Virus Kill ou Mskill

Résolu

marcsaunier Messages postés 19 Date d'inscription Statut Membre Dernière intervention -
elshan - 28 déc. 2007 à 20:35

Bonjour,

Mon antivirus (bit defender pro 9+) a détecté ce qui me semble être un virus qu'il ne peut ni désinfecter ni déplacer (cf ci-dessous, la fin du rapport d'analyse de bit defender):
"
Sommaire :

C:\Program Files\Microsoft Works\Setup\PSS\wks6w2k.exe=>(CAB Sfx r)=>KILL.EXE Détecté: Application.Mskill.E
C:\Program Files\Microsoft Works\Setup\PSS\wks6w2k.exe=>(CAB Sfx r)=>KILL.EXE Désinfection impossible
C:\Program Files\Microsoft Works\Setup\PSS\wks6w2k.exe=>(CAB Sfx r)=>KILL.EXE Déplacement impossible
C:\Program Files\Microsoft Works\Setup\PSS\Wks8xp.EXE=>(CAB Sfx r)=>KILL.EXE Détecté: Application.Mskill.E
C:\Program Files\Microsoft Works\Setup\PSS\Wks8xp.EXE=>(CAB Sfx r)=>KILL.EXE Désinfection impossible
C:\Program Files\Microsoft Works\Setup\PSS\Wks8xp.EXE=>(CAB Sfx r)=>KILL.EXE Déplacement impossible
C:\Program Files\Microsoft Works\Setup\PSS\wksw2k.exe=>(CAB Sfx r)=>KILL.EXE Détecté: Application.Mskill.E
C:\Program Files\Microsoft Works\Setup\PSS\wksw2k.exe=>(CAB Sfx r)=>KILL.EXE Désinfection impossible
C:\Program Files\Microsoft Works\Setup\PSS\wksw2k.exe=>(CAB Sfx r)=>KILL.EXE Déplacement impossible
"

Quelqu'un connait t'il ce virus et pourrait t'il avoir la gentillesse de me dire:

- S'il est peu ou très dangereux,
- .... et comment s'en débarasser !!

Merci d'avance pour votre aide.

Afficher la suite

A voir également:

Virus Kill ou Mskill
Kill disk - Télécharger - Utilitaires
Virus mcafee - Accueil - Piratage
Virus facebook demande d'amis - Accueil - Facebook
Undisclosed-recipients virus - Guide
Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares

32 réponses

Précédent

1
2

Réponse 21 / 32

asproduct

Salut
J'ai également un fichier qui s'appelle tel.xls et qui m'empeche d'afficher les fichiers cachés sur mon ordi.
quand je fais CTRL ALT SUPPR , je vois un fichiers excel qui s'appelle Kill.

Que faire ?

Réponse 22 / 32

green day Messages postés 26374 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention 2 163

Salut

télécharge hijackthis et poste un rapport stp ( cf poste 1)

++

Réponse 23 / 32

Rhym

Bonjour,
Volia moi aussi j'ai un soucis avec le fichier killVBS je tenvoie mon rapport comment puije faire pour supprimer ce soucis

Aide moi
Logfile of HijackThis v1.99.1
Scan saved at 19:38:15, on 15/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Pack Securite\backweb\361343\program\fsbwsys.exe
C:\PROGRA~1\PACKSE~1\backweb\361343\Program\SERVIC~1.EXE
C:\Program Files\Pack Securite\backweb\361343\Program\fspex.exe
C:\Program Files\Fichiers communs\Symantec Shared\NMain.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Rémy Maurcot\Mes documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\killVBS.vbs
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {31B41952-4E31-4050-856E-E16466B7704C} - C:\WINDOWS\system32\msgtedit.dll (file missing)
O2 - BHO: (no name) - {5608AC68-5EDC-4610-BFB1-E1A2F96C0BB5} - C:\WINDOWS\system32\pid32.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S16C.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart17.exe
O4 - Global Startup: Pack Securite.lnk = C:\Program Files\Pack Securite\backweb\361343\Program\fspex.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/
O18 - Protocol: bw+0 - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {1A850AAD-5771-4B77-96B0-C0548B4AF5BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Pack Securite (BackWeb Plug-in - 361343) - BackWeb Technologies Inc. - C:\PROGRA~1\PACKSE~1\backweb\361343\Program\SERVIC~1.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Pack Securite\backweb\361343\program\fsbwsys.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

Réponse 24 / 32

green day Messages postés 26374 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention 2 163

Salut

Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp

++

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 25 / 32

KiaraRhym Messages postés 4 Date d'inscription Statut Membre Dernière intervention

Voila mon rapport sur combo fix

ComboFix 07-11-19.3 - Rémy Maurcot 2007-11-23 16:45:30.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1000 [GMT 1:00]
Running from: C:\Documents and Settings\Rémy Maurcot\Bureau\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((( Fichiers créés 2007-10-23 to 2007-11-23 ))))))))))))))))))))))))))))))))))))
.

2007-11-23 16:04 <REP> d-------- C:\Documents and Settings\Rémy Maurcot\Application Data\Talkback
2007-11-23 16:03 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-23 15:00 <REP> d-------- C:\WINDOWS\LastGood
2007-11-23 13:16 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-11-23 13:16 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-11-23 13:16 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-11-22 19:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\U3
2007-11-21 23:14 <REP> d-------- C:\WINDOWS\system32\LogFiles
2007-11-21 21:59 <REP> d-------- C:\Documents and Settings\Rémy Maurcot\Application Data\HP
2007-11-21 19:11 2,330,624 --------- C:\WINDOWS\system32\dllcache\wmvcore.dll
2007-11-21 07:36 <REP> d---s---- C:\Documents and Settings\LocalService\Temporary Internet Files
2007-11-21 07:36 <REP> d---s---- C:\Documents and Settings\LocalService\Historique
2007-11-21 07:34 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-21 07:33 <REP> d-------- C:\Program Files\Spyware Doctor
2007-11-21 07:33 <REP> d-------- C:\Documents and Settings\Rémy Maurcot\Application Data\PC Tools
2007-11-21 07:16 <REP> d-------- C:\Program Files\Norton Security Scan
2007-11-20 21:53 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-11-20 21:53 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-11-20 21:47 <REP> d-------- C:\Documents and Settings\Rémy Maurcot\Application Data\Symantec
2007-11-20 21:40 <REP> d-------- C:\Program Files\Norton AntiVirus
2007-11-20 21:40 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-11-20 21:40 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2007-11-20 21:27 <REP> d-------- C:\Program Files\FlashMNT31 2008
2007-11-20 21:17 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2007-11-20 21:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-11-20 21:08 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2007-11-20 21:05 <REP> d-------- C:\Program Files\EPSON
2007-11-20 21:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2007-11-20 21:01 <REP> d---s---- C:\Documents and Settings\Rémy Maurcot\UserData
2007-11-20 21:01 <REP> d---s---- C:\Documents and Settings\Rémy Maurcot\UserData
2007-11-20 19:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-20 19:44 <REP> d-------- C:\Documents and Settings\Rémy Maurcot\Contacts
2007-11-20 19:44 <REP> d-------- C:\Documents and Settings\Rémy Maurcot\Contacts
2007-11-20 19:43 <REP> d-------- C:\Program Files\Windows Live Favorites
2007-11-20 19:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-11-20 19:42 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-11-20 19:42 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2007-11-20 19:42 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-11-20 19:42 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-11-20 19:42 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2007-11-20 19:41 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-11-20 19:41 <REP> d-------- C:\Program Files\Windows Live Toolbar
2007-11-20 19:40 <REP> d-------- C:\Program Files\MSN Messenger
2007-11-20 19:33 <REP> d-------- C:\Documents and Settings\Rémy Maurcot\Application Data\F-Secure
2007-11-20 19:29 <REP> d-------- C:\WINDOWS\rnapxs
2007-11-20 19:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2007-11-20 19:29 1,716,224 --a------ C:\WINDOWS\system32\winsflte.dll
2007-11-20 19:29 1,183,744 --a------ C:\WINDOWS\system32\winsflt.dll
2007-11-20 19:29 70,224 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2007-11-20 19:29 33,840 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2007-11-19 21:40 <REP> d-------- C:\Documents and Settings\Rémy Maurcot\Application Data\U3
2007-11-19 21:03 <REP> d-------- C:\Documents and Settings\Rémy Maurcot\Application Data\Logitech
2007-11-19 20:58 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2007-11-19 20:57 <REP> d-------- C:\Program Files\eMule
2007-11-19 20:57 1,060,864 --a------ C:\WINDOWS\system32\MFC75d9b.rra
2007-11-19 20:57 143,360 --a------ C:\WINDOWS\system32\kemutb.dll
2007-11-19 20:57 90,112 --a------ C:\WINDOWS\system32\KemUtil.dll
2007-11-19 20:57 86,016 --a------ C:\WINDOWS\system32\KemWnd.dll
2007-11-19 20:57 65,536 --a------ C:\WINDOWS\system32\KemXML.dll
2007-11-19 20:56 <REP> d-------- C:\Program Files\Logitech
2007-11-19 20:56 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2007-11-19 20:56 28,160 --a------ C:\WINDOWS\KHALMNPR.Exe
2007-11-19 20:49 <REP> d-------- C:\Program Files\backburner 2
2007-11-19 20:41 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2007-11-19 20:34 <REP> d-------- C:\Program Files\MSBuild
2007-11-19 20:33 <REP> d-------- C:\Program Files\Microsoft.NET
2007-11-19 20:30 <REP> d-------- C:\WINDOWS\SHELLNEW
2007-11-19 20:30 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-11-19 20:29 <REP> dr-h----- C:\MSOCache
2007-11-19 20:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-19 20:15 <REP> d-------- C:\Program Files\AutoCAD 2008
2007-11-19 20:15 <REP> d-------- C:\Documents and Settings\Rémy Maurcot\Application Data\Autodesk
2007-11-19 20:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2007-11-19 20:14 <REP> d-------- C:\Program Files\Fichiers communs\Autodesk Shared
2007-11-19 20:14 <REP> d-------- C:\Program Files\Autodesk
2007-11-19 20:08 <REP> d-------- C:\Program Files\Pack Securite
2007-11-19 20:08 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.116-361343L.exe
2007-11-19 20:06 37,055 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-11-19 20:04 2,165 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-11-19 19:02 <REP> d-------- C:\WINDOWS\BricoPacks
2007-11-19 18:49 <REP> d-------- C:\Program Files\PowerISO
2007-11-19 18:30 <REP> d-------- C:\Program Files\Neuf
2007-11-19 18:28 <REP> d---s---- C:\Documents and Settings\Rémy Maurcot\Temporary Internet Files
2007-11-19 18:28 <REP> d---s---- C:\Documents and Settings\Rémy Maurcot\Temporary Internet Files
2007-11-19 18:28 <REP> d---s---- C:\Documents and Settings\Rémy Maurcot\Historique
2007-11-19 18:28 <REP> d---s---- C:\Documents and Settings\Rémy Maurcot\Historique
2007-11-19 18:27 <REP> d--h----- C:\Documents and Settings\Rémy Maurcot\Voisinage réseau
2007-11-19 18:27 <REP> d--h----- C:\Documents and Settings\Rémy Maurcot\Voisinage réseau
2007-11-19 18:27 <REP> d--h----- C:\Documents and Settings\Rémy Maurcot\Voisinage d'impression
2007-11-19 18:27 <REP> d--h----- C:\Documents and Settings\Rémy Maurcot\Voisinage d'impression
2007-11-19 18:27 <REP> d--h----- C:\Documents and Settings\Rémy Maurcot\Modèles
2007-11-19 18:27 <REP> d--h----- C:\Documents and Settings\Rémy Maurcot\Modèles
2007-11-19 18:27 <REP> dr------- C:\Documents and Settings\Rémy Maurcot\Mes documents
2007-11-19 18:27 <REP> dr------- C:\Documents and Settings\Rémy Maurcot\Mes documents
2007-11-19 18:27 <REP> dr------- C:\Documents and Settings\Rémy Maurcot\Menu Démarrer
2007-11-19 18:27 <REP> dr------- C:\Documents and Settings\Rémy Maurcot\Menu Démarrer
2007-11-19 18:27 <REP> d-------- C:\Documents and Settings\Rémy Maurcot\Favoris
2007-11-19 18:27 <REP> d-------- C:\Documents and Settings\Rémy Maurcot\Favoris
2007-11-19 18:27 <REP> d-------- C:\Documents and Settings\Rémy Maurcot\Bureau
2007-11-19 18:27 <REP> d-------- C:\Documents and Settings\Rémy Maurcot\Bureau

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-25 05:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-20 19:49]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-11-19 20:58]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"EPSON Stylus DX5000 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.exe" [2006-09-22 04:01]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 15:57]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:34]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 21:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 20:03]
"NvCplDaemon"="RUNDLL32.exe" [2006-03-25 05:00 C:\WINDOWS\system32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2006-03-25 05:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-08-18 09:00 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 01:02 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 06:01]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-11 20:55]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 10:33]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-30 15:02]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 09:23]
"Autoconfigurateur WiFi Neuf"="C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2007-02-14 12:06]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-01-20 17:46 C:\WINDOWS\KHALMNPR.Exe]
"F-Secure Manager"="C:\Program Files\Pack Securite\Common\FSM32.exe" [2005-05-09 08:05]
"F-Secure TNB"="C:\Program Files\Pack Securite\TNB\TNBUtil.exe" [2005-06-02 14:05]
"F-Secure Startup Wizard"="C:\Program Files\Pack Securite\FSGUI\FSSW.exe" [2005-09-05 14:00]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-20 19:50]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-02-22 12:08]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-25 05:00]

C:\Documents and Settings\R‚my Maurcot\Menu D‚marrer\Programmes\D‚marrage\
Stardock ObjectDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe [2005-02-21 14:56:00]
Y'z ToolBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe [2002-09-29 14:41:00]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Pack Securite.lnk - C:\Program Files\Pack Securite\backweb\361343\Program\fspex.exe [2007-11-19 20:08:12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys
R2 BackWeb Plug-in - 361343;Pack Securite;C:\PROGRA~1\PACKSE~1\backweb\361343\Program\SERVIC~1.EXE
R2 F-Secure Filter;F-Secure File System Filter;\??\C:\Program Files\Pack Securite\Anti-Virus\Win2K\FSfilter.sys
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Program Files\Pack Securite\Anti-Virus\Win2K\FSgk.sys
R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Program Files\Pack Securite\Anti-Virus\Win2K\FSrec.sys
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
R3 NBXG7031;NB 802.11g XG703 SP1 Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys
R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{410ea17c-96de-11dc-b63b-0016366a4e76}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c82613c3-96c3-11dc-b638-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c82613c4-96c3-11dc-b638-806d6172696f}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c82613c5-96c3-11dc-b638-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-11-20 20:50:14 C:\WINDOWS\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - Rémy Maurcot.job"
- C:\PROGRA~1\NORTON~1\Navw32.exe
"2007-11-23 12:03:58 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\PACKSE~1\ANTI-V~1\fsav.exe
"2007-11-23 13:26:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-23 16:53:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????<?@? ???????????Y?@?????<?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-23 16:57:12
.
--- E O F ---

Réponse 26 / 32

green day Messages postés 26374 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention 2 163

ok,

Télécharger Vundofix.exe (par Atribune) sur votre Bureau : http://www.atribune.org/ccount/click.php?id=4

* Double-cliquer sur VundoFix.exe afin de le lancer.
* Cliquer sur le bouton Scan for Vundo.
* Lorsque le scan est complété, cliquer sur le bouton Remove Vundo.
* Une invite de commande demandera si l’on souhaite supprimer les fichiers, cliquer sur YES
* Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Une nouvelle invite de commende annoncera que le PC devra s'éteindre ("shutdown"). Cliquer sur OK , puis laisser le redémarrer.
* Le contenu du rapport est situé dans C:\vundofix.txt, poste le stp

++

Réponse 27 / 32

KiaraRhym Messages postés 4 Date d'inscription Statut Membre Dernière intervention

Mais je vien de faire combo fix faut combien de rapport au juste

Réponse 28 / 32

green day Messages postés 26374 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention 2 163

???

Tu viens bien demander de l'aide non ??

des rapports, il va y en avoir un certains nombres, après c'est toi qui vois, je ne vais pas te retenir !

Réponse 29 / 32

KiaraRhym Messages postés 4 Date d'inscription Statut Membre Dernière intervention

oui ok alors vundo na trouvé aucun objet son message :done files

Réponse 30 / 32

green day Messages postés 26374 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention 2 163

Salut :)

ok, fais ce qui est indiqué ici stp :

http://www.commentcamarche.net/faq/sujet 3174 virus methode preliminaire de desinfection version fr

++

Réponse 31 / 32

elshan

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:28:47, on 28/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HostRAID Alert Utility\iomgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HostRAID Alert Utility\AlertUtility.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\elshan\Desktop\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=https=ftp=gopher=socks=
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ASocksrv] SocksA.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) - http://www.flatcast.info/objects/NpFv41629.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Adaptec HostRAID Alert Utility (HostRAIDAlertUtility) - Unknown owner - C:\Program Files\HostRAID Alert Utility\AlertUtility.exe
O23 - Service: Adaptec IO Manager Server 1.0 (IOManager) - Unknown owner - C:\Program Files\HostRAID Alert Utility\iomgr.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Réponse 32 / 32

elshan

Rapport Lopxp fait le 28/12/2007 à 8:36:05
Exécuté dans : C:\Program Files\Lopxp

Liste des processus actifs :

PID : 620 C:\WINDOWS\System32\smss.exe
PID : 668 C:\WINDOWS\system32\csrss.exe
PID : 692 C:\WINDOWS\system32\winlogon.exe
PID : 736 C:\WINDOWS\system32\services.exe
PID : 748 C:\WINDOWS\system32\lsass.exe
PID : 912 C:\WINDOWS\system32\svchost.exe
PID : 976 C:\WINDOWS\system32\svchost.exe
PID : 1072 C:\WINDOWS\System32\svchost.exe
PID : 1140 C:\WINDOWS\system32\svchost.exe
PID : 1204 C:\WINDOWS\system32\svchost.exe
PID : 1532 C:\WINDOWS\system32\spoolsv.exe
PID : 2008 C:\WINDOWS\Explorer.EXE
PID : 324 C:\WINDOWS\system32\ctfmon.exe
PID : 368 C:\WINDOWS\svchost.exe
PID : 512 C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
PID : 404 C:\Program Files\HostRAID Alert Utility\iomgr.exe
PID : 1708 C:\WINDOWS\system32\svchost.exe
PID : 1820 C:\Program Files\HostRAID Alert Utility\AlertUtility.exe
PID : 1020 C:\WINDOWS\System32\alg.exe
PID : 1112 C:\WINDOWS\system32\wscntfy.exe
PID : 3900 C:\WINDOWS\system32\wuauclt.exe
PID : 3204 C:\Program Files\Internet Explorer\iexplore.exe
PID : 3980 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
PID : 1312 C:\Documents and Settings\elshan\Desktop\HiJackThis\HijackThis.exe
PID : 2156 C:\WINDOWS\system32\NOTEPAD.EXE
PID : 2336 C:\WINDOWS\system32\cmd.exe
PID : 3740 C:\Program Files\Lopxp\tools\pv.exe

___________________________________________________________________________

[Tâches planifiées]

___________________________________________________________________________

[Listing des dossiers Application Data]

cr: Date Création | mo: Date Modification -=- Nom Long -= Nom Court (8.3)

+- C:\Documents and Settings\AKBAROV\Application Data

cr: 07/12/2007 11:35:29 | mo: 07/12/2007 11:35:29 -=- IDENTI~1 -= Identities
cr: 07/12/2007 11:35:09 | mo: 07/12/2007 11:35:12 -=- MICROS~1 -= Microsoft

+- C:\Documents and Settings\AKBAROV\Local Settings\Application Data

cr: 07/12/2007 11:35:09 | mo: 07/12/2007 19:28:20 -=- MICROS~1 -= Microsoft

+- C:\Documents and Settings\All Users\Application Data

cr: 07/12/2007 02:53:01 | mo: 07/12/2007 11:22:17 -=- MICROS~1 -= Microsoft

+- C:\Documents and Settings\All Users.WINDOWS\Application Data

cr: 18/12/2007 12:54:09 | mo: 18/12/2007 12:55:17 -=- Adobe ----= Adobe
cr: 18/12/2007 12:51:34 | mo: 26/12/2007 15:17:25 -=- Google ---= Google
cr: 08/12/2007 11:29:40 | mo: 18/12/2007 13:26:06 -=- MICROS~1 -= Microsoft
cr: 18/12/2007 05:13:55 | mo: 18/12/2007 05:13:55 -=- WINDOW~1 -= Windows Genuine Advantage
cr: 18/12/2007 13:24:02 | mo: 18/12/2007 13:24:02 -=- WLINST~1 -= WLInstaller
cr: 18/12/2007 19:14:23 | mo: 18/12/2007 19:14:23 -=- Yahoo! ---= Yahoo!

+- C:\Documents and Settings\elshan\Application Data

cr: 18/12/2007 12:55:55 | mo: 18/12/2007 19:14:25 -=- Adobe ----= Adobe
cr: 18/12/2007 12:58:16 | mo: 18/12/2007 13:18:07 -=- Google ---= Google
cr: 11/12/2007 06:32:34 | mo: 11/12/2007 06:32:34 -=- Help -----= Help
cr: 25/12/2007 15:29:27 | mo: 25/12/2007 15:29:27 -=- HEWLET~1 -= Hewlett-Packard
cr: 08/12/2007 20:17:31 | mo: 08/12/2007 20:17:31 -=- IDENTI~1 -= Identities
cr: 18/12/2007 03:45:35 | mo: 18/12/2007 03:45:35 -=- MACROM~1 -= Macromedia
cr: 08/12/2007 20:17:12 | mo: 18/12/2007 22:51:40 -=- MICROS~1 -= Microsoft
cr: 09/12/2007 04:59:27 | mo: 09/12/2007 04:59:27 -=- MICROS~2 -= Microsoft Web Folders
cr: 18/12/2007 13:12:52 | mo: 18/12/2007 13:12:52 -=- WinRAR ---= WinRAR

+- C:\Documents and Settings\elshan\Local Settings\Application Data

cr: 18/12/2007 12:55:17 | mo: 18/12/2007 12:56:25 -=- Adobe ----= Adobe
cr: 18/12/2007 12:58:16 | mo: 18/12/2007 13:02:20 -=- Google ---= Google
cr: 11/12/2007 06:32:34 | mo: 11/12/2007 06:32:34 -=- Help -----= Help
cr: 18/12/2007 09:28:46 | mo: 18/12/2007 09:28:46 -=- IDENTI~1 -= Identities
cr: 08/12/2007 20:17:12 | mo: 18/12/2007 17:24:45 -=- MICROS~1 -= Microsoft
cr: 18/12/2007 17:24:56 | mo: 18/12/2007 17:24:56 -=- WMTOOL~1 -= WMTools Downloaded Files

___________________________________________________________________________

[Listing du dossier Program Files]

+- C:\Program Files

cr: 18/12/2007 03:13:28 | mo: 18/12/2007 03:13:28 -=- ACERHO~1.1 -= Acer Homeplug Ethernet Adapter Utilities 1.1
cr: 18/12/2007 12:53:51 | mo: 18/12/2007 12:53:52 -=- Adobe ----= Adobe
cr: 07/12/2007 02:56:46 | mo: 25/12/2007 15:17:58 -=- COMMON~1 -= Common Files
cr: 07/12/2007 11:12:06 | mo: 07/12/2007 11:12:06 -=- COMPLU~1 -= ComPlus Applications
cr: 18/12/2007 12:51:14 | mo: 26/12/2007 15:25:54 -=- Google ---= Google
cr: 25/12/2007 15:14:52 | mo: 25/12/2007 15:14:52 -=- HEWLET~1 -= Hewlett-Packard
cr: 18/12/2007 03:09:44 | mo: 18/12/2007 03:09:50 -=- HOSTRA~1 -= HostRAID Alert Utility
cr: 18/12/2007 03:17:37 | mo: 18/12/2007 03:17:38 -=- intel ----= intel
cr: 07/12/2007 11:14:02 | mo: 24/12/2007 07:47:21 -=- INTERN~1 -= Internet Explorer
cr: 28/12/2007 08:35:14 | mo: 28/12/2007 08:36:08 -=- Lopxp ----= Lopxp
cr: 07/12/2007 11:10:58 | mo: 08/12/2007 19:51:06 -=- MESSEN~1 -= Messenger
cr: 07/12/2007 11:22:17 | mo: 09/12/2007 04:58:58 -=- MICROS~1 -= microsoft frontpage
cr: 09/12/2007 04:59:27 | mo: 09/12/2007 04:59:27 -=- MICROS~2 -= Microsoft Office
cr: 18/12/2007 13:29:58 | mo: 18/12/2007 13:29:58 -=- MICROS~4 -= Microsoft SQL Server Compact Edition
cr: 09/12/2007 05:01:37 | mo: 09/12/2007 05:01:37 -=- MICROS~3 -= Microsoft Visual Studio
cr: 07/12/2007 11:14:32 | mo: 07/12/2007 11:14:36 -=- MOVIEM~1 -= Movie Maker
cr: 07/12/2007 11:10:03 | mo: 09/12/2007 05:32:03 -=- MSN ------= MSN
cr: 07/12/2007 11:10:53 | mo: 07/12/2007 11:10:53 -=- MSNGAM~1 -= MSN Gaming Zone
cr: 24/12/2007 07:46:53 | mo: 24/12/2007 07:46:53 -=- MSXML4~1.0 -= MSXML 4.0
cr: 24/12/2007 07:51:13 | mo: 24/12/2007 07:51:13 -=- MSXML6~1.0 -= MSXML 6.0
cr: 07/12/2007 11:14:17 | mo: 07/12/2007 11:14:54 -=- NETMEE~1 -= NetMeeting
cr: 07/12/2007 11:11:36 | mo: 13/12/2007 10:53:32 -=- ONLINE~1 -= Online Services
cr: 07/12/2007 11:14:13 | mo: 24/12/2007 07:50:46 -=- OUTLOO~1 -= Outlook Express
cr: 18/12/2007 12:45:44 | mo: 18/12/2007 12:45:45 -=- TopDesk --= TopDesk
cr: 07/12/2007 11:35:23 | mo: 07/12/2007 11:35:23 -=- UNINST~1 -= Uninstall Information
cr: 18/12/2007 13:24:17 | mo: 18/12/2007 13:31:29 -=- WI1F86~1 -= Windows Live
cr: 07/12/2007 11:11:02 | mo: 18/12/2007 03:47:30 -=- WINDOW~2 -= Windows Media Connect 2
cr: 07/12/2007 11:11:06 | mo: 18/12/2007 03:47:24 -=- WINDOW~3 -= Windows Media Player
cr: 07/12/2007 11:10:01 | mo: 08/12/2007 19:50:39 -=- WINDOW~1 -= Windows NT
cr: 07/12/2007 11:16:23 | mo: 07/12/2007 11:16:23 -=- WINDOW~4 -= WindowsUpdate
cr: 18/12/2007 13:12:05 | mo: 18/12/2007 13:12:10 -=- WinRaR ---= WinRaR
cr: 07/12/2007 11:22:17 | mo: 07/12/2007 11:22:17 -=- xerox ----= xerox
cr: 18/12/2007 19:11:34 | mo: 26/12/2007 15:16:35 -=- Yahoo! ---= Yahoo!

___________________________________________________________________________

[Recherche programmes connus, liés à CiD]

___________________________________________________________________________

[Clés registre de démarrage]

___________________________________________________________________________

[Popups autorisés]

[-] Internet Explorer :

Aucune adresse détectée dans la liste des sites autorisés à émettre des Popups.

[-] Mozilla Firefox

[-] Suite Mozilla / SeaMonkey

___________________________________________________________________________

[Suggestion nettoyage registre]

- Aucune suggestion.

- Fin du rapport -

Discussions similaires

Softonic,est-ce un virus ?

message de postmaster incessant !

Désinstaller Softonic

Message Apple virus !!

4 virus en raison d’un porno ????

Forum Virus

Trouvez des solutions pour détecter et éliminer les menaces, des astuces pour prévenir les infections, et discutez des dernières menaces en ligne