Virus sur google
Résolu/Fermé
A voir également:
- Virus sur google
- Google maps satellite - Guide
- Dns google - Guide
- Google maps - Guide
- Google - Guide
- Google earth - Télécharger - 3D
12 réponses
Utilisateur anonyme
17 avril 2007 à 22:15
17 avril 2007 à 22:15
:-)
Télécharge HijackThis :
---> fichiers/hijackthis.zip
Installe le dans son propre dossier :
- clic droit sur le bureau, tu choisis "nouveau dossier" puis installe-le à l'intérieur.
Fais un clic droit sur Hijackthis, choisis "renommer" puis marque ceci : abcde.exe
Double-clic sur HijackThis. Clic sur "I Accept" puis clic sur "do a system scan and save logfile"
Puis copie et colle ici le rapport qu'il va te générer.
Démo pour HijackThis si besoin :
http://pageperso.aol.fr/balltrap34/demohijack.htm
Télécharge HijackThis :
---> fichiers/hijackthis.zip
Installe le dans son propre dossier :
- clic droit sur le bureau, tu choisis "nouveau dossier" puis installe-le à l'intérieur.
Fais un clic droit sur Hijackthis, choisis "renommer" puis marque ceci : abcde.exe
Double-clic sur HijackThis. Clic sur "I Accept" puis clic sur "do a system scan and save logfile"
Puis copie et colle ici le rapport qu'il va te générer.
Démo pour HijackThis si besoin :
http://pageperso.aol.fr/balltrap34/demohijack.htm
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:59:39, on 17/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\thierry\Bureau\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Ille Point Net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IE SecPlugin - {F5BDC469-1EC5-4193-824B-2E209993D183} - C:\WINDOWS\SYSTEM32\bhoSearchSpy.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2526.dll
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXELogfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:59:39, on 17/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\thierry\Bureau\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Ille Point Net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IE SecPlugin - {F5BDC469-1EC5-4193-824B-2E209993D183} - C:\WINDOWS\SYSTEM32\bhoSearchSpy.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2526.dll
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Global Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{56684DC9-7958-4701-B1D3-B95055CD529D}: NameServer = 80.10.246.1 80.10.246.132
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
Scan saved at 20:59:39, on 17/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\thierry\Bureau\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Ille Point Net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IE SecPlugin - {F5BDC469-1EC5-4193-824B-2E209993D183} - C:\WINDOWS\SYSTEM32\bhoSearchSpy.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2526.dll
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXELogfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:59:39, on 17/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\thierry\Bureau\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Ille Point Net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IE SecPlugin - {F5BDC469-1EC5-4193-824B-2E209993D183} - C:\WINDOWS\SYSTEM32\bhoSearchSpy.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2526.dll
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Global Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{56684DC9-7958-4701-B1D3-B95055CD529D}: NameServer = 80.10.246.1 80.10.246.132
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
Utilisateur anonyme
18 avril 2007 à 00:07
18 avril 2007 à 00:07
Oula, y'en a beaucoup :-D
Télécharge SmitfraudFix et enregistre le sur le bureau. Si ton anti-virus t'alerte d'un virus, désactive-le.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Redémarre le PC en mode sans échec : tu tapotes sur la touche F8 de ton clavier (ou F5 ) dès le démarrage et tu choisis le mode sans échec)
- Ouvre le dossier "SmitfraudFix" et double clique sur "Smitfraudfix.cmd", choisit l 'option 2 et tu réponds oui à tout.
Enregistre le rapport puis Copie/colle le rapport sur le forum stp.
¤ Désactive le pare-feu de Windows(SP2) il ne sert à rien puis installe celui ci pour plus de sécurité
Kerio (pare-feu) : reste gratuit après la période d'essai en français
----> http://www.infos-du-net.com/telecharger/Firewall-Kerio-Personal,0301-390.html
Regarde ce tutoriel si tu as besoin d'aide pour l'installation et la configuration de Kerio
--> http://kerio.probb.fr/Systemesd-exploitation-c1/Logiciels-et-tutoriels-gratuits-tries-par-categorie-f6/Tutoriel-pour-Kerio-4-version-gratuite-t201.htm
Plus d'info :
->https://kerio.probb.fr/
¤ Télécharge et installe AVG anti-spyware : mets le à jour
Tu fais un scan complet de ton système, dès qu'il a fini.
Si il te trouve des espions,supprime les. Enregistre le rapport et colle le ici stp
AVG anti-spyware : reste gratuit après la période d'essai en français
---->http://www.infos-du-net.com/telecharger/Anti-Spyware-AVG,0301-7063.html
Si tu as besoin d'aide avec Ewido(devenu AVG-antispyware) regarde ce tutoriel:
--> http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html
A++
Télécharge SmitfraudFix et enregistre le sur le bureau. Si ton anti-virus t'alerte d'un virus, désactive-le.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Redémarre le PC en mode sans échec : tu tapotes sur la touche F8 de ton clavier (ou F5 ) dès le démarrage et tu choisis le mode sans échec)
- Ouvre le dossier "SmitfraudFix" et double clique sur "Smitfraudfix.cmd", choisit l 'option 2 et tu réponds oui à tout.
Enregistre le rapport puis Copie/colle le rapport sur le forum stp.
¤ Désactive le pare-feu de Windows(SP2) il ne sert à rien puis installe celui ci pour plus de sécurité
Kerio (pare-feu) : reste gratuit après la période d'essai en français
----> http://www.infos-du-net.com/telecharger/Firewall-Kerio-Personal,0301-390.html
Regarde ce tutoriel si tu as besoin d'aide pour l'installation et la configuration de Kerio
--> http://kerio.probb.fr/Systemesd-exploitation-c1/Logiciels-et-tutoriels-gratuits-tries-par-categorie-f6/Tutoriel-pour-Kerio-4-version-gratuite-t201.htm
Plus d'info :
->https://kerio.probb.fr/
¤ Télécharge et installe AVG anti-spyware : mets le à jour
Tu fais un scan complet de ton système, dès qu'il a fini.
Si il te trouve des espions,supprime les. Enregistre le rapport et colle le ici stp
AVG anti-spyware : reste gratuit après la période d'essai en français
---->http://www.infos-du-net.com/telecharger/Anti-Spyware-AVG,0301-7063.html
Si tu as besoin d'aide avec Ewido(devenu AVG-antispyware) regarde ce tutoriel:
--> http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html
A++
bojour
je me perd un peu dans l'utlisation deu forum mais bon en fait c'est plus simple que je l'imaginais.Bref j'ai suivis toutes vos instructions.voici les SmitFraudFix v2.170
Rapport fait à 19:22:09,51, 18/04/2007
Executé à partir de C:\Documents and Settings\thierry\Bureau\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est FAT32
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
C:\WINDOWS\system32\bhoSearchSpy.dll supprimé
C:\DOCUME~1\thierry\Bureau\Registry Cleaner.lnk supprimé
»»»»»»»»»»»»»»»»»»»»»»»» DNS
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
rapports
je me perd un peu dans l'utlisation deu forum mais bon en fait c'est plus simple que je l'imaginais.Bref j'ai suivis toutes vos instructions.voici les SmitFraudFix v2.170
Rapport fait à 19:22:09,51, 18/04/2007
Executé à partir de C:\Documents and Settings\thierry\Bureau\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est FAT32
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
C:\WINDOWS\system32\bhoSearchSpy.dll supprimé
C:\DOCUME~1\thierry\Bureau\Registry Cleaner.lnk supprimé
»»»»»»»»»»»»»»»»»»»»»»»» DNS
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
rapports
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 22:23:03 18/04/2007
+ Résultat de l'analyse:
C:\Program Files\DashBar -> Adware.Claria : Ignoré.
C:\Program Files\Save -> Adware.SaveNow : Ignoré.
C:\Program Files\Save\ReadMe.txt -> Adware.SaveNow : Ignoré.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Ignoré.
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Ignoré.
C:\Program Files\MP3-NAPSTER\MP3-NAPSTER.exe -> Dialer.Generic : Ignoré.
C:\WINDOWS\SYSTEM32\HotTVPlayer.dll -> Not-A-Virus.PornDownloader.Win32.HotTV.a : Ignoré.
C:\Documents and Settings\thierry\Cookies\thierry@247realmedia[1].txt -> TrackingCookie.247realmedia : Ignoré.
C:\Documents and Settings\thierry\Cookies\thierry@2o7[2].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\thierry\Cookies\thierry@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\thierry\Cookies\thierry@opodo.122.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\thierry\Cookies\thierry@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Ignoré.
C:\Documents and Settings\thierry\Cookies\thierry@adtech[2].txt -> TrackingCookie.Adtech : Ignoré.
C:\Documents and Settings\thierry\Cookies\thierry@estat[1].txt -> TrackingCookie.Estat : Ignoré.
C:\Documents and Settings\thierry\Cookies\thierry@overture[1].txt -> TrackingCookie.Overture : Ignoré.
C:\Documents and Settings\thierry\Cookies\thierry@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Ignoré.
C:\Documents and Settings\thierry\Cookies\thierry@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Ignoré.
C:\Documents and Settings\thierry\Cookies\thierry@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignoré.
C:\Documents and Settings\thierry\Cookies\thierry@serving-sys[2].txt -> TrackingCookie.Serving-sys : Ignoré.
C:\Documents and Settings\thierry\Cookies\thierry@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Ignoré.
C:\Documents and Settings\thierry\Cookies\thierry@spylog[2].txt -> TrackingCookie.Spylog : Ignoré.
C:\Documents and Settings\thierry\Cookies\thierry@toplist[1].txt -> TrackingCookie.Toplist : Ignoré.
C:\Documents and Settings\thierry\Cookies\thierry@weborama[1].txt -> TrackingCookie.Weborama : Ignoré.
Fin du rapport
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 22:23:03 18/04/2007
+ Résultat de l'analyse:
C:\Program Files\DashBar -> Adware.Claria : Ignoré.
C:\Program Files\Save -> Adware.SaveNow : Ignoré.
C:\Program Files\Save\ReadMe.txt -> Adware.SaveNow : Ignoré.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Ignoré.
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Ignoré.
C:\Program Files\MP3-NAPSTER\MP3-NAPSTER.exe -> Dialer.Generic : Ignoré.
C:\WINDOWS\SYSTEM32\HotTVPlayer.dll -> Not-A-Virus.PornDownloader.Win32.HotTV.a : Ignoré.
C:\Documents and Settings\thierry\Cookies\thierry@247realmedia[1].txt -> TrackingCookie.247realmedia : Ignoré.
C:\Documents and Settings\thierry\Cookies\thierry@2o7[2].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\thierry\Cookies\thierry@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\thierry\Cookies\thierry@opodo.122.2o7[1].txt -> TrackingCookie.2o7 : Ignoré.
C:\Documents and Settings\thierry\Cookies\thierry@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Ignoré.
C:\Documents and Settings\thierry\Cookies\thierry@adtech[2].txt -> TrackingCookie.Adtech : Ignoré.
C:\Documents and Settings\thierry\Cookies\thierry@estat[1].txt -> TrackingCookie.Estat : Ignoré.
C:\Documents and Settings\thierry\Cookies\thierry@overture[1].txt -> TrackingCookie.Overture : Ignoré.
C:\Documents and Settings\thierry\Cookies\thierry@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Ignoré.
C:\Documents and Settings\thierry\Cookies\thierry@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Ignoré.
C:\Documents and Settings\thierry\Cookies\thierry@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignoré.
C:\Documents and Settings\thierry\Cookies\thierry@serving-sys[2].txt -> TrackingCookie.Serving-sys : Ignoré.
C:\Documents and Settings\thierry\Cookies\thierry@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Ignoré.
C:\Documents and Settings\thierry\Cookies\thierry@spylog[2].txt -> TrackingCookie.Spylog : Ignoré.
C:\Documents and Settings\thierry\Cookies\thierry@toplist[1].txt -> TrackingCookie.Toplist : Ignoré.
C:\Documents and Settings\thierry\Cookies\thierry@weborama[1].txt -> TrackingCookie.Weborama : Ignoré.
Fin du rapport
bonsoir
j'ai supprimé tous les problemes du scan AVG .Je ne peux toujours pas me connectr sur mon racourci Google j'arrive parfois à me connecter avec Copernic.Sunbelt kerio affiche systematiquement tentative d'intrusion C:/windows/System32/xcgylg.exe(new line).adresse de l'injection Ox00180000.souvernt j'ai une page blanche qui s'affiche avec Ad blocked here by KPF
je n'arrive pas a consulter le tutorial de Sunbelt/Kerio
Bref je patauge......
que pensez vous de tout ça ?
merci de votre réponse.
j'ai supprimé tous les problemes du scan AVG .Je ne peux toujours pas me connectr sur mon racourci Google j'arrive parfois à me connecter avec Copernic.Sunbelt kerio affiche systematiquement tentative d'intrusion C:/windows/System32/xcgylg.exe(new line).adresse de l'injection Ox00180000.souvernt j'ai une page blanche qui s'affiche avec Ad blocked here by KPF
je n'arrive pas a consulter le tutorial de Sunbelt/Kerio
Bref je patauge......
que pensez vous de tout ça ?
merci de votre réponse.
Utilisateur anonyme
19 avril 2007 à 23:32
19 avril 2007 à 23:32
Clic sur démarrer, rechercher, cherche et supprime :
- xcgylg.exe
**Si un fichier/dossier persiste lors de la suppression fait ceci:
- Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..
Puis va supprimer les fichiers/dossiers, vide ta corbeille et redémarre ton PC normalement.
¤ Télécharge ComboScan sur ton Bureau.
---> http://www.techsupportforum.com/sectools/Deckard/comboscan.exe
Ferme toutes les applications en cours ; antivirus, pare-feu, etc ..
Double-clic sur comboscan.exe A la fenêtre qui s'affiche, clic sur OK.
Soit patient ..
Le rapport Comboscan.txt s'affichera, copie et colle le contenu de ce fichier ici.
- xcgylg.exe
**Si un fichier/dossier persiste lors de la suppression fait ceci:
- Redémarre ton PC. Dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaître choisis "mode sans echec" attends un peu..
Puis va supprimer les fichiers/dossiers, vide ta corbeille et redémarre ton PC normalement.
¤ Télécharge ComboScan sur ton Bureau.
---> http://www.techsupportforum.com/sectools/Deckard/comboscan.exe
Ferme toutes les applications en cours ; antivirus, pare-feu, etc ..
Double-clic sur comboscan.exe A la fenêtre qui s'affiche, clic sur OK.
Soit patient ..
Le rapport Comboscan.txt s'affichera, copie et colle le contenu de ce fichier ici.
bonsoir
j'ai retrouvé Google l'adresse avait été modifiée sur le raccourci internet explorer,j'ai reussi a éjécter xcgylg grace au mode sans echec.ouf ! dois-je télécharger ComboScan comme vous me l'avez indiqué ?beaucoup de choses ont été résolues grace à vos conseils. Encore merci.
j'ai retrouvé Google l'adresse avait été modifiée sur le raccourci internet explorer,j'ai reussi a éjécter xcgylg grace au mode sans echec.ouf ! dois-je télécharger ComboScan comme vous me l'avez indiqué ?beaucoup de choses ont été résolues grace à vos conseils. Encore merci.
bonComboScan v20070306.20 run by thierry on 2007-04-21 at 13:02:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created ComboScan Restore Point.
-- Last 2 Restore Point(s) --
2: 2007-04-21 11:02:27 UTC - RP2 - ComboScan Restore Point
1: 2007-04-20 10:55:19 UTC - RP1 - Point de vérification système
Performed disk cleanup.
-- HijackThis (run as thierry.exe) ---------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 13:04:45, on 21/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Copernic Desktop Search 2\DesktopSearch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\thierry\Bureau\comboscan.exe
C:\PROGRA~1\HIJACK~2\thierry.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Ille Point Net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2526.dll
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [xcgylg] c:\windows\system32\xcgylg.exe xcgylg
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Global Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{56684DC9-7958-4701-B1D3-B95055CD529D}: NameServer = 80.10.246.130 80.10.246.3
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
-- File Associations -----------------------------------------------------------
.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
1R Aavmker4 (avast! Asynchronous Virus Monitor) - C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys
2S ADILOADER (General Purpose USB Driver (adildr.sys)) - C:\WINDOWS\SYSTEM32\DRIVERS\adildr.sys
3R adiusbaw (USB ADSL WAN Adapter) - C:\WINDOWS\SYSTEM32\DRIVERS\adiusbaw.sys
1R AmdK7 (Pilote de processeur AMD K7) - C:\WINDOWS\SYSTEM32\DRIVERS\amdk7.sys
3R AN983 (Carte Fast Ethernet 10/100 Mbps ADMtek AN983/AN985/ADM951X) - C:\WINDOWS\SYSTEM32\DRIVERS\an983.sys
2R aswMon2 (avast! Standard Shield Support) - C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys
3R aswRdr - C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys
1R aswTdi (avast! Network Shield Support) - C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys
3R ati2mtag - C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys
1R AVG Anti-Spyware Driver - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1R AvgAsCln (AVG Anti-Spyware Clean Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\SYSTEM32\DRIVERS\ccdecode.sys
1R fwdrv (Firewall Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\fwdrv.sys
3R GEARAspiWDM - C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys
3S HPZid412 (IEEE-1284.4 Driver HPZid412) - C:\WINDOWS\SYSTEM32\DRIVERS\hpzid412.sys
3S HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - C:\WINDOWS\SYSTEM32\DRIVERS\HPZipr12.sys
3S HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - C:\WINDOWS\SYSTEM32\DRIVERS\HPZius12.sys
1R khips (Kerio HIPS Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\khips.sys
3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\SYSTEM32\DRIVERS\mstee.sys
3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\SYSTEM32\DRIVERS\nabtsfec.sys
3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\SYSTEM32\DRIVERS\ndisip.sys
3R P0630VID (Creative WebCam Live!) - C:\WINDOWS\SYSTEM32\DRIVERS\P0630Vid.sys
3S Pcouffin (Low level access layer for CD devices) - C:\WINDOWS\system32\Drivers\Pcouffin.sys (not found)
3R pfc (Padus ASPI Shell) - C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys
3R Ptserlp (PCTEL Serial Device Driver for PCI) - C:\WINDOWS\SYSTEM32\DRIVERS\ptserlp.sys
0R PxHelp20 - C:\WINDOWS\SYSTEM32\DRIVERS\pxhelp20.sys
3S QCDonner (Labtec WebCam(PID_0840)) - C:\WINDOWS\SYSTEM32\DRIVERS\lvcd.sys
3S SE2Ebus (Sony Ericsson Device 046 Driver driver (WDM)) - C:\WINDOWS\SYSTEM32\DRIVERS\SE2Ebus.sys
3S SE2Emdfl (Sony Ericsson Device 046 USB WMC Modem Filter) - C:\WINDOWS\SYSTEM32\DRIVERS\SE2Emdfl.sys
3S SE2Emdm (Sony Ericsson Device 046 USB WMC Modem Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\SE2Emdm.sys
3S SE2Emgmt (Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM)) - C:\WINDOWS\SYSTEM32\DRIVERS\SE2Emgmt.sys
3S se2End5 (Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS)) - C:\WINDOWS\SYSTEM32\DRIVERS\se2End5.sys
3S SE2Eobex (Sony Ericsson Device 046 USB WMC OBEX Interface) - C:\WINDOWS\SYSTEM32\DRIVERS\SE2Eobex.sys
3S se2Eunic (Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM)) - C:\WINDOWS\SYSTEM32\DRIVERS\se2Eunic.sys
3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\SYSTEM32\DRIVERS\slip.sys
3S streamip (BDA IPSink) - C:\WINDOWS\SYSTEM32\DRIVERS\streamip.sys
1R UdfReadr - C:\WINDOWS\SYSTEM32\DRIVERS\udfreadr.sys
3S usbccgp (Pilote parent générique USB Microsoft) - C:\WINDOWS\SYSTEM32\DRIVERS\usbccgp.sys
3R usbehci (Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft) - C:\WINDOWS\SYSTEM32\DRIVERS\usbehci.sys
3S usbprint (Classe d'imprimantes USB Microsoft) - C:\WINDOWS\SYSTEM32\DRIVERS\usbprint.sys
3S usbscan (Pilote de scanneur USB) - C:\WINDOWS\SYSTEM32\DRIVERS\usbscan.sys
3S USBSTOR (Pilote de stockage de masse USB) - C:\WINDOWS\SYSTEM32\DRIVERS\usbstor.sys
0R viaagp (Filtre de bus AGP VIA) - C:\WINDOWS\SYSTEM32\DRIVERS\viaagp.sys
0R viaagp1 (VIA AGP Filter) - C:\WINDOWS\SYSTEM32\DRIVERS\VIAAGP1.SYS
3R VIAudio (Contrôleur audio VIA AC'97 (WDM)) - C:\WINDOWS\SYSTEM32\DRIVERS\ac97via.sys
0R Vmodem (XP Vmodem) - C:\WINDOWS\SYSTEM32\DRIVERS\vmodem.sys
0R Vpctcom (XP Vpctcom) - C:\WINDOWS\SYSTEM32\DRIVERS\vpctcom.sys
3R vulfnths (VIA USB Host Controller Lower Filter) - C:\WINDOWS\SYSTEM32\DRIVERS\vulfnth.sys
3R vulfntrs (VIA USB Roothub Lower Filter) - C:\WINDOWS\SYSTEM32\DRIVERS\vulfntr.sys
0R Vvoice (XP Vvoice) - C:\WINDOWS\SYSTEM32\DRIVERS\vvoice.sys
3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\SYSTEM32\DRIVERS\wstcodec.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
3S aspnet_state (Service d'état ASP.NET) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2R aswUpdSv (avast! iAVS4 Control Service) - "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
2R avast! Antivirus - "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
3R avast! Mail Scanner - "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
3R avast! Web Scanner - "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
2R AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"
3S iPodService - C:\Program Files\iPod\bin\iPodService.exe
2R KPF4 (Sunbelt Kerio Personal Firewall 4) - "C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"
2R Pctspk (PCTEL Speaker Phone) - C:\WINDOWS\system32\pctspk.exe
3S Pml Driver HPZ12 - C:\WINDOWS\System32\HPZipm12.exe
2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe
-- Scheduled Tasks -------------------------------------------------------------
2007-04-20 22:24:02 394 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1075325006.job<FRUTAS~1.JOB>
2007-04-20 17:15:04 412 --a------ C:\WINDOWS\Tasks\Maintenance en 1 clic.job<MAINTE~1.JOB>
-- Files created between 2007-03-21 and 2007-04-21 -----------------------------
2007-04-18 20:58:11 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-18 20:58:06 0 d-------- C:\Program Files\Grisoft
2007-04-18 20:13:48 0 d-------- C:\Program Files\Sunbelt Software<SUNBEL~1>
2007-04-18 19:21:26 79360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-04-18 19:21:26 40960 --a------ C:\WINDOWS\system32\swsc.exe
2007-04-18 19:21:26 135168 --a------ C:\WINDOWS\system32\swreg.exe
2007-04-18 19:21:26 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-04-18 19:21:26 53248 --a------ C:\WINDOWS\system32\Process.exe
2007-04-18 19:21:26 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-04-12 13:16:48 0 d-------- C:\Program Files\Copernic Desktop Search 2<COPERN~2>
2007-04-11 21:19:40 673610 --a------ C:\WINDOWS\unins000.exe
2007-04-11 21:19:40 1345 --a------ C:\WINDOWS\unins000.dat
2007-04-04 13:36:44 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
2007-04-04 13:36:38 0 d-------- C:\1b64e43b3df43e2893d7af08<1B64E4~1>
2007-04-04 13:19:18 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard<WISEIN~1>
2007-04-03 22:50:57 18704 -ra------ C:\WINDOWS\system32\drivers\se2End5.sys
2007-04-03 22:50:43 90800 -ra------ C:\WINDOWS\system32\drivers\se2Eunic.sys
2007-04-03 22:50:43 4128 -ra------ C:\WINDOWS\system32\drivers\se2Ecr.sys
2007-04-03 22:50:42 88688 -ra------ C:\WINDOWS\system32\drivers\SE2Emgmt.sys
2007-04-03 22:50:38 86560 -ra------ C:\WINDOWS\system32\drivers\SE2Eobex.sys
2007-04-03 22:50:27 97184 -ra------ C:\WINDOWS\system32\drivers\SE2Emdm.sys
2007-04-03 22:50:27 9360 -ra------ C:\WINDOWS\system32\drivers\SE2Emdfl.sys
2007-04-03 22:50:27 6240 -ra------ C:\WINDOWS\system32\drivers\SE2Ecmnt.sys
2007-04-03 22:50:27 6240 -ra------ C:\WINDOWS\system32\drivers\SE2Ecm.sys
2007-04-03 22:50:23 5872 -ra------ C:\WINDOWS\system32\drivers\SE2Ewhnt.sys
2007-04-03 22:50:23 5872 -ra------ C:\WINDOWS\system32\drivers\SE2Ewh.sys
2007-04-03 22:50:23 61600 -ra------ C:\WINDOWS\system32\drivers\SE2Ebus.sys
2007-04-03 22:49:22 0 d-------- C:\Documents and Settings\thierry\Application Data\Teleca
2007-04-03 22:48:10 0 d-------- C:\Documents and Settings\thierry\Application Data\Sony Ericsson<SONYER~1>
2007-04-03 22:44:40 0 d-------- C:\WINDOWS\system32\DRVSTORE
2007-04-03 22:41:08 0 d-------- C:\Program Files\Disc2Phone<DISC2P~1>
-- Find3M Report ---------------------------------------------------------------
2007-04-18 19:22:18 2094 --a------ C:\WINDOWS\system32\tmp.reg
2007-04-14 09:42:44 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-04-10 13:18:32 712832 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-03-17 15:44:48 293376 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-08 17:37:50 578560 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 17:37:50 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:37:50 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:33:58 1843712 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-05 22:19:06 185344 --a------ C:\WINDOWS\system32\upnphost.dll
2007-01-29 09:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
-- Registry Dump ---------------------------------------------------------------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"pdfSaver3"="\"C:\\Program Files\\Tracker Software\\PDF-XChange 3\\pdfSaver\\pdfSaver3.exe\""
"SweetIM"="C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe"
"Copernic Desktop Search 2"="\"C:\\Program Files\\Copernic Desktop Search 2\\DesktopSearchService.exe\" /tray"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"LVCOMS"="C:\\Program Files\\Fichiers communs\\Logitech\\QCDriver\\LVCOMS.EXE"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"Creative WebCam Tray"="C:\\Program Files\\Creative\\Shared Files\\CAMTRAY.EXE"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"xcgylg"="c:\\windows\\system32\\xcgylg.exe xcgylg"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\control panel\load]
"forwas"=hex:15,26,db,fb,69
"kylog"=hex:43,6e,6a,7d,75,77,50,1c,04,38,17,09,ff,da,ad,95,69,4e,2a
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
ComboScan v20070306.20 run by thierry on 2007-04-21 at 13:02:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created ComboScan Restore Point.
-- Last 2 Restore Point(s) --
2: 2007-04-21 11:02:27 UTC - RP2 - ComboScan Restore Point
1: 2007-04-20 10:55:19 UTC - RP1 - Point de vérification système
Performed disk cleanup.
-- HijackThis (run as thierry.exe) ---------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 13:04:45, on 21/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Copernic Desktop Search 2\DesktopSearch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\thierry\Bureau\comboscan.exe
C:\PROGRA~1\HIJACK~2\thierry.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Ille Point Net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2526.dll
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [xcgylg] c:\windows\system32\xcgylg.exe xcgylg
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Global Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{56684DC9-7958-4701-B1D3-B95055CD529D}: NameServer = 80.10.246.130 80.10.246.3
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
-- File Associations -----------------------------------------------------------
.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
1R Aavmker4 (avast! Asynchronous Virus Monitor) - C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys
2S ADILOADER (General Purpose USB Driver (adildr.sys)) - C:\WINDOWS\SYSTEM32\DRIVERS\adildr.sys
3R adiusbaw (USB ADSL WAN Adapter) - C:\WINDOWS\SYSTEM32\DRIVERS\adiusbaw.sys
1R AmdK7 (Pilote de processeur AMD K7) - C:\WINDOWS\SYSTEM32\DRIVERS\amdk7.sys
3R AN983 (Carte Fast Ethernet 10/100 Mbps ADMtek AN983/AN985/ADM951X) - C:\WINDOWS\SYSTEM32\DRIVERS\an983.sys
2R aswMon2 (avast! Standard Shield Support) - C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys
3R aswRdr - C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys
1R aswTdi (avast! Network Shield Support) - C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys
3R ati2mtag - C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys
1R AVG Anti-Spyware Driver - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1R AvgAsCln (AVG Anti-Spyware Clean Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\SYSTEM32\DRIVERS\ccdecode.sys
1R fwdrv (Firewall Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\fwdrv.sys
3R GEARAspiWDM - C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys
3S HPZid412 (IEEE-1284.4 Driver HPZid412) - C:\WINDOWS\SYSTEM32\DRIVERS\hpzid412.sys
3S HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - C:\WINDOWS\SYSTEM32\DRIVERS\HPZipr12.sys
3S HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - C:\WINDOWS\SYSTEM32\DRIVERS\HPZius12.sys
1R khips (Kerio HIPS Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\khips.sys
3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\SYSTEM32\DRIVERS\mstee.sys
3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\SYSTEM32\DRIVERS\nabtsfec.sys
3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\SYSTEM32\DRIVERS\ndisip.sys
3R P0630VID (Creative WebCam Live!) - C:\WINDOWS\SYSTEM32\DRIVERS\P0630Vid.sys
3S Pcouffin (Low level access layer for CD devices) - C:\WINDOWS\system32\Drivers\Pcouffin.sys (not found)
3R pfc (Padus ASPI Shell) - C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys
3R Ptserlp (PCTEL Serial Device Driver for PCI) - C:\WINDOWS\SYSTEM32\DRIVERS\ptserlp.sys
0R PxHelp20 - C:\WINDOWS\SYSTEM32\DRIVERS\pxhelp20.sys
3S QCDonner (Labtec WebCam(PID_0840)) - C:\WINDOWS\SYSTEM32\DRIVERS\lvcd.sys
3S SE2Ebus (Sony Ericsson Device 046 Driver driver (WDM)) - C:\WINDOWS\SYSTEM32\DRIVERS\SE2Ebus.sys
3S SE2Emdfl (Sony Ericsson Device 046 USB WMC Modem Filter) - C:\WINDOWS\SYSTEM32\DRIVERS\SE2Emdfl.sys
3S SE2Emdm (Sony Ericsson Device 046 USB WMC Modem Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\SE2Emdm.sys
3S SE2Emgmt (Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM)) - C:\WINDOWS\SYSTEM32\DRIVERS\SE2Emgmt.sys
3S se2End5 (Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS)) - C:\WINDOWS\SYSTEM32\DRIVERS\se2End5.sys
3S SE2Eobex (Sony Ericsson Device 046 USB WMC OBEX Interface) - C:\WINDOWS\SYSTEM32\DRIVERS\SE2Eobex.sys
3S se2Eunic (Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM)) - C:\WINDOWS\SYSTEM32\DRIVERS\se2Eunic.sys
3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\SYSTEM32\DRIVERS\slip.sys
3S streamip (BDA IPSink) - C:\WINDOWS\SYSTEM32\DRIVERS\streamip.sys
1R UdfReadr - C:\WINDOWS\SYSTEM32\DRIVERS\udfreadr.sys
3S usbccgp (Pilote parent générique USB Microsoft) - C:\WINDOWS\SYSTEM32\DRIVERS\usbccgp.sys
3R usbehci (Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft) - C:\WINDOWS\SYSTEM32\DRIVERS\usbehci.sys
3S usbprint (Classe d'imprimantes USB Microsoft) - C:\WINDOWS\SYSTEM32\DRIVERS\usbprint.sys
3S usbscan (Pilote de scanneur USB) - C:\WINDOWS\SYSTEM32\DRIVERS\usbscan.sys
3S USBSTOR (Pilote de stockage de masse USB) - C:\WINDOWS\SYSTEM32\DRIVERS\usbstor.sys
0R viaagp (Filtre de bus AGP VIA) - C:\WINDOWS\SYSTEM32\DRIVERS\viaagp.sys
0R viaagp1 (VIA AGP Filter) - C:\WINDOWS\SYSTEM32\DRIVERS\VIAAGP1.SYS
3R VIAudio (Contrôleur audio VIA AC'97 (WDM)) - C:\WINDOWS\SYSTEM32\DRIVERS\ac97via.sys
0R Vmodem (XP Vmodem) - C:\WINDOWS\SYSTEM32\DRIVERS\vmodem.sys
0R Vpctcom (XP Vpctcom) - C:\WINDOWS\SYSTEM32\DRIVERS\vpctcom.sys
3R vulfnths (VIA USB Host Controller Lower Filter) - C:\WINDOWS\SYSTEM32\DRIVERS\vulfnth.sys
3R vulfntrs (VIA USB Roothub Lower Filter) - C:\WINDOWS\SYSTEM32\DRIVERS\vulfntr.sys
0R Vvoice (XP Vvoice) - C:\WINDOWS\SYSTEM32\DRIVERS\vvoice.sys
3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\SYSTEM32\DRIVERS\wstcodec.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
3S aspnet_state (Service d'état ASP.NET) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2R aswUpdSv (avast! iAVS4 Control Service) - "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
2R avast! Antivirus - "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
3R avast! Mail Scanner - "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
3R avast! Web Scanner - "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
2R AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"
3S iPodService - C:\Program Files\iPod\bin\iPodService.exe
2R KPF4 (Sunbelt Kerio Personal Firewall 4) - "C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"
2R Pctspk (PCTEL Speaker Phone) - C:\WINDOWS\system32\pctspk.exe
3S Pml Driver HPZ12 - C:\WINDOWS\System32\HPZipm12.exe
2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe
-- Scheduled Tasks -------------------------------------------------------------
2007-04-20 22:24:02 394 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1075325006.job<FRUTAS~1.JOB>
2007-04-20 17:15:04 412 --a------ C:\WINDOWS\Tasks\Maintenance en 1 clic.job<MAINTE~1.JOB>
-- Files created between 2007-03-21 and 2007-04-21 -----------------------------
2007-04-18 20:58:11 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-18 20:58:06 0 d-------- C:\Program Files\Grisoft
2007-04-18 20:13:48 0 d-------- C:\Program Files\Sunbelt Software<SUNBEL~1>
2007-04-18 19:21:26 79360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-04-18 19:21:26 40960 --a------ C:\WINDOWS\system32\swsc.exe
2007-04-18 19:21:26 135168 --a------ C:\WINDOWS\system32\swreg.exe
2007-04-18 19:21:26 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-04-18 19:21:26 53248 --a------ C:\WINDOWS\system32\Process.exe
2007-04-18 19:21:26 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-04-12 13:16:48 0 d-------- C:\Program Files\Copernic Desktop Search 2<COPERN~2>
2007-04-11 21:19:40 673610 --a------ C:\WINDOWS\unins000.exe
2007-04-11 21:19:40 1345 --a------ C:\WINDOWS\unins000.dat
2007-04-04 13:36:44 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
2007-04-04 13:36:38 0 d-------- C:\1b64e43b3df43e2893d7af08<1B64E4~1>
2007-04-04 13:19:18 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard<WISEIN~1>
2007-04-03 22:50:57 18704 -ra------ C:\WINDOWS\system32\drivers\se2End5.sys
2007-04-03 22:50:43 90800 -ra------ C:\WINDOWS\system32\drivers\se2Eunic.sys
2007-04-03 22:50:43 4128 -ra------ C:\WINDOWS\system32\drivers\se2Ecr.sys
2007-04-03 22:50:42 88688 -ra------ C:\WINDOWS\system32\drivers\SE2Emgmt.sys
2007-04-03 22:50:38 86560 -ra------ C:\WINDOWS\system32\drivers\SE2Eobex.sys
2007-04-03 22:50:27 97184 -ra------ C:\WINDOWS\system32\drivers\SE2Emdm.sys
2007-04-03 22:50:27 9360 -ra------ C:\WINDOWS\system32\drivers\SE2Emdfl.sys
2007-04-03 22:50:27 6240 -ra------ C:\WINDOWS\system32\drivers\SE2Ecmnt.sys
2007-04-03 22:50:27 6240 -ra------ C:\WINDOWS\system32\drivers\SE2Ecm.sys
2007-04-03 22:50:23 5872 -ra------ C:\WINDOWS\system32\drivers\SE2Ewhnt.sys
2007-04-03 22:50:23 5872 -ra------ C:\WINDOWS\system32\drivers\SE2Ewh.sys
2007-04-03 22:50:23 61600 -ra------ C:\WINDOWS\system32\drivers\SE2Ebus.sys
2007-04-03 22:49:22 0 d-------- C:\Documents and Settings\thierry\Application Data\Teleca
2007-04-03 22:48:10 0 d-------- C:\Documents and Settings\thierry\Application Data\Sony Ericsson<SONYER~1>
2007-04-03 22:44:40 0 d-------- C:\WINDOWS\system32\DRVSTORE
2007-04-03 22:41:08 0 d-------- C:\Program Files\Disc2Phone<DISC2P~1>
-- Find3M Report ---------------------------------------------------------------
2007-04-18 19:22:18 2094 --a------ C:\WINDOWS\system32\tmp.reg
2007-04-14 09:42:44 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-04-10 13:18:32 712832 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-03-17 15:44:48 293376 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-08 17:37:50 578560 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 17:37:50 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:37:50 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:33:58 1843712 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-05 22:19:06 185344 --a------ C:\WINDOWS\system32\upnphost.dll
2007-01-29 09:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
-- Registry Dump ---------------------------------------------------------------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"pdfSaver3"="\"C:\\Program Files\\Tracker Software\\PDF-XChange 3\\pdfSaver\\pdfSaver3.exe\""
"SweetIM"="C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe"
"Copernic Desktop Search 2"="\"C:\\Program Files\\Copernic Desktop Search 2\\DesktopSearchService.exe\" /tray"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"LVCOMS"="C:\\Program Files\\Fichiers communs\\Logitech\\QCDriver\\LVCOMS.EXE"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"Creative WebCam Tray"="C:\\Program Files\\Creative\\Shared Files\\CAMTRAY.EXE"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"xcgylg"="c:\\windows\\system32\\xcgylg.exe xcgylg"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\control panel\load]
"forwas"=hex:15,26,db,fb,69
"kylog"=hex:43,6e,6a,7d,75,77,50,1c,04,38,17,09,ff,da,ad,95,69,4e,2a
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
-- End of ComboScan: finished at 2007-04-21 at 13:07:15 ------------------------
-- End of ComboScan: finished at 2007-04-21 at 13:07:15 ------------------------
jour
voila le rapport comboscan .
En attendant votre réponse ,merci
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created ComboScan Restore Point.
-- Last 2 Restore Point(s) --
2: 2007-04-21 11:02:27 UTC - RP2 - ComboScan Restore Point
1: 2007-04-20 10:55:19 UTC - RP1 - Point de vérification système
Performed disk cleanup.
-- HijackThis (run as thierry.exe) ---------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 13:04:45, on 21/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Copernic Desktop Search 2\DesktopSearch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\thierry\Bureau\comboscan.exe
C:\PROGRA~1\HIJACK~2\thierry.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Ille Point Net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2526.dll
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [xcgylg] c:\windows\system32\xcgylg.exe xcgylg
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Global Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{56684DC9-7958-4701-B1D3-B95055CD529D}: NameServer = 80.10.246.130 80.10.246.3
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
-- File Associations -----------------------------------------------------------
.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
1R Aavmker4 (avast! Asynchronous Virus Monitor) - C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys
2S ADILOADER (General Purpose USB Driver (adildr.sys)) - C:\WINDOWS\SYSTEM32\DRIVERS\adildr.sys
3R adiusbaw (USB ADSL WAN Adapter) - C:\WINDOWS\SYSTEM32\DRIVERS\adiusbaw.sys
1R AmdK7 (Pilote de processeur AMD K7) - C:\WINDOWS\SYSTEM32\DRIVERS\amdk7.sys
3R AN983 (Carte Fast Ethernet 10/100 Mbps ADMtek AN983/AN985/ADM951X) - C:\WINDOWS\SYSTEM32\DRIVERS\an983.sys
2R aswMon2 (avast! Standard Shield Support) - C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys
3R aswRdr - C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys
1R aswTdi (avast! Network Shield Support) - C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys
3R ati2mtag - C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys
1R AVG Anti-Spyware Driver - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1R AvgAsCln (AVG Anti-Spyware Clean Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\SYSTEM32\DRIVERS\ccdecode.sys
1R fwdrv (Firewall Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\fwdrv.sys
3R GEARAspiWDM - C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys
3S HPZid412 (IEEE-1284.4 Driver HPZid412) - C:\WINDOWS\SYSTEM32\DRIVERS\hpzid412.sys
3S HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - C:\WINDOWS\SYSTEM32\DRIVERS\HPZipr12.sys
3S HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - C:\WINDOWS\SYSTEM32\DRIVERS\HPZius12.sys
1R khips (Kerio HIPS Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\khips.sys
3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\SYSTEM32\DRIVERS\mstee.sys
3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\SYSTEM32\DRIVERS\nabtsfec.sys
3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\SYSTEM32\DRIVERS\ndisip.sys
3R P0630VID (Creative WebCam Live!) - C:\WINDOWS\SYSTEM32\DRIVERS\P0630Vid.sys
3S Pcouffin (Low level access layer for CD devices) - C:\WINDOWS\system32\Drivers\Pcouffin.sys (not found)
3R pfc (Padus ASPI Shell) - C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys
3R Ptserlp (PCTEL Serial Device Driver for PCI) - C:\WINDOWS\SYSTEM32\DRIVERS\ptserlp.sys
0R PxHelp20 - C:\WINDOWS\SYSTEM32\DRIVERS\pxhelp20.sys
3S QCDonner (Labtec WebCam(PID_0840)) - C:\WINDOWS\SYSTEM32\DRIVERS\lvcd.sys
3S SE2Ebus (Sony Ericsson Device 046 Driver driver (WDM)) - C:\WINDOWS\SYSTEM32\DRIVERS\SE2Ebus.sys
3S SE2Emdfl (Sony Ericsson Device 046 USB WMC Modem Filter) - C:\WINDOWS\SYSTEM32\DRIVERS\SE2Emdfl.sys
3S SE2Emdm (Sony Ericsson Device 046 USB WMC Modem Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\SE2Emdm.sys
3S SE2Emgmt (Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM)) - C:\WINDOWS\SYSTEM32\DRIVERS\SE2Emgmt.sys
3S se2End5 (Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS)) - C:\WINDOWS\SYSTEM32\DRIVERS\se2End5.sys
3S SE2Eobex (Sony Ericsson Device 046 USB WMC OBEX Interface) - C:\WINDOWS\SYSTEM32\DRIVERS\SE2Eobex.sys
3S se2Eunic (Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM)) - C:\WINDOWS\SYSTEM32\DRIVERS\se2Eunic.sys
3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\SYSTEM32\DRIVERS\slip.sys
3S streamip (BDA IPSink) - C:\WINDOWS\SYSTEM32\DRIVERS\streamip.sys
1R UdfReadr - C:\WINDOWS\SYSTEM32\DRIVERS\udfreadr.sys
3S usbccgp (Pilote parent générique USB Microsoft) - C:\WINDOWS\SYSTEM32\DRIVERS\usbccgp.sys
3R usbehci (Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft) - C:\WINDOWS\SYSTEM32\DRIVERS\usbehci.sys
3S usbprint (Classe d'imprimantes USB Microsoft) - C:\WINDOWS\SYSTEM32\DRIVERS\usbprint.sys
3S usbscan (Pilote de scanneur USB) - C:\WINDOWS\SYSTEM32\DRIVERS\usbscan.sys
3S USBSTOR (Pilote de stockage de masse USB) - C:\WINDOWS\SYSTEM32\DRIVERS\usbstor.sys
0R viaagp (Filtre de bus AGP VIA) - C:\WINDOWS\SYSTEM32\DRIVERS\viaagp.sys
0R viaagp1 (VIA AGP Filter) - C:\WINDOWS\SYSTEM32\DRIVERS\VIAAGP1.SYS
3R VIAudio (Contrôleur audio VIA AC'97 (WDM)) - C:\WINDOWS\SYSTEM32\DRIVERS\ac97via.sys
0R Vmodem (XP Vmodem) - C:\WINDOWS\SYSTEM32\DRIVERS\vmodem.sys
0R Vpctcom (XP Vpctcom) - C:\WINDOWS\SYSTEM32\DRIVERS\vpctcom.sys
3R vulfnths (VIA USB Host Controller Lower Filter) - C:\WINDOWS\SYSTEM32\DRIVERS\vulfnth.sys
3R vulfntrs (VIA USB Roothub Lower Filter) - C:\WINDOWS\SYSTEM32\DRIVERS\vulfntr.sys
0R Vvoice (XP Vvoice) - C:\WINDOWS\SYSTEM32\DRIVERS\vvoice.sys
3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\SYSTEM32\DRIVERS\wstcodec.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
3S aspnet_state (Service d'état ASP.NET) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2R aswUpdSv (avast! iAVS4 Control Service) - "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
2R avast! Antivirus - "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
3R avast! Mail Scanner - "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
3R avast! Web Scanner - "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
2R AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"
3S iPodService - C:\Program Files\iPod\bin\iPodService.exe
2R KPF4 (Sunbelt Kerio Personal Firewall 4) - "C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"
2R Pctspk (PCTEL Speaker Phone) - C:\WINDOWS\system32\pctspk.exe
3S Pml Driver HPZ12 - C:\WINDOWS\System32\HPZipm12.exe
2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe
-- Scheduled Tasks -------------------------------------------------------------
2007-04-20 22:24:02 394 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1075325006.job<FRUTAS~1.JOB>
2007-04-20 17:15:04 412 --a------ C:\WINDOWS\Tasks\Maintenance en 1 clic.job<MAINTE~1.JOB>
-- Files created between 2007-03-21 and 2007-04-21 -----------------------------
2007-04-18 20:58:11 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-18 20:58:06 0 d-------- C:\Program Files\Grisoft
2007-04-18 20:13:48 0 d-------- C:\Program Files\Sunbelt Software<SUNBEL~1>
2007-04-18 19:21:26 79360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-04-18 19:21:26 40960 --a------ C:\WINDOWS\system32\swsc.exe
2007-04-18 19:21:26 135168 --a------ C:\WINDOWS\system32\swreg.exe
2007-04-18 19:21:26 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-04-18 19:21:26 53248 --a------ C:\WINDOWS\system32\Process.exe
2007-04-18 19:21:26 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-04-12 13:16:48 0 d-------- C:\Program Files\Copernic Desktop Search 2<COPERN~2>
2007-04-11 21:19:40 673610 --a------ C:\WINDOWS\unins000.exe
2007-04-11 21:19:40 1345 --a------ C:\WINDOWS\unins000.dat
2007-04-04 13:36:44 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
2007-04-04 13:36:38 0 d-------- C:\1b64e43b3df43e2893d7af08<1B64E4~1>
2007-04-04 13:19:18 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard<WISEIN~1>
2007-04-03 22:50:57 18704 -ra------ C:\WINDOWS\system32\drivers\se2End5.sys
2007-04-03 22:50:43 90800 -ra------ C:\WINDOWS\system32\drivers\se2Eunic.sys
2007-04-03 22:50:43 4128 -ra------ C:\WINDOWS\system32\drivers\se2Ecr.sys
2007-04-03 22:50:42 88688 -ra------ C:\WINDOWS\system32\drivers\SE2Emgmt.sys
2007-04-03 22:50:38 86560 -ra------ C:\WINDOWS\system32\drivers\SE2Eobex.sys
2007-04-03 22:50:27 97184 -ra------ C:\WINDOWS\system32\drivers\SE2Emdm.sys
2007-04-03 22:50:27 9360 -ra------ C:\WINDOWS\system32\drivers\SE2Emdfl.sys
2007-04-03 22:50:27 6240 -ra------ C:\WINDOWS\system32\drivers\SE2Ecmnt.sys
2007-04-03 22:50:27 6240 -ra------ C:\WINDOWS\system32\drivers\SE2Ecm.sys
2007-04-03 22:50:23 5872 -ra------ C:\WINDOWS\system32\drivers\SE2Ewhnt.sys
2007-04-03 22:50:23 5872 -ra------ C:\WINDOWS\system32\drivers\SE2Ewh.sys
2007-04-03 22:50:23 61600 -ra------ C:\WINDOWS\system32\drivers\SE2Ebus.sys
2007-04-03 22:49:22 0 d-------- C:\Documents and Settings\thierry\Application Data\Teleca
2007-04-03 22:48:10 0 d-------- C:\Documents and Settings\thierry\Application Data\Sony Ericsson<SONYER~1>
2007-04-03 22:44:40 0 d-------- C:\WINDOWS\system32\DRVSTORE
2007-04-03 22:41:08 0 d-------- C:\Program Files\Disc2Phone<DISC2P~1>
-- Find3M Report ---------------------------------------------------------------
2007-04-18 19:22:18 2094 --a------ C:\WINDOWS\system32\tmp.reg
2007-04-14 09:42:44 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-04-10 13:18:32 712832 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-03-17 15:44:48 293376 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-08 17:37:50 578560 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 17:37:50 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:37:50 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:33:58 1843712 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-05 22:19:06 185344 --a------ C:\WINDOWS\system32\upnphost.dll
2007-01-29 09:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
-- Registry Dump ---------------------------------------------------------------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"pdfSaver3"="\"C:\\Program Files\\Tracker Software\\PDF-XChange 3\\pdfSaver\\pdfSaver3.exe\""
"SweetIM"="C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe"
"Copernic Desktop Search 2"="\"C:\\Program Files\\Copernic Desktop Search 2\\DesktopSearchService.exe\" /tray"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"LVCOMS"="C:\\Program Files\\Fichiers communs\\Logitech\\QCDriver\\LVCOMS.EXE"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"Creative WebCam Tray"="C:\\Program Files\\Creative\\Shared Files\\CAMTRAY.EXE"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"xcgylg"="c:\\windows\\system32\\xcgylg.exe xcgylg"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\control panel\load]
"forwas"=hex:15,26,db,fb,69
"kylog"=hex:43,6e,6a,7d,75,77,50,1c,04,38,17,09,ff,da,ad,95,69,4e,2a
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
ComboScan v20070306.20 run by thierry on 2007-04-21 at 13:02:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created ComboScan Restore Point.
-- Last 2 Restore Point(s) --
2: 2007-04-21 11:02:27 UTC - RP2 - ComboScan Restore Point
1: 2007-04-20 10:55:19 UTC - RP1 - Point de vérification système
Performed disk cleanup.
-- HijackThis (run as thierry.exe) ---------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 13:04:45, on 21/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Copernic Desktop Search 2\DesktopSearch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\thierry\Bureau\comboscan.exe
C:\PROGRA~1\HIJACK~2\thierry.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Ille Point Net
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2526.dll
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [xcgylg] c:\windows\system32\xcgylg.exe xcgylg
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
O4 - Global Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Global Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{56684DC9-7958-4701-B1D3-B95055CD529D}: NameServer = 80.10.246.130 80.10.246.3
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
-- File Associations -----------------------------------------------------------
.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
1R Aavmker4 (avast! Asynchronous Virus Monitor) - C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys
2S ADILOADER (General Purpose USB Driver (adildr.sys)) - C:\WINDOWS\SYSTEM32\DRIVERS\adildr.sys
3R adiusbaw (USB ADSL WAN Adapter) - C:\WINDOWS\SYSTEM32\DRIVERS\adiusbaw.sys
1R AmdK7 (Pilote de processeur AMD K7) - C:\WINDOWS\SYSTEM32\DRIVERS\amdk7.sys
3R AN983 (Carte Fast Ethernet 10/100 Mbps ADMtek AN983/AN985/ADM951X) - C:\WINDOWS\SYSTEM32\DRIVERS\an983.sys
2R aswMon2 (avast! Standard Shield Support) - C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys
3R aswRdr - C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys
1R aswTdi (avast! Network Shield Support) - C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys
3R ati2mtag - C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys
1R AVG Anti-Spyware Driver - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1R AvgAsCln (AVG Anti-Spyware Clean Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\SYSTEM32\DRIVERS\ccdecode.sys
1R fwdrv (Firewall Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\fwdrv.sys
3R GEARAspiWDM - C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys
3S HPZid412 (IEEE-1284.4 Driver HPZid412) - C:\WINDOWS\SYSTEM32\DRIVERS\hpzid412.sys
3S HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - C:\WINDOWS\SYSTEM32\DRIVERS\HPZipr12.sys
3S HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - C:\WINDOWS\SYSTEM32\DRIVERS\HPZius12.sys
1R khips (Kerio HIPS Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\khips.sys
3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\SYSTEM32\DRIVERS\mstee.sys
3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\SYSTEM32\DRIVERS\nabtsfec.sys
3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\SYSTEM32\DRIVERS\ndisip.sys
3R P0630VID (Creative WebCam Live!) - C:\WINDOWS\SYSTEM32\DRIVERS\P0630Vid.sys
3S Pcouffin (Low level access layer for CD devices) - C:\WINDOWS\system32\Drivers\Pcouffin.sys (not found)
3R pfc (Padus ASPI Shell) - C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys
3R Ptserlp (PCTEL Serial Device Driver for PCI) - C:\WINDOWS\SYSTEM32\DRIVERS\ptserlp.sys
0R PxHelp20 - C:\WINDOWS\SYSTEM32\DRIVERS\pxhelp20.sys
3S QCDonner (Labtec WebCam(PID_0840)) - C:\WINDOWS\SYSTEM32\DRIVERS\lvcd.sys
3S SE2Ebus (Sony Ericsson Device 046 Driver driver (WDM)) - C:\WINDOWS\SYSTEM32\DRIVERS\SE2Ebus.sys
3S SE2Emdfl (Sony Ericsson Device 046 USB WMC Modem Filter) - C:\WINDOWS\SYSTEM32\DRIVERS\SE2Emdfl.sys
3S SE2Emdm (Sony Ericsson Device 046 USB WMC Modem Driver) - C:\WINDOWS\SYSTEM32\DRIVERS\SE2Emdm.sys
3S SE2Emgmt (Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM)) - C:\WINDOWS\SYSTEM32\DRIVERS\SE2Emgmt.sys
3S se2End5 (Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS)) - C:\WINDOWS\SYSTEM32\DRIVERS\se2End5.sys
3S SE2Eobex (Sony Ericsson Device 046 USB WMC OBEX Interface) - C:\WINDOWS\SYSTEM32\DRIVERS\SE2Eobex.sys
3S se2Eunic (Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM)) - C:\WINDOWS\SYSTEM32\DRIVERS\se2Eunic.sys
3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\SYSTEM32\DRIVERS\slip.sys
3S streamip (BDA IPSink) - C:\WINDOWS\SYSTEM32\DRIVERS\streamip.sys
1R UdfReadr - C:\WINDOWS\SYSTEM32\DRIVERS\udfreadr.sys
3S usbccgp (Pilote parent générique USB Microsoft) - C:\WINDOWS\SYSTEM32\DRIVERS\usbccgp.sys
3R usbehci (Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft) - C:\WINDOWS\SYSTEM32\DRIVERS\usbehci.sys
3S usbprint (Classe d'imprimantes USB Microsoft) - C:\WINDOWS\SYSTEM32\DRIVERS\usbprint.sys
3S usbscan (Pilote de scanneur USB) - C:\WINDOWS\SYSTEM32\DRIVERS\usbscan.sys
3S USBSTOR (Pilote de stockage de masse USB) - C:\WINDOWS\SYSTEM32\DRIVERS\usbstor.sys
0R viaagp (Filtre de bus AGP VIA) - C:\WINDOWS\SYSTEM32\DRIVERS\viaagp.sys
0R viaagp1 (VIA AGP Filter) - C:\WINDOWS\SYSTEM32\DRIVERS\VIAAGP1.SYS
3R VIAudio (Contrôleur audio VIA AC'97 (WDM)) - C:\WINDOWS\SYSTEM32\DRIVERS\ac97via.sys
0R Vmodem (XP Vmodem) - C:\WINDOWS\SYSTEM32\DRIVERS\vmodem.sys
0R Vpctcom (XP Vpctcom) - C:\WINDOWS\SYSTEM32\DRIVERS\vpctcom.sys
3R vulfnths (VIA USB Host Controller Lower Filter) - C:\WINDOWS\SYSTEM32\DRIVERS\vulfnth.sys
3R vulfntrs (VIA USB Roothub Lower Filter) - C:\WINDOWS\SYSTEM32\DRIVERS\vulfntr.sys
0R Vvoice (XP Vvoice) - C:\WINDOWS\SYSTEM32\DRIVERS\vvoice.sys
3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\SYSTEM32\DRIVERS\wstcodec.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
3S aspnet_state (Service d'état ASP.NET) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2R aswUpdSv (avast! iAVS4 Control Service) - "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
2R avast! Antivirus - "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
3R avast! Mail Scanner - "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
3R avast! Web Scanner - "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
2R AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"
3S iPodService - C:\Program Files\iPod\bin\iPodService.exe
2R KPF4 (Sunbelt Kerio Personal Firewall 4) - "C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"
2R Pctspk (PCTEL Speaker Phone) - C:\WINDOWS\system32\pctspk.exe
3S Pml Driver HPZ12 - C:\WINDOWS\System32\HPZipm12.exe
2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe
-- Scheduled Tasks -------------------------------------------------------------
2007-04-20 22:24:02 394 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1075325006.job<FRUTAS~1.JOB>
2007-04-20 17:15:04 412 --a------ C:\WINDOWS\Tasks\Maintenance en 1 clic.job<MAINTE~1.JOB>
-- Files created between 2007-03-21 and 2007-04-21 -----------------------------
2007-04-18 20:58:11 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-18 20:58:06 0 d-------- C:\Program Files\Grisoft
2007-04-18 20:13:48 0 d-------- C:\Program Files\Sunbelt Software<SUNBEL~1>
2007-04-18 19:21:26 79360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-04-18 19:21:26 40960 --a------ C:\WINDOWS\system32\swsc.exe
2007-04-18 19:21:26 135168 --a------ C:\WINDOWS\system32\swreg.exe
2007-04-18 19:21:26 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-04-18 19:21:26 53248 --a------ C:\WINDOWS\system32\Process.exe
2007-04-18 19:21:26 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-04-12 13:16:48 0 d-------- C:\Program Files\Copernic Desktop Search 2<COPERN~2>
2007-04-11 21:19:40 673610 --a------ C:\WINDOWS\unins000.exe
2007-04-11 21:19:40 1345 --a------ C:\WINDOWS\unins000.dat
2007-04-04 13:36:44 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
2007-04-04 13:36:38 0 d-------- C:\1b64e43b3df43e2893d7af08<1B64E4~1>
2007-04-04 13:19:18 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard<WISEIN~1>
2007-04-03 22:50:57 18704 -ra------ C:\WINDOWS\system32\drivers\se2End5.sys
2007-04-03 22:50:43 90800 -ra------ C:\WINDOWS\system32\drivers\se2Eunic.sys
2007-04-03 22:50:43 4128 -ra------ C:\WINDOWS\system32\drivers\se2Ecr.sys
2007-04-03 22:50:42 88688 -ra------ C:\WINDOWS\system32\drivers\SE2Emgmt.sys
2007-04-03 22:50:38 86560 -ra------ C:\WINDOWS\system32\drivers\SE2Eobex.sys
2007-04-03 22:50:27 97184 -ra------ C:\WINDOWS\system32\drivers\SE2Emdm.sys
2007-04-03 22:50:27 9360 -ra------ C:\WINDOWS\system32\drivers\SE2Emdfl.sys
2007-04-03 22:50:27 6240 -ra------ C:\WINDOWS\system32\drivers\SE2Ecmnt.sys
2007-04-03 22:50:27 6240 -ra------ C:\WINDOWS\system32\drivers\SE2Ecm.sys
2007-04-03 22:50:23 5872 -ra------ C:\WINDOWS\system32\drivers\SE2Ewhnt.sys
2007-04-03 22:50:23 5872 -ra------ C:\WINDOWS\system32\drivers\SE2Ewh.sys
2007-04-03 22:50:23 61600 -ra------ C:\WINDOWS\system32\drivers\SE2Ebus.sys
2007-04-03 22:49:22 0 d-------- C:\Documents and Settings\thierry\Application Data\Teleca
2007-04-03 22:48:10 0 d-------- C:\Documents and Settings\thierry\Application Data\Sony Ericsson<SONYER~1>
2007-04-03 22:44:40 0 d-------- C:\WINDOWS\system32\DRVSTORE
2007-04-03 22:41:08 0 d-------- C:\Program Files\Disc2Phone<DISC2P~1>
-- Find3M Report ---------------------------------------------------------------
2007-04-18 19:22:18 2094 --a------ C:\WINDOWS\system32\tmp.reg
2007-04-14 09:42:44 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-04-10 13:18:32 712832 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-03-17 15:44:48 293376 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-08 17:37:50 578560 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 17:37:50 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 17:37:50 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 17:33:58 1843712 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-05 22:19:06 185344 --a------ C:\WINDOWS\system32\upnphost.dll
2007-01-29 09:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
-- Registry Dump ---------------------------------------------------------------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"pdfSaver3"="\"C:\\Program Files\\Tracker Software\\PDF-XChange 3\\pdfSaver\\pdfSaver3.exe\""
"SweetIM"="C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe"
"Copernic Desktop Search 2"="\"C:\\Program Files\\Copernic Desktop Search 2\\DesktopSearchService.exe\" /tray"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"LVCOMS"="C:\\Program Files\\Fichiers communs\\Logitech\\QCDriver\\LVCOMS.EXE"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"Creative WebCam Tray"="C:\\Program Files\\Creative\\Shared Files\\CAMTRAY.EXE"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"xcgylg"="c:\\windows\\system32\\xcgylg.exe xcgylg"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\control panel\load]
"forwas"=hex:15,26,db,fb,69
"kylog"=hex:43,6e,6a,7d,75,77,50,1c,04,38,17,09,ff,da,ad,95,69,4e,2a
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
-- End of ComboScan: finished at 2007-04-21 at 13:07:15 ------------------------
-- End of ComboScan: finished at 2007-04-21 at 13:07:15 ------------------------
jour
voila le rapport comboscan .
En attendant votre réponse ,merci
17 avril 2007 à 22:07