logfile of HijackThis v1.99.1
Scan saved at 22:08:35, on 18/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Aspire Arcade\PCMService.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Utilitaire de gestion du LAN Wifi IEEE 802.11g\WlanUtl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Franck\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Aspire Arcade\PCMService.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MONITER] DCC_send.exe
O4 - HKLM\..\Run: [pizda] panel_its.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SAPSTR] slamm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A44F261-BF77-415A-9BB3-9748457B97D4}: NameServer = 85.255.114.93,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EFBAB3C-82C7-4FF9-AE2C-3573D94CC67D}: NameServer = 85.255.114.93,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{9665B43E-646B-4167-B54D-999D8E49209D}: NameServer = 85.255.114.93,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E8F2670-9C6F-4F21-BB8C-32861F855686}: NameServer = 85.255.114.93,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8A1218B-F99C-45D5-BBEE-B3712BDA729D}: NameServer = 85.255.114.93 85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB5A3504-96BF-4148-80DF-ECB50EF31CF9}: NameServer = 85.255.114.93,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF9FD69F-78C0-4E04-BA2A-B73E6A32DBBA}: NameServer = 85.255.114.93,85.255.112.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{3A44F261-BF77-415A-9BB3-9748457B97D4}: NameServer = 85.255.114.93,85.255.112.6
O17 - HKLM\System\CS2\Services\Tcpip\..\{3A44F261-BF77-415A-9BB3-9748457B97D4}: NameServer = 85.255.114.93,85.255.112.6
O18 - Protocol: bw+0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Merci de ta patience pour mon pb.
J'envisage une réinstallation de XP, mais si je peux eviter!
Ben non pas mort, mais occupé!
ci dessous, rapport Ewido
ewido anti-malware - Rapport de scan
---------------------------------------------------------
+ Créé le: 22:06:04, 18/01/2006
+ Somme de contrôle: 9D73C8A1
+ Résultats du scan:
[980] VM_03530000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[1012] VM_00DA0000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[1184] VM_009E0000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[3208] VM_00980000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[3268] VM_00A90000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[3280] VM_00920000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[3360] VM_009A0000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[3368] VM_00A20000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[3380] VM_00910000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[3408] VM_009D0000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[3568] VM_00900000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[3588] VM_00A20000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[3596] VM_00970000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[3640] VM_00B40000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[3688] VM_003B0000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[3736] VM_009B0000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[3768] VM_00E30000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[2136] VM_003F0000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[2148] VM_00870000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[2316] VM_00870000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[460] VM_00D40000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[2416] VM_00380000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[552] VM_00B80000 -> Downloader.Agent.uj : Erreur durant le nettoyage
[1304] VM_003D0000 -> Downloader.Agent.uj : Erreur durant le nettoyage
C:\Documents and Settings\Franck\Cookies\franck@adtech[2].txt -> Spyware.Cookie.Adtech : Nettoyer et sauvegarder
C:\Documents and Settings\Franck\Cookies\franck@estat[1].txt -> Spyware.Cookie.Estat : Nettoyer et sauvegarder
C:\Documents and Settings\Franck\Cookies\franck@wreport.weborama[1].txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder
C:\Documents and Settings\Franck\Cookies\franck@www.smartadserver[1].txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder
C:\Documents and Settings\Franck\Cookies\franck@findwhat[1].txt -> Spyware.Cookie.Findwhat : Nettoyer et sauvegarder
C:\Documents and Settings\Franck\Cookies\franck@weborama[2].txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder
:mozilla.9:C:\Documents and Settings\Franck\Application Data\Mozilla\Firefox\Profiles\e8ve6nwu.default\cookies.txt -> Spyware.Cookie.247realmedia : Nettoyer et sauvegarder
:mozilla.25:C:\Documents and Settings\Franck\Application Data\Mozilla\Firefox\Profiles\e8ve6nwu.default\cookies.txt -> Spyware.Cookie.Doubleclick : Nettoyer et sauvegarder
:mozilla.26:C:\Documents and Settings\Franck\Application Data\Mozilla\Firefox\Profiles\e8ve6nwu.default\cookies.txt -> Spyware.Cookie.Mediaplex : Nettoyer et sauvegarder
:mozilla.27:C:\Documents and Settings\Franck\Application Data\Mozilla\Firefox\Profiles\e8ve6nwu.default\cookies.txt -> Spyware.Cookie.Doubleclick : Nettoyer et sauvegarder
:mozilla.7:C:\Documents and Settings\Catherine\Application Data\Mozilla\Firefox\Profiles\oohlbf3r.default\cookies.txt -> Spyware.Cookie.Doubleclick : Nettoyer et sauvegarder
:mozilla.9:C:\Documents and Settings\Catherine\Application Data\Mozilla\Firefox\Profiles\oohlbf3r.default\cookies.txt -> Spyware.Cookie.Adtech : Nettoyer et sauvegarder
:mozilla.10:C:\Documents and Settings\Catherine\Application Data\Mozilla\Firefox\Profiles\oohlbf3r.default\cookies.txt -> Spyware.Cookie.Adtech : Nettoyer et sauvegarder
:mozilla.12:C:\Documents and Settings\Catherine\Application Data\Mozilla\Firefox\Profiles\oohlbf3r.default\cookies.txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder
:mozilla.13:C:\Documents and Settings\Catherine\Application Data\Mozilla\Firefox\Profiles\oohlbf3r.default\cookies.txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder
:mozilla.14:C:\Documents and Settings\Catherine\Application Data\Mozilla\Firefox\Profiles\oohlbf3r.default\cookies.txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder
::Fin du rapport
et un petit hijackthis pour la route!!!!
Logfile of HijackThis v1.99.1
Scan saved at 22:08:35, on 18/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Aspire Arcade\PCMService.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Utilitaire de gestion du LAN Wifi IEEE 802.11g\WlanUtl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Franck\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Aspire Arcade\PCMService.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MONITER] DCC_send.exe
O4 - HKLM\..\Run: [pizda] panel_its.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SAPSTR] slamm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A44F261-BF77-415A-9BB3-9748457B97D4}: NameServer = 85.255.114.93,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EFBAB3C-82C7-4FF9-AE2C-3573D94CC67D}: NameServer = 85.255.114.93,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{9665B43E-646B-4167-B54D-999D8E49209D}: NameServer = 85.255.114.93,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E8F2670-9C6F-4F21-BB8C-32861F855686}: NameServer = 85.255.114.93,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8A1218B-F99C-45D5-BBEE-B3712BDA729D}: NameServer = 85.255.114.93 85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB5A3504-96BF-4148-80DF-ECB50EF31CF9}: NameServer = 85.255.114.93,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF9FD69F-78C0-4E04-BA2A-B73E6A32DBBA}: NameServer = 85.255.114.93,85.255.112.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{3A44F261-BF77-415A-9BB3-9748457B97D4}: NameServer = 85.255.114.93,85.255.112.6
O17 - HKLM\System\CS2\Services\Tcpip\..\{3A44F261-BF77-415A-9BB3-9748457B97D4}: NameServer = 85.255.114.93,85.255.112.6
O18 - Protocol: bw+0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {D8CB14F9-C471-4FDB-97A7-309905504B0E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Merci de ta patience pour mon pb.
J'envisage une réinstallation de XP, mais si je peux eviter!
aranjuez31
Messages postés
8052
Date d'inscription
lundi 7 novembre 2005
Statut
Contributeur
Dernière intervention
9 juillet 2006
354
18 janv. 2006 à 23:07
18 janv. 2006 à 23:07
bjr
qu il est long ton
ya tjrs ces 017 ukrainiennes qui ne sont pas bonnes
utilise- tu apache ?
-------
ce "" Downloader.Agent.uj "" me cause blem
-------
Telecharge ceci
http://www.silentrunners.org/Silent%20Runners.vbs
Execute le,atends quelques minutes, il va creer ensuite un dossier juste a coté de silent runner sous format texte, copie/colle ce qu il te donnera
qu il est long ton
ya tjrs ces 017 ukrainiennes qui ne sont pas bonnes
utilise- tu apache ?
-------
ce "" Downloader.Agent.uj "" me cause blem
-------
Telecharge ceci
http://www.silentrunners.org/Silent%20Runners.vbs
Execute le,atends quelques minutes, il va creer ensuite un dossier juste a coté de silent runner sous format texte, copie/colle ce qu il te donnera
Franck92
Messages postés
7
Date d'inscription
vendredi 6 janvier 2006
Statut
Membre
Dernière intervention
25 janvier 2006
24 janv. 2006 à 22:57
24 janv. 2006 à 22:57
Bonsoir aranjuez31
Je n'utilise pas apache (en tout cas, aps à ma connaissance).
J'ai telechargé silentrunners comme tu me l'as conseillé.
Quand je veux l'executer, Norton se met en branle en m'indiquant un script malveillant: que dois je faire
Merci
Je n'utilise pas apache (en tout cas, aps à ma connaissance).
J'ai telechargé silentrunners comme tu me l'as conseillé.
Quand je veux l'executer, Norton se met en branle en m'indiquant un script malveillant: que dois je faire
Merci
aranjuez31
Messages postés
8052
Date d'inscription
lundi 7 novembre 2005
Statut
Contributeur
Dernière intervention
9 juillet 2006
354
25 janv. 2006 à 00:39
25 janv. 2006 à 00:39
hello
si ton fai n'est pas en biélorussie
preuve
http://www.dnsstuff.com/tools/whois.ch?ip=85.255.114.93
tu fixes ttes les 017
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A44F261-BF77-415A-9BB3-9748457B97D4}: NameServer = 85.255.114.93,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EFBAB3C-82C7-4FF9-AE2C-3573D94CC67D}: NameServer = 85.255.114.93,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{9665B43E-646B-4167-B54D-999D8E49209D}: NameServer = 85.255.114.93,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E8F2670-9C6F-4F21-BB8C-32861F855686}: NameServer = 85.255.114.93,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8A1218B-F99C-45D5-BBEE-B3712BDA729D}: NameServer = 85.255.114.93 85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB5A3504-96BF-4148-80DF-ECB50EF31CF9}: NameServer = 85.255.114.93,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF9FD69F-78C0-4E04-BA2A-B73E6A32DBBA}: NameServer = 85.255.114.93,85.255.112.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{3A44F261-BF77-415A-9BB3-9748457B97D4}: NameServer = 85.255.114.93,85.255.112.6
O17 - HKLM\System\CS2\Services\Tcpip\..\{3A44F261-BF77-415A-9BB3-9748457B97D4}: NameServer = 85.255.114.93,85.255.112.6
+
ttes les 016
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
-----------------
"""J'ai telechargé silentrunners comme tu me l'as conseillé.
Quand je veux l'executer, Norton se met en branle en m'indiquant un script malveillant: que dois je fa""""
pour exécuter SilentTrunner tu désactives Norton
fais le hors internet bien sur
si ton fai n'est pas en biélorussie
preuve
http://www.dnsstuff.com/tools/whois.ch?ip=85.255.114.93
tu fixes ttes les 017
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A44F261-BF77-415A-9BB3-9748457B97D4}: NameServer = 85.255.114.93,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EFBAB3C-82C7-4FF9-AE2C-3573D94CC67D}: NameServer = 85.255.114.93,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{9665B43E-646B-4167-B54D-999D8E49209D}: NameServer = 85.255.114.93,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E8F2670-9C6F-4F21-BB8C-32861F855686}: NameServer = 85.255.114.93,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8A1218B-F99C-45D5-BBEE-B3712BDA729D}: NameServer = 85.255.114.93 85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB5A3504-96BF-4148-80DF-ECB50EF31CF9}: NameServer = 85.255.114.93,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF9FD69F-78C0-4E04-BA2A-B73E6A32DBBA}: NameServer = 85.255.114.93,85.255.112.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{3A44F261-BF77-415A-9BB3-9748457B97D4}: NameServer = 85.255.114.93,85.255.112.6
O17 - HKLM\System\CS2\Services\Tcpip\..\{3A44F261-BF77-415A-9BB3-9748457B97D4}: NameServer = 85.255.114.93,85.255.112.6
+
ttes les 016
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
-----------------
"""J'ai telechargé silentrunners comme tu me l'as conseillé.
Quand je veux l'executer, Norton se met en branle en m'indiquant un script malveillant: que dois je fa""""
pour exécuter SilentTrunner tu désactives Norton
fais le hors internet bien sur
Franck92
Messages postés
7
Date d'inscription
vendredi 6 janvier 2006
Statut
Membre
Dernière intervention
25 janvier 2006
25 janv. 2006 à 22:25
25 janv. 2006 à 22:25
Bonsoir aranjuez31,
Bon alors j'ai executé silentrunners.
Je te mets le rapport ci dessous: c'est du chinois pour moi et cela me semble bien long!!!!!
Bon courage si tu en as encore pour essayer de trouver ce qui cloche sur mon PC
"Silent Runners.vbs", revision 43, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"LDM" = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" ["Logitech"]
"SAPSTR" = "slamm.exe" [file not found]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SynTPLpr" = "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."]
"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"LaunchAp" = "C:\Program Files\Launch Manager\LaunchAp.exe" [empty string]
"PowerKey" = ""C:\Program Files\Launch Manager\PowerKey.exe"" [empty string]
"LManager" = "C:\Program Files\Launch Manager\HotkeyApp.exe" ["Wistron"]
"CtrlVol" = "C:\Program Files\Launch Manager\CtrlVol.exe" ["Wistron"]
"LMgrOSD" = "C:\Program Files\Launch Manager\OSDCtrl.exe" [empty string]
"Wbutton" = ""C:\Program Files\Launch Manager\Wbutton.exe"" [empty string]
"PCMService" = ""C:\Program Files\Aspire Arcade\PCMService.exe"" ["CyberLink Corp."]
"VTTimer" = "VTTimer.exe" ["S3 Graphics, Inc."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"LtMoh" = "C:\Program Files\ltmoh\Ltmoh.exe" ["Agere Systems"]
"AudioDeck" = "C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1" ["VIA Technologies, Inc."]
"Logitech Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"MONITER" = "DCC_send.exe" [file not found]
"pizda" = "panel_its.exe" [file not found]
"gcasServ" = ""C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"" [MS]
"ccApp" = ""C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
"preload" = "C:\Windows\RUNXMLPL.exe" ["Wistron"]
"VTTrayp" = "VTtrayp.exe" ["S3 Graphics Co., Ltd."]
"RegistryMechanic" = (empty string)
"dmfvw.exe" = "C:\WINDOWS\system32\dmfvw.exe" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{9ECB9560-04F9-4bbc-943D-298DDF1699E1}\(Default) = "Norton Internet Security"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office\OLKFSTUB.DLL" [MS]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{52B87208-9CCF-42C9-B88E-069281105805}" = "Trojan Remover Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "blank" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [MS]
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\shellhook.dll" ["TODO: <Firmenname>"]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "System" = "csdtf.exe" [null data]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\context.dll" ["ewido networks"]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"
-> {CLSID}\InProcServer32\(Default) = "blank" [file not found]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\context.dll" ["ewido networks"]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"
-> {CLSID}\InProcServer32\(Default) = "blank" [file not found]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Franck\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Startup items in "Franck" & "All Users" startup folders:
--------------------------------------------------------
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
"Logitech SetPoint" -> shortcut to: "C:\Program Files\Logitech\SetPoint\KEM.exe" ["Logitech Inc."]
"Logitech Desktop Messenger" -> shortcut to: "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start" ["Logitech"]
Enabled Scheduled Tasks:
------------------------
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
"Norton AntiVirus - Analyser mon ordinateur - Franck" -> launches: "C:\PROGRA~1\NORTON~2\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 26
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Norton Internet Security" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Norton Internet Security"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\
"ButtonText" = "Spyware Doctor"
"CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" [file not found]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"
Missing lines (compared with English-language version):
[Strings]: 2 lines
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
ewido security suite control, ewido security suite control, "C:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"]
ewido security suite guard, ewido security suite guard, "C:\Program Files\ewido anti-malware\ewidoguard.exe" ["ewido networks"]
ISSvc, ISSVC, ""C:\Program Files\Norton Internet Security\ISSVC.exe"" ["Symantec Corporation"]
Notebook Manager Service, anbmService, "C:\Acer\eManager\anbmServ.exe" ["OSA Technologies Inc."]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
PC Tools Spyware Doctor, SDhelper, "C:\Program Files\Spyware Doctor\sdhelp.exe" ["PC Tools"]
Service Norton AntiVirus Auto-Protect, navapsvc, ""C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Symantec Core LC, Symantec Core LC, "C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, ""C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]
Symantec Network Proxy, ccProxy, ""C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Symantec SPBBCSvc, SPBBCSvc, ""C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 37 seconds, including 18 seconds for message boxes)
Encore merci pour ta patience!!!
Bon alors j'ai executé silentrunners.
Je te mets le rapport ci dessous: c'est du chinois pour moi et cela me semble bien long!!!!!
Bon courage si tu en as encore pour essayer de trouver ce qui cloche sur mon PC
"Silent Runners.vbs", revision 43, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"LDM" = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" ["Logitech"]
"SAPSTR" = "slamm.exe" [file not found]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SynTPLpr" = "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."]
"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"LaunchAp" = "C:\Program Files\Launch Manager\LaunchAp.exe" [empty string]
"PowerKey" = ""C:\Program Files\Launch Manager\PowerKey.exe"" [empty string]
"LManager" = "C:\Program Files\Launch Manager\HotkeyApp.exe" ["Wistron"]
"CtrlVol" = "C:\Program Files\Launch Manager\CtrlVol.exe" ["Wistron"]
"LMgrOSD" = "C:\Program Files\Launch Manager\OSDCtrl.exe" [empty string]
"Wbutton" = ""C:\Program Files\Launch Manager\Wbutton.exe"" [empty string]
"PCMService" = ""C:\Program Files\Aspire Arcade\PCMService.exe"" ["CyberLink Corp."]
"VTTimer" = "VTTimer.exe" ["S3 Graphics, Inc."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"LtMoh" = "C:\Program Files\ltmoh\Ltmoh.exe" ["Agere Systems"]
"AudioDeck" = "C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1" ["VIA Technologies, Inc."]
"Logitech Hardware Abstraction Layer" = "KHALMNPR.EXE" ["Logitech Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"MONITER" = "DCC_send.exe" [file not found]
"pizda" = "panel_its.exe" [file not found]
"gcasServ" = ""C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"" [MS]
"ccApp" = ""C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
"preload" = "C:\Windows\RUNXMLPL.exe" ["Wistron"]
"VTTrayp" = "VTtrayp.exe" ["S3 Graphics Co., Ltd."]
"RegistryMechanic" = (empty string)
"dmfvw.exe" = "C:\WINDOWS\system32\dmfvw.exe" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{9ECB9560-04F9-4bbc-943D-298DDF1699E1}\(Default) = "Norton Internet Security"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office\OLKFSTUB.DLL" [MS]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{52B87208-9CCF-42C9-B88E-069281105805}" = "Trojan Remover Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "blank" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [MS]
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\shellhook.dll" ["TODO: <Firmenname>"]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
INFECTION WARNING! "System" = "csdtf.exe" [null data]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\context.dll" ["ewido networks"]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"
-> {CLSID}\InProcServer32\(Default) = "blank" [file not found]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\context.dll" ["ewido networks"]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
Trojan Remover\(Default) = "{52B87208-9CCF-42C9-B88E-069281105805}"
-> {CLSID}\InProcServer32\(Default) = "blank" [file not found]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Franck\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Startup items in "Franck" & "All Users" startup folders:
--------------------------------------------------------
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
"Logitech SetPoint" -> shortcut to: "C:\Program Files\Logitech\SetPoint\KEM.exe" ["Logitech Inc."]
"Logitech Desktop Messenger" -> shortcut to: "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start" ["Logitech"]
Enabled Scheduled Tasks:
------------------------
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
"Norton AntiVirus - Analyser mon ordinateur - Franck" -> launches: "C:\PROGRA~1\NORTON~2\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 26
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Norton Internet Security" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Norton Internet Security"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\
"ButtonText" = "Spyware Doctor"
"CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" [file not found]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"
Missing lines (compared with English-language version):
[Strings]: 2 lines
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
ewido security suite control, ewido security suite control, "C:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"]
ewido security suite guard, ewido security suite guard, "C:\Program Files\ewido anti-malware\ewidoguard.exe" ["ewido networks"]
ISSvc, ISSVC, ""C:\Program Files\Norton Internet Security\ISSVC.exe"" ["Symantec Corporation"]
Notebook Manager Service, anbmService, "C:\Acer\eManager\anbmServ.exe" ["OSA Technologies Inc."]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
PC Tools Spyware Doctor, SDhelper, "C:\Program Files\Spyware Doctor\sdhelp.exe" ["PC Tools"]
Service Norton AntiVirus Auto-Protect, navapsvc, ""C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Symantec Core LC, Symantec Core LC, "C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, ""C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]
Symantec Network Proxy, ccProxy, ""C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Symantec SPBBCSvc, SPBBCSvc, ""C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 37 seconds, including 18 seconds for message boxes)
Encore merci pour ta patience!!!
aranjuez31
Messages postés
8052
Date d'inscription
lundi 7 novembre 2005
Statut
Contributeur
Dernière intervention
9 juillet 2006
354
25 janv. 2006 à 23:07
25 janv. 2006 à 23:07
bsr
notre dial n'étant pas en continu
ai un peu perdu le fil
à ce jour, où en es-tu de tes blems ?
faut me mettre un hijac plus récent
notre dial n'étant pas en continu
ai un peu perdu le fil
à ce jour, où en es-tu de tes blems ?
faut me mettre un hijac plus récent
9 janv. 2006 à 22:55
ci joint mon dernier rapport smitfraudfix:
SmitFraudFix v2.13
Rapport fait à 22:50:08,78 le 09/01/2006
Executé à partir de C:\Documents and Settings\Franck\Bureau\Smitfraud\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\Franck\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau
»»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pr‚-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="D‚mon de cache des cat‚gories de composant"
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport
Merci par avance pour ton aide