Adware Purityscan / Dialer.iDialer et autres

loupdulac -  
 yenamarre -
Bonjour à tous,
après avoir un peu galéré me voici parmis vous.
J'ai récupéré vendredi dernier l'Adware.Putityscan et le dialer.idialer. A quelques reprises, sont apparus Trojan.Nebuler, Trojan.Vundo, Downloader.Trojan.
Après plusieurs manips avec notamment, Spybot, mon antivirus, AVG et CleanUp et d'autres log installés aujourd'hui.. ça a l'air d'aller mieux.
Néanmoins je voudrais être sur que tout est ok et désinstaller tous les logs qui tournent ou n'en garder que quelque uns.
Pouvez vous m'aider à nettoyer tout ça?
Je lance les divers scan et copie les rapports en suivant.
Merci de votre aide.
Configuration: Windows XP
Internet Explorer 7.0

6 réponses

  1. loupdulac Messages postés 21 Statut Membre
     
    Ad-Aware SE Build 1.06r1
    Logfile Created on:mardi 9 janvier 2007 16:40:02
    Created with Ad-Aware SE Personal, free for private use.
    Using definitions file:SE1R143 08.01.2007
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    References detected during the scan:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    MRU List(TAC index:0):9 total references
    Tracking Cookie(TAC index:3):3 total references
    Windows(TAC index:3):1 total references
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Ad-Aware SE Settings
    ===========================
    Set : Search for negligible risk entries
    Set : Search for low-risk threats
    Set : Safe mode (always request confirmation)
    Set : Scan active processes
    Set : Scan registry
    Set : Deep-scan registry
    Set : Scan my IE Favorites for banned URLs
    Set : Scan my Hosts file

    Extended Ad-Aware SE Settings
    ===========================
    Set : Unload recognized processes & modules during scan
    Set : Scan registry for all users instead of current user only
    Set : Always try to unload modules before deletion
    Set : During removal, unload Explorer and IE if necessary
    Set : Let Windows remove files in use at next reboot
    Set : Delete quarantined objects after restoring
    Set : Include basic Ad-Aware settings in log file
    Set : Include additional Ad-Aware settings in log file
    Set : Include reference summary in log file
    Set : Include alternate data stream details in log file
    Set : Play sound at scan completion if scan locates critical objects

    09-01-2007 16:40:02 - Scan started. (Full System Scan)

    MRU List Object Recognized!
    Location: : C:\Documents and Settings\jm.navarro\recent
    Description : list of recently opened documents

    MRU List Object Recognized!
    Location: : software\microsoft\directdraw\mostrecentapplication
    Description : most recent application to use microsoft directdraw

    MRU List Object Recognized!
    Location: : S-1-5-21-1595569382-2297305275-87640226-1006\software\microsoft\mediaplayer\medialibraryui
    Description : last selected node in the microsoft windows media player media library

    MRU List Object Recognized!
    Location: : S-1-5-21-1595569382-2297305275-87640226-1006\software\microsoft\mediaplayer\preferences
    Description : last cd record path used in microsoft windows media player

    MRU List Object Recognized!
    Location: : S-1-5-21-1595569382-2297305275-87640226-1006\software\microsoft\mediaplayer\preferences
    Description : last search path used in microsoft windows media player

    MRU List Object Recognized!
    Location: : S-1-5-21-1595569382-2297305275-87640226-1006\software\microsoft\office\9.0\powerpoint\recent typeface list
    Description : list of recently used typefaces in microsoft powerpoint

    MRU List Object Recognized!
    Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
    Description : windows media sdk

    MRU List Object Recognized!
    Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
    Description : windows media sdk

    MRU List Object Recognized!
    Location: : S-1-5-21-1595569382-2297305275-87640226-1006\software\microsoft\windows media\wmsdk\general
    Description : windows media sdk

    Listing running processes
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    #:1 [smss.exe]
    FilePath : \SystemRoot\System32\
    ProcessID : 644
    ThreadCreationTime : 09-01-2007 15:01:33
    BasePriority : Normal

    #:2 [csrss.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ProcessID : 708
    ThreadCreationTime : 09-01-2007 15:01:38
    BasePriority : Normal

    #:3 [winlogon.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ProcessID : 732
    ThreadCreationTime : 09-01-2007 15:01:41
    BasePriority : High

    #:4 [services.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 776
    ThreadCreationTime : 09-01-2007 15:01:44
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Système d'exploitation Microsoft® Windows®
    CompanyName : Microsoft Corporation
    FileDescription : Applications Services et Contrôleur
    InternalName : services.exe
    LegalCopyright : © Microsoft Corporation. Tous droits réservés.
    OriginalFilename : services.exe

    #:5 [lsass.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 788
    ThreadCreationTime : 09-01-2007 15:01:44
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : LSA Shell (Export Version)
    InternalName : lsass.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : lsass.exe

    #:6 [ibmpmsvc.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 988
    ThreadCreationTime : 09-01-2007 15:01:48
    BasePriority : Normal

    #:7 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1016
    ThreadCreationTime : 09-01-2007 15:01:49
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:8 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1092
    ThreadCreationTime : 09-01-2007 15:01:50
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:9 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 1188
    ThreadCreationTime : 09-01-2007 15:01:50
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:10 [evteng.exe]
    FilePath : C:\Program Files\Intel\Wireless\Bin\
    ProcessID : 1256
    ThreadCreationTime : 09-01-2007 15:01:50
    BasePriority : Normal
    FileVersion : 9, 0, 1, 83
    ProductVersion : 9, 0, 1, 4
    ProductName : EvtEng Module
    CompanyName : Intel Corporation
    FileDescription : EvtEng Module
    InternalName : EvtEng
    LegalCopyright : Copyright (c) Intel Corporation 1999-2005
    OriginalFilename : EvtEng.EXE

    #:11 [s24evmon.exe]
    FilePath : C:\Program Files\Intel\Wireless\Bin\
    ProcessID : 1308
    ThreadCreationTime : 09-01-2007 15:01:51
    BasePriority : Normal
    FileVersion : 9, 0, 1, 83
    ProductVersion : 9, 0, 1, 4
    ProductName : Mobile Unit Support Service
    CompanyName : Intel Corporation
    FileDescription : Event Monitor - Supports driver extensions to NIC Driver for wireless adapters.
    InternalName : S24EvMon
    LegalCopyright : Copyright (c) Intel Corporation 1999-2005
    OriginalFilename : S24EvMon.exe

    #:12 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 1384
    ThreadCreationTime : 09-01-2007 15:01:52
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:13 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 1476
    ThreadCreationTime : 09-01-2007 15:01:53
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:14 [spoolsv.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1656
    ThreadCreationTime : 09-01-2007 15:01:55
    BasePriority : Normal
    FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
    ProductVersion : 5.1.2600.2696
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Spooler SubSystem App
    InternalName : spoolsv.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : spoolsv.exe

    #:15 [explorer.exe]
    FilePath : C:\WINDOWS\
    ProcessID : 668
    ThreadCreationTime : 09-01-2007 15:02:02
    BasePriority : Normal
    FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 6.00.2900.2180
    ProductName : Système d'exploitation Microsoft® Windows®
    CompanyName : Microsoft Corporation
    FileDescription : Explorateur Windows
    InternalName : explorer
    LegalCopyright : © Microsoft Corporation. Tous droits réservés.
    OriginalFilename : EXPLORER.EXE

    #:16 [guard.exe]
    FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
    ProcessID : 792
    ThreadCreationTime : 09-01-2007 15:02:02
    BasePriority : Normal
    FileVersion : 7, 5, 0, 47
    ProductVersion : 7, 5, 0, 47
    ProductName : AVG Anti-Spyware
    CompanyName : Anti-Malware Development a.s.
    FileDescription : AVG Anti-Spyware guard
    InternalName : AVG Anti-Spyware guard
    LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
    OriginalFilename : guard.exe

    #:17 [ccsetmgr.exe]
    FilePath : C:\Program Files\Fichiers communs\Symantec Shared\
    ProcessID : 1044
    ThreadCreationTime : 09-01-2007 15:02:03
    BasePriority : Normal
    FileVersion : 103.5.1.9
    ProductVersion : 103.5.1.9
    ProductName : Client and Host Security Platform
    CompanyName : Symantec Corporation
    FileDescription : Symantec Settings Manager Service
    InternalName : ccSetMgr
    LegalCopyright : Copyright (c) 2000-2005 Symantec Corporation. All rights reserved.
    OriginalFilename : ccSetMgr.exe

    #:18 [defwatch.exe]
    FilePath : C:\Program Files\Symantec AntiVirus\
    ProcessID : 1168
    ThreadCreationTime : 09-01-2007 15:02:06
    BasePriority : Normal
    FileVersion : 10.0.0.359
    ProductVersion : 10.0.0.359
    ProductName : Symantec AntiVirus
    CompanyName : Symantec Corporation
    FileDescription : Virus Definition Daemon
    InternalName : DefWatch
    LegalCopyright : Copyright 1998 - 2005 Symantec Corporation. All rights reserved.
    OriginalFilename : DefWatch.exe

    #:19 [rrpcsb.exe]
    FilePath : C:\Program Files\IBM\IBM Rapid Restore Ultra\
    ProcessID : 1324
    ThreadCreationTime : 09-01-2007 15:02:08
    BasePriority : Normal
    FileVersion : 4,0,0,4026
    ProductVersion : 4,0,0,4026
    ProductName : rrpcsb Module
    FileDescription : rrpcsb Module
    InternalName : rrpcsb
    LegalCopyright : Copyright 2002
    OriginalFilename : rrpcsb.EXE

    #:20 [qconsvc.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 1380
    ThreadCreationTime : 09-01-2007 15:02:10
    BasePriority : Normal
    FileVersion : 3, 7, 1, 0
    ProductVersion : 3, 7, 1, 0
    ProductName : IBM ThinkPad Utility
    CompanyName : IBM Corp.
    FileDescription : IBM Access Connections - Service Component.
    InternalName : QConSvc
    LegalCopyright : Copyright (C) IBM Corp. 2001, 2005
    OriginalFilename : QConSvc.Exe
    Comments : IBM Access Connections Component.

    #:21 [regsrvc.exe]
    FilePath : C:\Program Files\Intel\Wireless\Bin\
    ProcessID : 1424
    ThreadCreationTime : 09-01-2007 15:02:11
    BasePriority : Normal
    FileVersion : 9, 0, 1, 83
    ProductVersion : 9, 0, 1, 4
    ProductName : RegSrvc Module
    CompanyName : Intel Corporation
    FileDescription : RegSrvc Module
    InternalName : RegSrvc
    LegalCopyright : Copyright (c) Intel Corporation 1999-2005
    OriginalFilename : RegSrvc.EXE
    Comments : Registry Interface for Intel Wireless Products

    #:22 [smagent.exe]
    FilePath : C:\Program Files\Analog Devices\SoundMAX\
    ProcessID : 1492
    ThreadCreationTime : 09-01-2007 15:02:11
    BasePriority : Normal
    FileVersion : 3, 2, 6, 0
    ProductVersion : 3, 2, 6, 0
    ProductName : SoundMAX service agent
    CompanyName : Analog Devices, Inc.
    FileDescription : SoundMAX service agent component
    InternalName : SMAgent
    LegalCopyright : Copyright © 2002
    OriginalFilename : SMAgent.exe

    #:23 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 912
    ThreadCreationTime : 09-01-2007 15:02:12
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:24 [rtvscan.exe]
    FilePath : C:\Program Files\Symantec AntiVirus\
    ProcessID : 1692
    ThreadCreationTime : 09-01-2007 15:02:14
    BasePriority : Normal
    FileVersion : 10.0.0.359
    ProductVersion : 10.0.0.359
    ProductName : Symantec AntiVirus
    CompanyName : Symantec Corporation
    FileDescription : Symantec AntiVirus
    LegalCopyright : Copyright 1991 - 2005 Symantec Corporation. All rights reserved.

    #:25 [tp4serv.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1844
    ThreadCreationTime : 09-01-2007 15:02:20
    BasePriority : Normal
    FileVersion : 3.12
    ProductVersion : 3.12
    ProductName : IBM PS/2 TrackPoint Support
    CompanyName : IBM Corporation
    FileDescription : IBM PS/2 TrackPoint Daemon
    InternalName : daemon.exe
    LegalCopyright : Copyright (C) IBM Corporation 1997-2003
    OriginalFilename : daemon.exe

    #:26 [hkcmd.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1852
    ThreadCreationTime : 09-01-2007 15:02:22
    BasePriority : Normal
    FileVersion : 3.0.0.3879
    ProductVersion : 7.0.0.3879
    ProductName : Intel(R) Common User Interface
    CompanyName : Intel Corporation
    FileDescription : hkcmd Module
    InternalName : HKCMD
    LegalCopyright : Copyright 1999-2002, Intel Corporation
    OriginalFilename : HKCMD.EXE

    #:27 [tpkmpsvc.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1896
    ThreadCreationTime : 09-01-2007 15:02:23
    BasePriority : Normal

    #:28 [wdfmgr.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 1912
    ThreadCreationTime : 09-01-2007 15:02:23
    BasePriority : Normal
    FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
    ProductVersion : 5.2.3790.1230
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Windows User Mode Driver Manager
    InternalName : WdfMgr
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : WdfMgr.exe

    #:29 [ccevtmgr.exe]
    FilePath : C:\Program Files\Fichiers communs\Symantec Shared\
    ProcessID : 1996
    ThreadCreationTime : 09-01-2007 15:02:25
    BasePriority : Normal
    FileVersion : 103.5.1.9
    ProductVersion : 103.5.1.9
    ProductName : Client and Host Security Platform
    CompanyName : Symantec Corporation
    FileDescription : Symantec Event Manager Service
    InternalName : ccEvtMgr
    LegalCopyright : Copyright (c) 2000-2005 Symantec Corporation. All rights reserved.
    OriginalFilename : ccEvtMgr.exe

    #:30 [tphkmgr.exe]
    FilePath : C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\
    ProcessID : 524
    ThreadCreationTime : 09-01-2007 15:02:27
    BasePriority : Above Normal

    #:31 [tponscr.exe]
    FilePath : C:\Program Files\ThinkPad\PkgMgr\HOTKEY\
    ProcessID : 1152
    ThreadCreationTime : 09-01-2007 15:02:29
    BasePriority : Normal

    #:32 [tpscrex.exe]
    FilePath : C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\
    ProcessID : 1164
    ThreadCreationTime : 09-01-2007 15:02:29
    BasePriority : Normal
    FileVersion : 1.06
    ProductVersion : 1.06
    ProductName : ThinkPad UltraZoom
    CompanyName : IBM Corporation
    FileDescription : ThinkPad UltraZoom
    InternalName : TPSCREX
    LegalCopyright : Copyright (c) 2000, IBM Corporation
    OriginalFilename : TpScrEx.exe

    #:33 [tfswctrl.exe]
    FilePath : C:\WINDOWS\system32\dla\
    ProcessID : 1928
    ThreadCreationTime : 09-01-2007 15:02:33
    BasePriority : Normal
    FileVersion : 1.04.08a
    CompanyName : Sonic Solutions
    FileDescription : Drive Letter Access Component
    LegalCopyright : Copyright © 2004 Sonic Solutions

    #:34 [ibmprc.exe]
    FilePath : C:\IBMTOOLS\UTILS\
    ProcessID : 2068
    ThreadCreationTime : 09-01-2007 15:02:34
    BasePriority : Normal
    FileVersion : 1, 0, 0, 3
    ProductVersion : 1, 0, 0, 1
    ProductName : ibmprc Application
    CompanyName : IBM Corp.
    FileDescription : ibmprc Application
    InternalName : ibmprc
    LegalCopyright : Copyright (C) 2004 IBM
    OriginalFilename : ibmprc.exe

    #:35 [rundll32.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 2088
    ThreadCreationTime : 09-01-2007 15:02:35
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Système d'exploitation Microsoft® Windows®
    CompanyName : Microsoft Corporation
    FileDescription : Exécuter une DLL en tant qu'application
    InternalName : rundll
    LegalCopyright : © Microsoft Corporation. Tous droits réservés.
    OriginalFilename : RUNDLL.EXE

    #:36 [ccapp.exe]
    FilePath : C:\Program Files\Fichiers communs\Symantec Shared\
    ProcessID : 2096
    ThreadCreationTime : 09-01-2007 15:02:36
    BasePriority : Normal
    FileVersion : 103.5.1.9
    ProductVersion : 103.5.1.9
    ProductName : Client and Host Security Platform
    CompanyName : Symantec Corporation
    FileDescription : Symantec User Session
    InternalName : ccApp
    LegalCopyright : Copyright (c) 2000-2005 Symantec Corporation. All rights reserved.
    OriginalFilename : ccApp.exe

    #:37 [vptray.exe]
    FilePath : C:\PROGRA~1\SYMANT~1\
    ProcessID : 2196
    ThreadCreationTime : 09-01-2007 15:02:36
    BasePriority : Normal
    FileVersion : 10.0.0.359
    ProductVersion : 10.0.0.359
    ProductName : Symantec AntiVirus
    CompanyName : Symantec Corporation
    FileDescription : Symantec AntiVirus
    LegalCopyright : Copyright 1991 - 2005 Symantec Corporation. All rights reserved.

    #:38 [lvcomsx.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 2388
    ThreadCreationTime : 09-01-2007 15:02:38
    BasePriority : Normal
    FileVersion : 8.4.7.1036
    ProductVersion : 8.4.7.1036
    ProductName : Logitech QuickCam
    CompanyName : Logitech Inc.
    FileDescription : LVCom Server
    InternalName : LVComS.exe
    LegalCopyright : (c) 1996-2005 Logitech. All rights reserved.
    OriginalFilename : LVComS.exe

    #:39 [dragdiag.exe]
    FilePath : C:\Program Files\Thomson\SpeedTouch USB\
    ProcessID : 2416
    ThreadCreationTime : 09-01-2007 15:02:40
    BasePriority : Normal
    FileVersion : 301.0.0.12
    ProductVersion : 301.0.0.12
    ProductName : SpeedTouch USB
    CompanyName : THOMSON Telecom Belgium
    FileDescription : SpeedTouch Statistics
    LegalCopyright : Copyright© THOMSON Telecom Belgium 1999-2004
    LegalTrademarks : SpeedTouch

    #:40 [logitray.exe]
    FilePath : C:\Program Files\Logitech\Video\
    ProcessID : 2436
    ThreadCreationTime : 09-01-2007 15:02:42
    BasePriority : Normal
    FileVersion : 8.4.7.1034
    ProductVersion : 8.4.7.1034
    ProductName : Logitech QuickCam
    CompanyName : Logitech Inc.
    FileDescription : ImageStudio Tray Application
    InternalName : LogiTray.exe
    LegalCopyright : (c) 1996-2005 Logitech. All rights reserved.
    OriginalFilename : LogiTray.exe

    #:41 [smax4pnp.exe]
    FilePath : C:\Program Files\Analog Devices\SoundMAX\
    ProcessID : 2468
    ThreadCreationTime : 09-01-2007 15:02:43
    BasePriority : Normal
    FileVersion : 5, 0, 1, 57
    ProductVersion : 5, 0, 1, 57
    ProductName : SMax4PNP Application
    CompanyName : Analog Devices, Inc.
    FileDescription : SMax4PNP MFC Application
    InternalName : SMax4PNP
    LegalCopyright : Copyright (C) 2002-2004 Analog Devices
    OriginalFilename : SMax4PNP.EXE

    #:42 [tomtomhome.exe]
    FilePath : C:\Program Files\TomTom HOME\
    ProcessID : 2564
    ThreadCreationTime : 09-01-2007 15:02:47
    BasePriority : Normal

    #:43 [fxsvr2.exe]
    FilePath : C:\Program Files\Logitech\Video\
    ProcessID : 3344
    ThreadCreationTime : 09-01-2007 15:03:10
    BasePriority : Normal
    FileVersion : 8.4.7.1034
    ProductVersion : 8.4.7.1034
    ProductName : Logitech QuickCam
    CompanyName : Logitech Inc.
    FileDescription : QuickCam Framework Server
    InternalName : FxSvr.EXE
    LegalCopyright : (c) 1996-2005 Logitech. All rights reserved.
    OriginalFilename : FxSvr.EXE

    #:44 [alg.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 3372
    ThreadCreationTime : 09-01-2007 15:03:12
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Application Layer Gateway Service
    InternalName : ALG.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : ALG.exe

    #:45 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ProcessID : 3908
    ThreadCreationTime : 09-01-2007 15:03:16
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : svchost.exe

    #:46 [avgas.exe]
    FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
    ProcessID : 552
    ThreadCreationTime : 09-01-2007 15:03:18
    BasePriority : Normal
    FileVersion : 7, 5, 0, 50
    ProductVersion : 7, 5, 0, 50
    ProductName : AVG Anti-Spyware
    CompanyName : Anti-Malware Development a.s.
    FileDescription : AVG Anti-Spyware
    InternalName : AVG Anti-Spyware
    LegalCopyright : Copyright © 2006 Anti-Malware Development a.s.
    OriginalFilename : avgas.exe

    #:47 [ctfmon.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 3300
    ThreadCreationTime : 09-01-2007 15:03:32
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : CTF Loader
    InternalName : CTFMON
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : CTFMON.EXE

    #:48 [dlg.exe]
    FilePath : C:\Program Files\Digital Line Detect\
    ProcessID : 3516
    ThreadCreationTime : 09-01-2007 15:03:47
    BasePriority : Normal
    FileVersion : 1, 0, 0, 1
    ProductVersion : 1, 0, 0, 1
    ProductName : BVRP Software TestLine
    CompanyName : BVRP Software
    FileDescription : Digital Line Detection
    InternalName : TestLine
    LegalCopyright : Copyright © 2003
    OriginalFilename : TestLine.exe

    #:49 [wscntfy.exe]
    FilePath : C:\WINDOWS\system32\
    ProcessID : 4036
    ThreadCreationTime : 09-01-2007 15:04:12
    BasePriority : Normal
    FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    ProductVersion : 5.1.2600.2180
    ProductName : Microsoft® Windows® Operating System
    CompanyName : Microsoft Corporation
    FileDescription : Windows Security Center Notification App
    InternalName : wscntfy.exe
    LegalCopyright : © Microsoft Corporation. All rights reserved.
    OriginalFilename : wscntfy.exe

    #:50 [ymsgr_tray.exe]
    FilePath : C:\Program Files\Yahoo!\Messenger\
    ProcessID : 2360
    ThreadCreationTime : 09-01-2007 15:04:28
    BasePriority : Normal
    FileVersion : 8,1,0,0
    ProductVersion : 8,1,0,0
    ProductName : Yahoo! Messenger
    CompanyName : Yahoo! Inc.
    FileDescription : Yahoo! Messenger Tray
    LegalCopyright : (c) 1998-2006 Yahoo! Inc. All rights reserved.

    #:51 [ad-aware.exe]
    FilePath : C:\Program Files\adaware\
    ProcessID : 2688
    ThreadCreationTime : 09-01-2007 15:39:09
    BasePriority : Normal
    FileVersion : 6.2.0.236
    ProductVersion : SE 106
    ProductName : Lavasoft Ad-Aware SE
    CompanyName : Lavasoft Sweden
    FileDescription : Ad-Aware SE Core application
    InternalName : Ad-Aware.exe
    LegalCopyright : Copyright © Lavasoft AB Sweden
    OriginalFilename : Ad-Aware.exe
    Comments : All Rights Reserved

    Memory scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 9

    Started registry scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Windows Object Recognized!
    Type : RegData
    Data : notepad.exe %1
    TAC Rating : 3
    Category : Vulnerability
    Comment :
    Rootkey : HKEY_CLASSES_ROOT
    Object : regfile\shell\open\command
    Value :
    Data : notepad.exe %1

    Registry Scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 1
    Objects found so far: 10

    Started deep registry scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Deep registry scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 10

    Started Tracking Cookie scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : jm.navarro@247realmedia[2].txt
    TAC Rating : 3
    Category : Data Miner
    Comment : Hits:18
    Value : Cookie:jm.navarro@247realmedia.com/
    Expires : 01-01-2021 01:00:00
    LastSync : Hits:18
    UseCount : 0
    Hits : 18

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : jm.navarro@247realmedia[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment :
    Value : C:\Documents and Settings\jm.navarro\Cookies\jm.navarro@247realmedia[1].txt

    Tracking Cookie Object Recognized!
    Type : IECache Entry
    Data : jm.navarro@ads.addynamix[1].txt
    TAC Rating : 3
    Category : Data Miner
    Comment :
    Value : C:\Documents and Settings\jm.navarro\Cookies\jm.navarro@ads.addynamix[1].txt

    Tracking cookie scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 3
    Objects found so far: 13

    Deep scanning and examining files (C:)
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Disk Scan Result for C:\
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 13

    Scanning Hosts file......
    Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Hosts file scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    2872 entries scanned.
    New critical objects:0
    Objects found so far: 13

    Performing conditional scans...
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Conditional scan result:
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    New critical objects: 0
    Objects found so far: 13

    16:49:45 Scan Complete

    Summary Of This Scan
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Total scanning time:00:09:42.958
    Objects scanned:163825
    Objects identified:4
    Objects ignored:0
    New critical objects:4
    0
  2. loupdulac Messages postés 21 Statut Membre
     
    et voici le rapport Spybot

    Smitfraud-C.Toolbar888: Réglages (Clé du registre, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR

    DoubleClick: Cookie traceur (Firefox: mon profil) (Cookie, nothing done)

    MediaPlex: Cookie traceur (Firefox: mon profil) (Cookie, nothing done)

    Log: Activity: SchedLgU.Txt (Sauver le fichier, nothing done)
    C:\WINDOWS\SchedLgU.Txt

    Log: Activity: Sti_Trace.log (Sauver le fichier, nothing done)
    C:\WINDOWS\Sti_Trace.log

    Log: Shutdown: System32\wbem\logs\wbemess.log (Sauver le fichier, nothing done)
    C:\WINDOWS\System32\wbem\logs\wbemess.log

    Log: Shutdown: System32\wbem\logs\wbemprox.log (Sauver le fichier, nothing done)
    C:\WINDOWS\System32\wbem\logs\wbemprox.log

    Log: Shutdown: System32\wbem\logs\wmiprov.log (Sauver le fichier, nothing done)
    C:\WINDOWS\System32\wbem\logs\wmiprov.log

    MS Media Player: Anonymous ID (Modification du registre, nothing done)
    HKEY_USERS\S-1-5-21-1595569382-2297305275-87640226-1006\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID!=B=0

    MS DirectDraw: Most recent application (Modification du registre, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name!=

    MS Office 9.0 (Word): Recently used file list (Valeur du registre, nothing done)
    HKEY_USERS\S-1-5-21-1595569382-2297305275-87640226-1006\Software\Microsoft\Office\9.0\Word\Data\Settings

    Windows Explorer: User Assistant history IE (7 fichiers) (Clé du registre, nothing done)

    HKEY_USERS\S-1-5-21-1595569382-2297305275-87640226-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB78 0-7743-11CF-A12B-00A
    A004AE837}\Count

    Windows Explorer: User Assistant history files (33 fichiers) (Clé du registre, nothing done)

    HKEY_USERS\S-1-5-21-1595569382-2297305275-87640226-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{7504870 0-EF1F-11D0-9888-006
    097DEACF9}\Count

    Cookie: Cookie (5) (Cookie, nothing done)

    Cache: Cache (401) (Cache, nothing done)

    Cookie: Cookie (14) (Cookie, nothing done)

    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

    2005-05-31 blindman.exe (1.0.0.1)
    2005-05-31 SpybotSD.exe (1.4.0.3)
    2007-01-05 TeaTimer.exe (1.5.0.2)
    2006-03-28 unins000.exe (51.41.0.0)
    2005-05-31 Update.exe (1.4.0.0)
    2007-01-02 advcheck.dll (1.2.0.0)
    2005-05-31 aports.dll (2.1.0.0)
    2005-05-31 borlndmm.dll (7.0.4.453)
    2005-05-31 delphimm.dll (7.0.4.453)
    2005-05-31 SDHelper.dll (1.4.0.0)
    2007-01-02 Tools.dll (2.0.1.0)
    2005-05-31 UnzDll.dll (1.73.1.1)
    2005-05-31 ZipDll.dll (1.73.2.0)
    2007-01-05 Includes\Beta.sbi (*)
    2005-02-16 Includes\Beta.uti (*)
    2007-01-05 Includes\Cookies.sbi (*)
    2006-12-08 Includes\Dialer.sbi (*)
    2007-01-05 Includes\DialerC.sbi (*)
    2006-11-24 Includes\Hijackers.sbi (*)
    2007-01-05 Includes\HijackersC.sbi (*)
    2006-10-27 Includes\Keyloggers.sbi (*)
    2007-01-05 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2006-12-22 Includes\Malware.sbi (*)
    2007-01-05 Includes\MalwareC.sbi (*)
    2006-10-20 Includes\PUPS.sbi (*)
    2007-01-05 Includes\PUPSC.sbi (*)
    2007-01-05 Includes\Revision.sbi (*)
    2006-12-08 Includes\Security.sbi (*)
    2007-01-05 Includes\SecurityC.sbi (*)

    2006-10-13 Includes\Spybots.sbi (*)
    2007-01-05 Includes\SpybotsC.sbi (*)
    2005-02-17 Includes\Tracks.uti (*)
    2006-12-08 Includes\Trojans.sbi (*)
    2007-01-05 Includes\TrojansC.sbi (*)

    0
  3. loupdulac Messages postés 21 Statut Membre
     
    Le log Edwigo n'existant plus dans un un lien précédent, voici le rapport fait par a-squared antimalware

    Version - a-squared Anti-Malware 2.1

    Réglages Scan:

    Objets: Mémoire, Traces, Cookies, C:\WINDOWS\,
    Scan archives: Marche
    Heuristiques: Marche
    Scan ADS: Marche

    Début du scan: 09/01/2007 17:39:16

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\realvnc Détecter: Trace.Directory.VNC
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\realvnc\vnc server 4 (service-mode) Détecter: Trace.Directory.VNCServer
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\realvnc\vnc server 4 (user-mode) Détecter: Trace.Directory.VNCServer
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\realvnc\vnc viewer 4 Détecter: Trace.Directory.VNCViewer
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\realvnc\vnc viewer 4\run listening vnc viewer.lnk Détecter: Trace.File.VNC
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\realvnc\vnc viewer 4\run vnc viewer.lnk Détecter: Trace.File.VNC
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\realvnc\vnc server 4 (service-mode)\configure vnc service.lnk Détecter: Trace.File.VNCServer
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\realvnc\vnc server 4 (service-mode)\register vnc service.lnk Détecter: Trace.File.VNCServer
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\realvnc\vnc server 4 (service-mode)\start vnc service.lnk Détecter: Trace.File.VNCServer
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\realvnc\vnc server 4 (service-mode)\stop vnc service.lnk Détecter: Trace.File.VNCServer
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\realvnc\vnc server 4 (service-mode)\unregister vnc service.lnk Détecter: Trace.File.VNCServer
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\realvnc\vnc server 4 (user-mode)\configure user-mode settings.lnk Détecter: Trace.File.VNCServer
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\realvnc\vnc server 4 (user-mode)\run vnc server.lnk Détecter: Trace.File.VNCServer
    Key: HKEY_CLASSES_ROOT\.vnc Détecter: Trace.Registry.VNC.CommonComponents
    Key: HKEY_CLASSES_ROOT\vnc.connectioninfo Détecter: Trace.Registry.VNC.CommonComponents
    Key: HKEY_CLASSES_ROOT\.vnc Détecter: Trace.Registry.VNC
    Key: HKEY_CLASSES_ROOT\vnc.connectioninfo Détecter: Trace.Registry.VNC
    Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\realvnc_is1 Détecter: Trace.Registry.VNC
    Key: HKEY_LOCAL_MACHINE\software\realvnc Détecter: Trace.Registry.VNC
    Key: HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\application\winvnc4 Détecter: Trace.Registry.VNC
    Key: HKEY_LOCAL_MACHINE\system\currentcontrolset\services\winvnc4 Détecter: Trace.Registry.VNC
    Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\realvnc_is1 Détecter: Trace.Registry.VNCServer
    Key: HKEY_LOCAL_MACHINE\software\realvnc\winvnc4 Détecter: Trace.Registry.VNCServer
    Key: HKEY_CURRENT_USER\software\realvnc\vncviewer4 Détecter: Trace.Registry.VNCViewer
    Value: HKEY_CURRENT_USER\software\realvnc\vncviewer4 --> dummy Détecter: Trace.Registry.VNCViewer
    Value: HKEY_LOCAL_MACHINE\software\realvnc\winvnc4 --> dummy Détecter: Trace.Registry.VNCViewer
    C:\Documents and Settings\jm.navarro\Cookies\jm.navarro@247realmedia[1].txt Détecter: Trace.TrackingCookie
    C:\Documents and Settings\jm.navarro\Cookies\jm.navarro@247realmedia[2].txt Détecter: Trace.TrackingCookie
    C:\WINDOWS\system32\kncyuedi.dll Détecter: Trojan-Spy.Win32.VBStat.j
    C:\WINDOWS\Temp\winD02.tmp.exe Détecter: Heuristic.Dialer
    C:\WINDOWS\Temp\winD2A.tmp.exe Détecter: Heuristic.Dialer
    C:\WINDOWS\Temp\winD31.tmp.exe Détecter: Heuristic.Dialer

    Scanné

    Fichiers: 11494
    Traces: 93461
    Cookies: 15
    Processus: 49

    Trouver

    Fichiers: 4
    Traces: 26
    Cookies: 2
    Processus: 0
    Clés de Registre: 0

    Fin du Scan: 09/01/2007 17:48:47
    Temps du Scan: 00:09:31
    0
  4. loupdulac Messages postés 21 Statut Membre
     
    et voici la suite du scan faite par

    a-squared Anti-Dialer 2.1

    Début du scan: 09/01/2007 17:57:11

    C:\Documents and Settings\jm.navarro\Local Settings\Temporary Internet Files\Content.IE5\TAT7QZK5\srvucc[1].exe Détecté: Dialer Possible
    C:\WINDOWS\Temp\winD02.tmp.exe Détecté: Dialer Possible
    C:\WINDOWS\Temp\winD2A.tmp.exe Détecté: Dialer Possible
    C:\WINDOWS\Temp\winD31.tmp.exe Détecté: Dialer Possible

    Fichiers: 4

    Fin du scan: 09/01/2007 18:15:37
    Temps du scan: 00:18:26
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. loupdulac Messages postés 21 Statut Membre
     
    Logfile of HijackThis v1.99.1
    Scan saved at 22:31:17, on 09/01/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
    C:\WINDOWS\System32\QCONSVC.EXE
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\tp4serv.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
    C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\IBMTOOLS\UTILS\ibmprc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Wanadoo\GestionnaireInternet.exe
    C:\Program Files\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\Program Files\Wanadoo\Watch.exe
    C:\Documents and Settings\jm.navarro\Bureau\Scanner.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.broadcom.com/support/security-center
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {B1F00B0D-CBEA-CB39-BB4B-976C2468019C} - (no file)
    R3 - URLSearchHook: (no name) - {56AF4389-DC3C-DDEA-6F86-8BAD780DE496} - (no file)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O2 - BHO: (no name) - {0315EF6B-78DD-780E-8978-74129333B591} - (disabled by BHODemon)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {06CA2BD6-4DCA-474B-9975-5F6E6FAE0278} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {56AF4389-DC3C-DDEA-6F86-8BAD780DE496} - (no file)
    O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\byknaxoq.dll (disabled by BHODemon)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: (no name) - {B1F00B0D-CBEA-CB39-BB4B-976C2468019C} - (no file)
    O2 - BHO: (no name) - {B4A062B6-F310-475C-9483-FABA4F8300BF} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
    O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
    O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
    O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
    O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
    O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\jyrhimfq.dll",setvm
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Program Files\a-squared Anti-Dialer\a2adguard.exe"
    O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {204D07F5-A3D9-4872-9A11-C750A5B52163} (PreloadX Class) - https://www.e-col.com/livelinksupport/brava/PreloadX.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://voltigeurdesmots.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} (Java Plug-in) -
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - http://chat.msn.com/controls/msnchat45.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{16FE74EB-B057-4824-92A4-7BCC8F27E985}: NameServer = 80.10.246.1 80.10.246.132
    O17 - HKLM\System\CS4\Services\Tcpip\..\{16FE74EB-B057-4824-92A4-7BCC8F27E985}: NameServer = 80.10.246.1 80.10.246.132
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: awtrq - C:\WINDOWS\
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
    O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
    O20 - Winlogon Notify: urqrqnn - urqrqnn.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winxoo32 - winxoo32.dll (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - (no file)
    O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
    0
  7. yenamarre
     
    Bonjour,
    voila j'ai une saloperie de virus sur mon pc qui se prénomme adware.purytiscan et axkugl.dll
    s'il vous plait aidez moi
    je n'y connais absolument rien en informatique
    HELP......
    MERCI
    0