[HELP] Navigateur infecté + scan Hijackthis

Résolu/Fermé
Juugoo Messages postés 16 Date d'inscription vendredi 8 juin 2007 Statut Membre Dernière intervention 23 juillet 2007 - 5 juil. 2007 à 20:43
poussin59 Messages postés 335 Date d'inscription vendredi 8 juin 2007 Statut Membre Dernière intervention 7 mai 2008 - 23 juil. 2007 à 20:26
Voilà depuis peu, lorsque je surf sur internet, des Pop-Ups (Casinos, Sexe, Spywares, Sonneries gratuites ...) apparraisent et cela est très embettant !! ^^'
J'aimerai qu'on m'aide et pour cela je poste mon scan Hijackthis ===>



Logfile of HijackThis v1.99.1
Scan saved at 20:36:16, on 5/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fox Magic\ScreenVirtuoso Pro 2.50\dxlock.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Antho\LOCALS~1\Temp\Rar$EX00.250\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Belgacom Skynet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.92.168.167:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;;localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Program Files\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: PBBEFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB197B82D} - C:\WINDOWS\system32\pbbefrv2.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Program Files\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: PBBEFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB197B82D} - C:\WINDOWS\system32\pbbefrv2.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Program Files\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S85.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [dxlock] C:\Program Files\Fox Magic\ScreenVirtuoso Pro 2.50\dxlock.exe
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Global Startup: Hyperappel de l'Encyclopédie Universelle Larousse.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: SWF Capture tool - C:\Program Files\Eltima Software\Flash Decompiler\iebt.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Antho\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=https://www.proximus.be/pickx
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/ActiveWorldsDownload.cab
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://www.hoteladriana.it/VatDec.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.coolstreaming.us/webtv/tvkoo/KooPlayer.ocx
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://bagnolavela.axiscam.net/activex/AMC.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://82.91.127.162/activex/AxisCamControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C79D3167-6133-4E7C-821C-5C114611022D} (CamImage Class) - http://www.scform.unifi.it/webcam/pro/CameraControl.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://82.107.204.241:81/activex/AMC.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://ps.itv.mop.com/dn/files/pCastCtl-1.0.0.94_signed.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe




Meci d'avance ;)
A voir également:

26 réponses

poussin59 Messages postés 335 Date d'inscription vendredi 8 juin 2007 Statut Membre Dernière intervention 7 mai 2008 45
5 juil. 2007 à 21:12
Salut, Juugoo


J'ai regarder vite fait ton Log, et apparament tu a des probleme mais avant d’utiliser HijackThis, il est conseillé d’effectuer les manips suivantes :

** Supprime tous tes fichiers Internet temporaires ( )

** Scanne tes disques en mode sans echec avec un antivirus installé sur ton PC ( pour le scanne je te conseil : BitDefender Free Edition 7.2 ( il ne protege pas en temps reel, mais il scanne tres tres bien et tu peut l'associer a Avast, il n'y a pas de probleme de compatibiliter.), oublie pas, les scannes se font en mode sans echec
==> pour BitDefender : https://www.bitdefender.fr/

** Utilise CWShredder ==> contre les CoolWebSearch
http:// www.trendmicro.com/cwshredder

** Utilise Ad-Aware SE Personal ==> Anti Spywares et contre Cookies traceur ( complete utilement Spybot - Search & Destroy
http:// www.lavasoft.com

** Scanne ton pc avec Spybot - Search & Destroy ==> AntiSpywares
https://www.safer-networking.org/download/

** Utilise RogueRemover ==>Contre les faux antivirus
http://www.malwarebytes.org/downloads.php

Ensuite

** telecharge AVG Anti-Spyware (ewido)
https://www.avg.com/en-ww/free-antivirus-download
Tu l'installes et lance AVG Anti-Spyware et clique sur le bouton Mise à jour.
Si tu n'arrives pas à le mettre à jour prends les ici :
http://downloads.ewido.net/avgas-signatures-full-current.exe

Fait dans l'ordre SVP ( Surtout )

==> Clique sur le bouton Analyse (de la barre d'outils)
==> Puis sur l'onglet Paramètres
==> Sous la rubrique : "Comment réagir " clique sur Actions recommandées. Sélectionne Quarantaine.
==> Sous la rubrique : Rapports selectionne Générer un rapport après chaque analyse
==> Retourne sur l'onglet Analyse.
==> Clique sur Analyse complète du système

"Appliquer toutes les actions " en bas.

Clique sur "Enregistrer le rapport".

Le rapport en fichier texte se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.

** utilise Ccleaner pour tout nettoyer avant de lancer HijackThis
https://filehippo.com/download_ccleaner/

Une fois ces actions effectuées, tu devriez avoir un système plus propre :

Ils faut vraiment que tu fasse ces analyses.

Reviens avec les rapports, hijackthis et AVG Anti-Spyware

@+
0
Juugoo Messages postés 16 Date d'inscription vendredi 8 juin 2007 Statut Membre Dernière intervention 23 juillet 2007
6 juil. 2007 à 11:11
Ok no problem ;)

Juste une question ...

Je dois faire TOUS les scans en mode sans échec ou seulement celui de mon antivirus/BitDefender ??

@++
0
poussin59 Messages postés 335 Date d'inscription vendredi 8 juin 2007 Statut Membre Dernière intervention 7 mai 2008 45
6 juil. 2007 à 20:53
Salut,

Fait juste celui de l'antivirus, Ok, J'attend tes rapport

Bon courrage.

@+
0
Juugoo Messages postés 16 Date d'inscription vendredi 8 juin 2007 Statut Membre Dernière intervention 23 juillet 2007
6 juil. 2007 à 20:53
Voilà j'ai fait tout ce que tu m'as dit (j'ai seulement fais le premier scan en mode sans échec) ^^'

Voilà les logs


Hijackthis ===>



Logfile of HijackThis v1.99.1
Scan saved at 20:48:41, on 6/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fox Magic\ScreenVirtuoso Pro 2.50\dxlock.exe
C:\Program Files\Larousse\Encyclopédie Universelle Larousse\bin\hyperappel.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Documents and Settings\Antho\Bureau\client\One Piece Online V.5.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Belgacom Skynet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.92.168.167:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;;localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Program Files\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: PBBEFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB197B82D} - C:\WINDOWS\system32\pbbefrv2.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Program Files\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: PBBEFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB197B82D} - C:\WINDOWS\system32\pbbefrv2.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Program Files\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S85.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [dxlock] C:\Program Files\Fox Magic\ScreenVirtuoso Pro 2.50\dxlock.exe
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Global Startup: Hyperappel de l'Encyclopédie Universelle Larousse.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: SWF Capture tool - C:\Program Files\Eltima Software\Flash Decompiler\iebt.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Antho\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=https://www.proximus.be/pickx
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/ActiveWorldsDownload.cab
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://www.hoteladriana.it/VatDec.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.coolstreaming.us/webtv/tvkoo/KooPlayer.ocx
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://bagnolavela.axiscam.net/activex/AMC.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://82.91.127.162/activex/AxisCamControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C79D3167-6133-4E7C-821C-5C114611022D} (CamImage Class) - http://www.scform.unifi.it/webcam/pro/CameraControl.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://82.107.204.241:81/activex/AMC.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl-1.0.0.94_signed.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)





AVG:



---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 20:31:14 6/07/2007

+ Résultat de l'analyse:



C:\Documents and Settings\Antho\Mes documents\fformat.exe -> Not-A-Virus.BadJoke.Win32.Formatter : Nettoyé.
C:\Documents and Settings\Antho\Cookies\antho@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\Maria\Cookies\maria@navrcholu[2].txt -> TrackingCookie.Navrcholu : Nettoyé.
C:\Documents and Settings\Pascal\Cookies\pascal@counter2.sextracker[2].txt -> TrackingCookie.Sextracker : Nettoyé.
C:\Documents and Settings\Pascal\Cookies\pascal@skype[1].txt -> TrackingCookie.Skype : Nettoyé.
C:\Documents and Settings\Jessica\Cookies\jessica@m.webtrends[1].txt -> TrackingCookie.Webtrends : Nettoyé.
C:\Documents and Settings\Nicolas\Cookies\nicolas@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé.
C:\Documents and Settings\Pascal\Cookies\pascal@m.webtrends[1].txt -> TrackingCookie.Webtrends : Nettoyé.


Fin du rapport
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Juugoo Messages postés 16 Date d'inscription vendredi 8 juin 2007 Statut Membre Dernière intervention 23 juillet 2007
7 juil. 2007 à 13:22
Que dois-je fix SVP ???
0
poussin59 Messages postés 335 Date d'inscription vendredi 8 juin 2007 Statut Membre Dernière intervention 7 mai 2008 45
7 juil. 2007 à 15:10
Salut, Juugoo

Tu est de belgique ?

Moi je suis du nord de la france : Lille

pour commencer, utilise tu un proxi pour naviguer ?

connez tu ce programme ?

C:\Program Files\Fox Magic\ScreenVirtuoso Pro 2.50

Et ces sites internet ?


https://www.activeworlds.com/index.php
https://www.hoteladriana.it/
http://dl.tvunetworks.com
http://a840.g.akamai.net
http://www.scform.unifi.it/webcam/pro
http://ps.itv.mop.com


=============================

Allez on y va :

Sur HijackThis, refais un scan et coches les lignes suivantes :

O2 - BHO: PBBEFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB197B82D} - C:\WINDOWS\system32\pbbefrv2.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: PBBEFRV2 - {4E7BD74F-2B8D-469E-A0E8-ED6AB197B82D} - C:\WINDOWS\system32\pbbefrv2.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*

---> puis clic sur le bouton "Fix Checked"

Ferme HijackThis

Puis :

Télécharge
navilog1 : http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
= Install le
= Double-Clic navilog1 qui est sur le bureau
= Appuyer sur une touche jusqu' arriver aux options
= Choisir option 1 ( = taper 1 )
ne pas utiliser les autres sans avis , il peut y avoir des processus légitimes

un rapport : fixnavi.txt
dans ==> C :
le copier/coller dans la réponse + Nouveau HijackThis

@+
0
Juugoo Messages postés 16 Date d'inscription vendredi 8 juin 2007 Statut Membre Dernière intervention 23 juillet 2007
7 juil. 2007 à 16:33
Salut,

Bon je n'utilise pa de proxy pour naviguer quant au programme C:\Program Files\Fox Magic\ScreenVirtuoso Pro 2.50 oui je le connais, je l'ai installé (c'est un programme qui fait une vidéo de l'écran)...

Je connais quelque-uns de ces sites mais pas tous (jy ai peut-être surfé un fois comme ça) ^^



=============================================================


Voici les rapports ;)


Fixnavi ===>


Search Navipromo version 2.0.5 commencé le sam. 07/07/2007 à 16:26:44,85

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 01.07.2007 a 12h00 by IL-MAFIOSO

Executé en mode normal

*** Recherche Programmes installes ***


InternetGameBox


*** Recherche dossiers dans C:\WINDOWS ***




*** Recherche dossiers dans C:\Program Files ***




*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\Antho\Application Data ***



*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
https://www.f-secure.com/en


F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================

Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of October, 2007.
Version information: 2.2.1064.

[+] Started on 07/07/07 at 16:26:52.
[-] ERROR: F-Secure BlackLight could not acquire debug privileges.
[+] Exited on 07/07/07 at 16:26:52 (return code = 3).


*** Recherche fichiers ***


C:\DOCUME~1\Antho\Bureau\InternetGameBox.lnk trouvé !
C:\WINDOWS\pack.epk trouvé !
C:\WINDOWS\system32\nvs2.inf trouvé !


*** Recherche cles registre ***


Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]



Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]



Recherche Clé Magic Control

HKEY_CURRENT_USER\Software\Lanconfig trouvé !


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:


2)Recherche Heuristique :
*
C:\WINDOWS\system32\iuorhizk.dat trouvé !
**
C:\WINDOWS\system32\iuorhizk.dat trouvé !
***
****
C:\WINDOWS\system32\iuorhizk_navps.dat trouvé !
*****
******
*******
********

3)Recherche Certificats :

Certificat Egroup trouvé !


*** Analyse Terminé le sam. 07/07/2007 à 16:27:26,43 ***




Hijackthis ===>

Logfile of HijackThis v1.99.1
Scan saved at 16:31:15, on 7/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ICRAplus\ICRAplus\ICRAplus.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\ICRAplus\RDFLabel\RDFLabel.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fox Magic\ScreenVirtuoso Pro 2.50\dxlock.exe
C:\Program Files\Larousse\Encyclopédie Universelle Larousse\bin\hyperappel.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
c:\program files\softwin\bitdefender8\bdmcon.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Belgacom Skynet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.92.168.167:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;;localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Program Files\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Program Files\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Program Files\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S85.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [dxlock] C:\Program Files\Fox Magic\ScreenVirtuoso Pro 2.50\dxlock.exe
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Startup: MaxTV.lnk = C:\Program Files\DMV\MaxTV\MaxTV.exe
O4 - Global Startup: Hyperappel de l'Encyclopédie Universelle Larousse.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: SWF Capture tool - C:\Program Files\Eltima Software\Flash Decompiler\iebt.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Antho\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
O14 - IERESET.INF: START_PAGE_URL=https://www.proximus.be/pickx
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/ActiveWorldsDownload.cab
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://www.hoteladriana.it/VatDec.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.coolstreaming.us/webtv/tvkoo/KooPlayer.ocx
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://bagnolavela.axiscam.net/activex/AMC.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://82.91.127.162/activex/AxisCamControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C79D3167-6133-4E7C-821C-5C114611022D} (CamImage Class) - http://www.scform.unifi.it/webcam/pro/CameraControl.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://82.107.204.241:81/activex/AMC.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl-1.0.0.94_signed.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICRAplus - OPTENET - C:\Program Files\ICRAplus\ICRAplus\ICRAplus.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RDFLabel - Unknown owner - C:\Program Files\ICRAplus\RDFLabel\RDFLabel.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)



Mon PC est-il guéri ?? Comment éviter d'attraper ce genre de spywares ??


Merci et

@++
0
poussin59 Messages postés 335 Date d'inscription vendredi 8 juin 2007 Statut Membre Dernière intervention 7 mai 2008 45
7 juil. 2007 à 17:26
RE

==> Lance Hijackthis et fait "scan seulement" puis coche cette ligne :


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.92.168.167:8080
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Antho\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/ActiveWorldsDownload.cab
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://www.hoteladriana.it/VatDec.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/
O16 - DPF: {C79D3167-6133-4E7C-821C-5C114611022D} (CamImage Class) - http://www.scform.unifi.it/webcam/pro/CameraControl.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl-1.0.0.94_signed.cab

==> Ferme toutes les applications ouvertes clique sur "fixer objet"

Apres avoir fermer Hijackthis


==> Télécharge sur ton bureau l'utilitaire BlackLight de F-Secure situé à l'adresse suivante :
https://europe.f-secure.com/exclude/blacklight/index.shtml
- Attention cette application ne fonctionne qu'à partir des versions 2000 & XP de Windows -
et puis

Exécute BlackLight ( fsbl )
Acceptez la license et cliquez sur Scan

il va creer un rapport dont le nom doit être approchant de fsbl-bxxxx.log sur ton bureau ( xxxxx, represente des numeros )

<================>

= Lance navilog1
= Cette fois-ci choisi l'option 2
= Navilog va faire le nettoyage.. patient jusqu'à ce qui soit marqué *** Nettoyage Termine le ..... ***
= Un rapport va être génrer sur ton C:\ qui sera en option 2
Note: le bureau disparaît

= colle le contenu du rapport de navilog (qui est en option2)

<================>

---------------
- Télécharge smitfraudfix (S!Ri)
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
* Décompresse le sur ton bureau
* lance smitfraudfix.cmd et choisis l'option 1 et Entrée
/!\ ne touches surtout pas aux autres options pour le moment /!\
* Un rapport sera généré sauvegarde le
*Quitte smitfraudfix

/!\ process.exe est détecté par certains antivirus comme étant un virus ce qui bien evidement n'est pas le cas mais un utilitaire destiné à mettre fin à des processus. /!\

==> Reviens avec les rapports, hijackthis, SmitFraudFix, navilog1 , BlackLight ( fsbl )


Ok, Merci....
@+
0
Juugoo Messages postés 16 Date d'inscription vendredi 8 juin 2007 Statut Membre Dernière intervention 23 juillet 2007
8 juil. 2007 à 15:27
Bonjour,

Avant tout j'ai eu un problème lors de l'installation de blacklight ==> http://img293.imageshack.us/img293/4402/erferferfvg8.jpg

Conséquence, pas de rapport ><'

Sinon voici les autres log ;)

==================================================================



Hijackthis :


Logfile of HijackThis v1.99.1
Scan saved at 15:19:30, on 8/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ICRAplus\ICRAplus\ICRAplus.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\ICRAplus\RDFLabel\RDFLabel.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Belgacom Skynet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;;localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Program Files\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Program Files\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Program Files\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S85.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iuorhizk] c:\windows\system32\iuorhizk.exe iuorhizk
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [dxlock] C:\Program Files\Fox Magic\ScreenVirtuoso Pro 2.50\dxlock.exe
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Startup: MaxTV.lnk = C:\Program Files\DMV\MaxTV\MaxTV.exe
O4 - Global Startup: Hyperappel de l'Encyclopédie Universelle Larousse.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: SWF Capture tool - C:\Program Files\Eltima Software\Flash Decompiler\iebt.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
O14 - IERESET.INF: START_PAGE_URL=https://www.proximus.be/pickx
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.coolstreaming.us/webtv/tvkoo/KooPlayer.ocx
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://bagnolavela.axiscam.net/activex/AMC.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://82.91.127.162/activex/AxisCamControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://82.107.204.241:81/activex/AMC.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICRAplus - OPTENET - C:\Program Files\ICRAplus\ICRAplus\ICRAplus.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RDFLabel - Unknown owner - C:\Program Files\ICRAplus\RDFLabel\RDFLabel.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)


SmitFraudFix :

SmitFraudFix v2.201

Rapport fait à 14:42:04,17, dim. 08/07/2007
Executé à partir de C:\Documents and Settings\Antho\Bureau\SmitfraudFix[1]\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ICRAplus\ICRAplus\ICRAplus.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\ICRAplus\RDFLabel\RDFLabel.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Antho


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Antho\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Antho\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.68.193.110
DNS Server Search Order: 212.68.193.196

HKLM\SYSTEM\CCS\Services\Tcpip\..\{436A4F74-371C-4E55-9EF0-0C7254A63B29}: DhcpNameServer=212.68.193.110 212.68.193.196
HKLM\SYSTEM\CS1\Services\Tcpip\..\{436A4F74-371C-4E55-9EF0-0C7254A63B29}: DhcpNameServer=212.68.193.110 212.68.193.196
HKLM\SYSTEM\CS3\Services\Tcpip\..\{436A4F74-371C-4E55-9EF0-0C7254A63B29}: DhcpNameServer=212.68.193.110 212.68.193.196
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.68.193.110 212.68.193.196
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.68.193.110 212.68.193.196
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.68.193.110 212.68.193.196


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin



Navilog1 :

Clean Navipromo version 2.0.5 commencé le dim. 08/07/2007 à 14:08:51,28

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 01.07.2007 a 12h00 by IL-MAFIOSO

Mode suppression automatique avec prise en charge résultats Blacklight



*** fsbl1.txt non trouvé ***
(Assurez-vous que Blacklight n'avait rien trouvé lors de la recherche)


*** Suppression dossiers dans C:\WINDOWS ***


*** Suppression dossiers dans C:\Program Files ***


*** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***


*** Suppression dossiers dans C:\Documents and Settings\Antho\Application Data ***



*** Suppression fichiers ***

C:\DOCUME~1\Antho\Bureau\InternetGameBox.lnk supprimé !
C:\WINDOWS\pack.epk supprimé !
C:\WINDOWS\system32\nvs2.inf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Antho\Local Settings\Temp effectué !


*** Sauvegarde du registre vers dossier Backupnavi***


sauvegarde du registre réalise avec succes !


*** Nettoyage registre ***


Nettoyage registre Ok

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:


2)Recherche et Suppression Heuristique :

*
C:\WINDOWS\System32\iuorhizk.dat trouvé !
Copie C:\WINDOWS\system32\iuorhizk.dat réalise avec succes !
C:\WINDOWS\system32\iuorhizk.dat supprimé !

**
***
****
C:\WINDOWS\System32\iuorhizk_navps.dat trouvé !
Copie C:\WINDOWS\system32\iuorhizk_navps.dat réalise avec succes !
C:\WINDOWS\system32\iuorhizk_navps.dat supprimé !

*****
C:\WINDOWS\System32\iuorhizk_nav.dat trouvé !
Copie C:\WINDOWS\system32\iuorhizk_nav.dat réalise avec succes !
C:\WINDOWS\system32\iuorhizk_nav.dat supprimé !

******
*******
********

3)Contrôle présence clés Rootkit dans le registre :

Aucune autre clés présente dans le registre !

4)Certificats :

Certificat Egroup supprimé !

*** Nettoyage termine le dim. 08/07/2007 à 14:13:24,78 ***


BlackLight : /
0
poussin59 Messages postés 335 Date d'inscription vendredi 8 juin 2007 Statut Membre Dernière intervention 7 mai 2008 45
10 juil. 2007 à 22:12
Salut, Dsl pour le temps mais j'avais trop de boulot

essaye de reutiliser BlackLight de F-Secure en mode sans echec.

==> Télécharge sur ton bureau l'utilitaire BlackLight de F-Secure situé à l'adresse suivante :
https://europe.f-secure.com/exclude/blacklight/index.shtml
- Attention cette application ne fonctionne qu'à partir des versions 2000 & XP de Windows -
( çà c'est dejat fait )

Demarre en mode sans echec
et puis

Exécute BlackLight ( fsbl )
Acceptez la license et cliquez sur Scan

il va creer un rapport dont le nom doit être approchant de fsbl-bxxxx.log sur ton bureau ( xxxxx, represente des numeros )

<================>

redemarre en mode normal :

puis fait ça

Télécharge Clean.zip (de Malekal) : http://www.malekal.com/download/clean.zip
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 1 puis patiente.
Poste ensuite le contenu du rapport.

Colle les rapports BlackLight, Clean, et Hitjack
0
Juugoo Messages postés 16 Date d'inscription vendredi 8 juin 2007 Statut Membre Dernière intervention 23 juillet 2007
12 juil. 2007 à 11:29
Bonjour,

Dsl mais je n'arrive toujours pas à executer fsbl en mode sans échec (on me dit: vous êtes en mode sans échec veuillez redémarrer en mode normal => si ma traduction de l'anglais est bonne ^^)

Je poste les autres rapports à savoir clean et hijack

Clean:


jeu. 12/07/2007 a 11:22:10,31

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\
C:\WINDOWS\exefld\ FOUND

*** Recherche des fichiers dans C:\WINDOWS\system32
"C:\WINDOWS\Downloaded Program Files\CONFLICT.1" FOUND

*** Recherche des fichiers dans C:\Program Files
*** Fin du rapport !





Hijackthis:


Logfile of HijackThis v1.99.1
Scan saved at 11:28:40, on 12/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ICRAplus\ICRAplus\ICRAplus.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
C:\Program Files\ICRAplus\RDFLabel\RDFLabel.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Larousse\Encyclopédie Universelle Larousse\bin\hyperappel.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Belgacom Skynet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;;localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Program Files\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Program Files\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Program Files\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S85.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [dxlock] C:\Program Files\Fox Magic\ScreenVirtuoso Pro 2.50\dxlock.exe
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Startup: MaxTV.lnk = C:\Program Files\DMV\MaxTV\MaxTV.exe
O4 - Global Startup: Hyperappel de l'Encyclopédie Universelle Larousse.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: SWF Capture tool - C:\Program Files\Eltima Software\Flash Decompiler\iebt.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
O14 - IERESET.INF: START_PAGE_URL=https://www.proximus.be/pickx
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.coolstreaming.us/webtv/tvkoo/KooPlayer.ocx
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://bagnolavela.axiscam.net/activex/AMC.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://82.91.127.162/activex/AxisCamControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://82.107.204.241:81/activex/AMC.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICRAplus - OPTENET - C:\Program Files\ICRAplus\ICRAplus\ICRAplus.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RDFLabel - Unknown owner - C:\Program Files\ICRAplus\RDFLabel\RDFLabel.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
0
poussin59 Messages postés 335 Date d'inscription vendredi 8 juin 2007 Statut Membre Dernière intervention 7 mai 2008 45
12 juil. 2007 à 20:21
Salut,

Tu est infecter par W32/Bagle-KF
pour commencer,

Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 2 puis patiente.


On va s occupper de W32/Bagle-KF

Télécharge ELIBAGLA de MSC HotlineSat
http://www.zonavirus.com/datos/descargas/95/elibagla.asp
Clique sur le bouton
Descargar Elibagla 10.41 --> tout en bas de la page au dessus de
Tamaño Descargados Licencia Web 42,01 Kb. 29131
Cela va télécharger le fichier, placez le sur votre bureau.
Double-clique dessus pour l'ouvrir
Assure toi que dans le menu déroulant Unidad, tu as bien C:\
Vérifiquez aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente >(Eliminer les fichiers infectés automatiquement) est bien cochée

Cliquez sur le bouton Explorar pour lancer l'analyse

Reposte un log HijackThis en réponse, le rapport d ELIBAGLA et le rapport clean : C:\rapport_clean.txt

@+
0
Juugoo Messages postés 16 Date d'inscription vendredi 8 juin 2007 Statut Membre Dernière intervention 23 juillet 2007
13 juil. 2007 à 13:31
Voilà ^^'


Hijack:


Logfile of HijackThis v1.99.1
Scan saved at 13:21:30, on 13/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ICRAplus\ICRAplus\ICRAplus.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
C:\Program Files\ICRAplus\RDFLabel\RDFLabel.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fox Magic\ScreenVirtuoso Pro 2.50\dxlock.exe
C:\Program Files\Larousse\Encyclopédie Universelle Larousse\bin\hyperappel.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Belgacom Skynet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;;localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Program Files\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Program Files\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Program Files\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S85.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [dxlock] C:\Program Files\Fox Magic\ScreenVirtuoso Pro 2.50\dxlock.exe
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Startup: MaxTV.lnk = C:\Program Files\DMV\MaxTV\MaxTV.exe
O4 - Global Startup: Hyperappel de l'Encyclopédie Universelle Larousse.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: SWF Capture tool - C:\Program Files\Eltima Software\Flash Decompiler\iebt.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
O14 - IERESET.INF: START_PAGE_URL=https://www.proximus.be/pickx
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.coolstreaming.us/webtv/tvkoo/KooPlayer.ocx
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://bagnolavela.axiscam.net/activex/AMC.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://82.91.127.162/activex/AxisCamControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://82.107.204.241:81/activex/AMC.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICRAplus - OPTENET - C:\Program Files\ICRAplus\ICRAplus\ICRAplus.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RDFLabel - Unknown owner - C:\Program Files\ICRAplus\RDFLabel\RDFLabel.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)



Elibalga:



Thu Jul 12 20:38:51 2007
EliBagle v10.45 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\ERROR.TXT --> Eliminado Bagle

Thu Jul 12 20:40:05 2007
EliBagle v10.45 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Fri Jul 13 12:33:22 2007
EliBagle v10.45 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Fri Jul 13 12:33:27 2007
EliBagle v10.45 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Fri Jul 13 13:20:20 2007
EliBagle v10.45 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Fri Jul 13 13:22:17 2007
EliBagle v10.45 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Fri Jul 13 13:22:18 2007
EliBagle v10.45 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\


Clean:


Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec jeu. 12/07/2007 a 20:34:14,06

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:

*** Suppression des fichiers dans C:\WINDOWS\
tentative de suppression de C:\WINDOWS\exefld\

*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de "C:\WINDOWS\Downloaded Program Files\CONFLICT.1"

*** Suppression des fichiers dans C:\Program Files

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
0
poussin59 Messages postés 335 Date d'inscription vendredi 8 juin 2007 Statut Membre Dernière intervention 7 mai 2008 45
13 juil. 2007 à 13:46
Salut,

Je vient de regarder ton log, et apparament il est propre, Je ne vois plus rien de special, sauf erreur de ma part biensur.

Et toi, comment se comporte ton Pc, et tu toujours ennuyer avec les pop-ups,

Tien moi au courrant, et si ton probleme est regler, cloture le postes

Merci et @+
0
Juugoo Messages postés 16 Date d'inscription vendredi 8 juin 2007 Statut Membre Dernière intervention 23 juillet 2007
13 juil. 2007 à 20:36
Malheureusement, j'ai toujours des pop-ups de faux-antivirus, sexe, casinos,...

Du genre à celui-ci => http://img142.imageshack.us/img142/7531/jspgy7.jpg

(Dans ce cas, faux-antivirus)


Voilà @+++
0
poussin59 Messages postés 335 Date d'inscription vendredi 8 juin 2007 Statut Membre Dernière intervention 7 mai 2008 45
13 juil. 2007 à 20:58
RE,

OK, Alors on va essayer sa.

Fais un scan en ligne chez Bitdefender:
(avec internet explorer) :
http://www.bitdefender.fr/bd/site/page.php
(en bas à gauche sur scan online)A la fin du scan, enregistres le rapport et copies/colles le ici.

Puis,

1/Télécharger sur le Bureau.
VundoFix : http://www.atribune.org/ccount/click.php?id=4
= Double-clic VundoFix.exe.
= Clic OK
= Attendre le redemarrage de Vundofix
= Clic Scan for Vundo
= le scan est assez long (), à la fin
= Clic Remove Vundo
= Puis Yes
= Le Bureau disparaît un moment lors de la suppression des fichiers.
= Message shutdown
= clic Oui
= Redémarrage auto
Note : il peut y avoir plusieurs redémarrages
= copier le rapport qui est dans C:\vundofix.txt



2/Télécharger sur le bureau
VirtumondoBegone : http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

=Double clic sur VirtumundoBeGone.exe
=clic Continue ==> clic Start
=clic Oui
=A la fin si Vundo est présent , le PC s’éteint et redémarre

Si Ecran bleu et message : Erreur fatale .. pas de problème

=Poster le rapport VBG.TXT qui est sur le bureau

Puis un autre Hitjack, on a surement oublier quelque choses. et en plus tu ne peut pas utiliser Blacklight

@+
0
Juugoo Messages postés 16 Date d'inscription vendredi 8 juin 2007 Statut Membre Dernière intervention 23 juillet 2007
14 juil. 2007 à 15:37
Bonjour,

Alors ces 3 programmes n'ont rien détectés, bizare ...

Voici les logs =>


Bit defender il est en html mais il n'as rien trouvé donc je ne le post pas mais si c'est vraiment indispensable je m'arrangerait pour le poster ;-)

Vundo:
(mon ordi n'as pas reboot )


VundoFix V6.5.4

Checking Java version...

Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 15:26:31 14/07/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...


Virtumondo :
(mon ordi n'as pas reboot )


[07/14/2007, 15:31:08] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Antho\Bureau\VirtumundoBeGone.exe" )
[07/14/2007, 15:31:32] - Detected System Information:
[07/14/2007, 15:31:32] - Windows Version: 5.1.2600, Service Pack 2
[07/14/2007, 15:31:32] - Current Username: Antho (Admin)
[07/14/2007, 15:31:32] - Windows is in NORMAL mode.
[07/14/2007, 15:31:32] - Searching for Browser Helper Objects:
[07/14/2007, 15:31:32] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[07/14/2007, 15:31:32] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[07/14/2007, 15:31:32] - BHO 3: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[07/14/2007, 15:31:32] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[07/14/2007, 15:31:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/14/2007, 15:31:32] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[07/14/2007, 15:31:32] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[07/14/2007, 15:31:32] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/14/2007, 15:31:32] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[07/14/2007, 15:31:32] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[07/14/2007, 15:31:32] - BHO 8: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[07/14/2007, 15:31:32] - BHO 9: {bd0e4d83-654e-4213-965b-fcbe887061f4} (Coolstreaming Tool-Bar v1.0 Toolbar)
[07/14/2007, 15:31:33] - BHO 10: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[07/14/2007, 15:31:33] - Finished Searching Browser Helper Objects
[07/14/2007, 15:31:33] - Finishing up...
[07/14/2007, 15:31:33] - Nothing found! Exiting...


Et un Hijack :

Logfile of HijackThis v1.99.1
Scan saved at 15:37:11, on 14/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ICRAplus\ICRAplus\ICRAplus.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
C:\Program Files\ICRAplus\RDFLabel\RDFLabel.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fox Magic\ScreenVirtuoso Pro 2.50\dxlock.exe
C:\Program Files\Larousse\Encyclopédie Universelle Larousse\bin\hyperappel.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Belgacom Skynet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;;localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Program Files\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Program Files\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Program Files\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S85.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [dxlock] C:\Program Files\Fox Magic\ScreenVirtuoso Pro 2.50\dxlock.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Startup: MaxTV.lnk = C:\Program Files\DMV\MaxTV\MaxTV.exe
O4 - Global Startup: Hyperappel de l'Encyclopédie Universelle Larousse.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: SWF Capture tool - C:\Program Files\Eltima Software\Flash Decompiler\iebt.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
O14 - IERESET.INF: START_PAGE_URL=https://www.proximus.be/pickx
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.coolstreaming.us/webtv/tvkoo/KooPlayer.ocx
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://bagnolavela.axiscam.net/activex/AMC.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://82.91.127.162/activex/AxisCamControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://82.107.204.241:81/activex/AMC.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICRAplus - OPTENET - C:\Program Files\ICRAplus\ICRAplus\ICRAplus.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RDFLabel - Unknown owner - C:\Program Files\ICRAplus\RDFLabel\RDFLabel.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)



Voilà


@++
0
poussin59 Messages postés 335 Date d'inscription vendredi 8 juin 2007 Statut Membre Dernière intervention 7 mai 2008 45
15 juil. 2007 à 01:54
Salut, Dsl pour l'heure

Alors on y va :

==> Télécharge Pocket KillBox sur ton bureau. (petit utilitaire qui permet de supprimer des fichiers récalcitrants)
http://www.killbox.net/downloads/KillBox.exe

==> Double-clique sur le fichier Killbox.exe, et coche la case "Delete on reboot".
Copie la lignes ci-dessous :

C:\WINDOWS\system32\hldrrr.exe

Retourne sur Pocket KillBox

Fait ==> Menu "File" --> "Paste from Clipboard" (tu ne verras rien se passer).

vérifi dans le menu déroulant que le fichier est bien présent.
- coche la case "Unregister dll before deleting" (si tu en as la possibilité)
- clique sur le bouton "All files"
- clique ensuite sur la croix rouge
- Tu réponds par "YES" au 2 messages qui vont suivre.
- L'ordinateur doit redémarrer,
- (Fais le toi-même, s'il ne redemarre pas )

<================>

SDFix est utilisable sous Windows 2000/XP !

Télécharge le ici (772 Kb) et enregistrez-le sur le bureau :

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Double-cliquez sur SDFix.exe pour lancer l'installation.

Cliquez sur Install : cela va créer un dossier (à la racine du disque dur par défaut) nommé SDFix

Il est indispensable d'effectuer le nettoyage avec SDFix en mode sans échec.

Une fois en mode sans échec, double-cliquez sur RunThis.bat ( dans la dossier SDfix )

Tapez Y puis appuyez sur la touche Entrée de votre clavier, afin de lancer le nettoyage !

SDFix va procéder au nettoyage, soyez patient...

une fenêtre vous indique que SDFix doit redémarrer l'ordinateur afin de terminer le nettoyage.

Appuyez sur une touche de votre clavier pour redémarrer le PC.

Au redémarrage de votre PC, SDFix vous indique que le nettoyage est terminé.

Appuyez sur une touche de votre clavier afin d'ouvrir le rapport créé par SDFix.

Enregistre le et poste le ici (menu Edition / Enregistrer sous).

Sans quoi votre rapport sera quand même sauvegardé dans le fichier suivant :

"Report.txt" dans le dossier SDFix (ex : C:\SDFix\Report.txt).


Revient avec le rapport SDFix et un Hitjack

Bon courrage et @+
0
Juugoo Messages postés 16 Date d'inscription vendredi 8 juin 2007 Statut Membre Dernière intervention 23 juillet 2007
16 juil. 2007 à 11:23
Bonjour et dsl du retard ^^'

Je post les rappports

SDfix =>





SDFix: Version 1.91

Run by Antho on lun. 16/07/2007 at 10:42

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\StreamerOne\\streamerone.exe"="C:\\Program Files\\StreamerOne\\streamerone.exe:*:Enabled:streamerone"
"C:\\Program Files\\Mediacenter\\Mediacenter0.4-by Coolstreaming.exe"="C:\\Program Files\\Mediacenter\\Mediacenter0.4-by Coolstreaming.exe:*:Enabled:eBook Workshop"
"C:\\Program Files\\MaxTV Online\\maxtv.exe"="C:\\Program Files\\MaxTV Online\\maxtv.exe:*:Enabled:maxtv"
"C:\\Documents and Settings\\Antho\\Bureau\\nexuiz-20[1]\\Nexuiz\\nexuiz-dedicated.exe"="C:\\Documents and Settings\\Antho\\Bureau\\nexuiz-20[1]\\Nexuiz\\nexuiz-dedicated.exe:*:Disabled:Nexuiz"
"C:\\Program Files\\PPStream\\PPStream.exe"="C:\\Program Files\\PPStream\\PPStream.exe:*:Enabled:PPStream"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\50exmodul32d.1.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\50exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\78exmodul32d.1.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\78exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\25exmodul32d.1.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\25exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\82exmodul32d.1.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\82exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\4exmodul32d.2.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\4exmodul32d.2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\46exmodul32d.2.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\46exmodul32d.2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\84exmodul32d.2.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\84exmodul32d.2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\34exmodul32d.2.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\34exmodul32d.2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\44exmodul32d.2.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\44exmodul32d.2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\89exmodul32d.2.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\89exmodul32d.2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\43exmodul32d.2.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\43exmodul32d.2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\39exmodul32d.3.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\39exmodul32d.3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\92exmodul32d.3.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\92exmodul32d.3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\35exmodul32d.3.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\35exmodul32d.3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\60exmodul32d.3.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\60exmodul32d.3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\27exmodul32d.3.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\27exmodul32d.3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\31exmodul32d.3.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\31exmodul32d.3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\36exmodul32d.3.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\36exmodul32d.3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\26exmodul32d.3.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\26exmodul32d.3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\2exmodul32d.3.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\2exmodul32d.3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\59exmodul32d.3.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\59exmodul32d.3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\45exmodul32d.3.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\45exmodul32d.3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\16exmodul32d.3.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\16exmodul32d.3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\34exmodul32d.3.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\34exmodul32d.3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\32exmodul32d.3.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\32exmodul32d.3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\18exmodul32d.3.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\18exmodul32d.3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\85exmodul32d.3.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\85exmodul32d.3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\22exmodul32d.3.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\22exmodul32d.3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\37exmodul32d.3.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\37exmodul32d.3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\11exmodul32d.3.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\11exmodul32d.3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\77exmodul32d.3.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\77exmodul32d.3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\63exmodul32d.3.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\63exmodul32d.3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\21exmodul32d.3.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\21exmodul32d.3.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\16exmodul32d.4.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\16exmodul32d.4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\71exmodul32d.4.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\71exmodul32d.4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\62exmodul32d.4.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\62exmodul32d.4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\22exmodul32d.4.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\22exmodul32d.4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\98exmodul32d.4.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\98exmodul32d.4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\97exmodul32d.4.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\97exmodul32d.4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\6exmodul32d.4.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\6exmodul32d.4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\54exmodul32d.4.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\54exmodul32d.4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\33exmodul32d.4.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\33exmodul32d.4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\90exmodul32d.4.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\90exmodul32d.4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\61exmodul32d.4.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\61exmodul32d.4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\47exmodul32d.4.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\47exmodul32d.4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\72exmodul32d.4.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\72exmodul32d.4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\89exmodul32d.4.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\89exmodul32d.4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\32exmodul32d.4.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\32exmodul32d.4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\65exmodul32d.4.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\65exmodul32d.4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\63exmodul32d.4.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\63exmodul32d.4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\88exmodul32d.4.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\88exmodul32d.4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\96exmodul32d.4.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\96exmodul32d.4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\30exmodul32d.4.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\30exmodul32d.4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\74exmodul32d.4.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\74exmodul32d.4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\20exmodul32d.4.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\20exmodul32d.4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\24exmodul32d.4.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\24exmodul32d.4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\18exmodul32d.4.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\18exmodul32d.4.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\12exmodul32d.5.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\12exmodul32d.5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\45exmodul32d.5.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\45exmodul32d.5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\59exmodul32d.5.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\59exmodul32d.5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\50exmodul32d.5.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\50exmodul32d.5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\11exmodul32d.5.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\11exmodul32d.5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\39exmodul32d.5.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\39exmodul32d.5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\60exmodul32d.5.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\60exmodul32d.5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\38exmodul32d.5.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\38exmodul32d.5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\28exmodul32d.5.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\28exmodul32d.5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\98exmodul32d.5.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\98exmodul32d.5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\14exmodul32d.5.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\14exmodul32d.5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\74exmodul32d.5.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\74exmodul32d.5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\16exmodul32d.5.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\16exmodul32d.5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\87exmodul32d.5.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\87exmodul32d.5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\54exmodul32d.5.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\54exmodul32d.5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\2exmodul32d.5.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\2exmodul32d.5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\40exmodul32d.5.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\40exmodul32d.5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\9exmodul32d.5.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\9exmodul32d.5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\84exmodul32d.5.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\84exmodul32d.5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\26exmodul32d.5.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\26exmodul32d.5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\1exmodul32d.5.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\1exmodul32d.5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\53exmodul32d.5.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\53exmodul32d.5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\47exmodul32d.5.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\47exmodul32d.5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\67exmodul32d.5.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\67exmodul32d.5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\55exmodul32d.5.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\55exmodul32d.5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\48exmodul32d.5.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\48exmodul32d.5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\49exmodul32d.5.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\49exmodul32d.5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\58exmodul32d.5.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\58exmodul32d.5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\24exmodul32d.5.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\24exmodul32d.5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\42exmodul32d.5.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\42exmodul32d.5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\73exmodul32d.5.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\73exmodul32d.5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\65exmodul32d.5.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\65exmodul32d.5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\99exmodul32d.5.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\99exmodul32d.5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\86exmodul32d.5.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\86exmodul32d.5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\57exmodul32d.5.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\57exmodul32d.5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\49exmodul32d.6.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\49exmodul32d.6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\67exmodul32d.6.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\67exmodul32d.6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\79exmodul32d.6.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\79exmodul32d.6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\38exmodul32d.6.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\38exmodul32d.6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\52exmodul32d.6.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\52exmodul32d.6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\75exmodul32d.6.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\75exmodul32d.6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\59exmodul32d.6.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\59exmodul32d.6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\58exmodul32d.6.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\58exmodul32d.6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\27exmodul32d.6.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\27exmodul32d.6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\28exmodul32d.6.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\28exmodul32d.6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\13exmodul32d.6.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\13exmodul32d.6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\61exmodul32d.6.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\61exmodul32d.6.exe:*:Enabled:Microsoft Update"
"C:\\Program Files\\MaxSoftware\\MyTV\\mytv.exe"="C:\\Program Files\\MaxSoftware\\MyTV\\mytv.exe:*:Enabled:mytv"
"C:\\Program Files\\MaxTV Online\\plugins\\PeerCast.exe"="C:\\Program Files\\MaxTV Online\\plugins\\PeerCast.exe:*:Enabled:PeerCast"
"C:\\Program Files\\MaxTV Online\\plugins\\Streamer.exe"="C:\\Program Files\\MaxTV Online\\plugins\\Streamer.exe:*:Enabled:Streamer"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\23exmodul32d.6.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\23exmodul32d.6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\37exmodul32d.6.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\37exmodul32d.6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\65exmodul32d.6.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\65exmodul32d.6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\10exmodul32d.6.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\10exmodul32d.6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\93exmodul32d.6.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\93exmodul32d.6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\36exmodul32d.6.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\36exmodul32d.6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\69exmodul32d.6.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\69exmodul32d.6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\68exmodul32d.7.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\68exmodul32d.7.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\62exmodul32d.7.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\62exmodul32d.7.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\86exmodul32d.7.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\86exmodul32d.7.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\81exmodul32d.8.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\81exmodul32d.8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\17exmodul32d.8.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\17exmodul32d.8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\90exmodul32d.8.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\90exmodul32d.8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\87exmodul32d.8.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\87exmodul32d.8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\4exmodul32d.8.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\4exmodul32d.8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\18exmodul32d.8.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\18exmodul32d.8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\35exmodul32d.8.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\35exmodul32d.8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\22exmodul32d.8.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\22exmodul32d.8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\57exmodul32d.8.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\57exmodul32d.8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\8exmodul32d.8.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\8exmodul32d.8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\60exmodul32d.8.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\60exmodul32d.8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\38exmodul32d.8.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\38exmodul32d.8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\67exmodul32d.8.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\67exmodul32d.8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\44exmodul32d.8.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\44exmodul32d.8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\82exmodul32d.8.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\82exmodul32d.8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\31exmodul32d.8.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\31exmodul32d.8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\74exmodul32d.a.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\74exmodul32d.a.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\81exmodul32d.a.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\81exmodul32d.a.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\41exmodul32d.a.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\41exmodul32d.a.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\3exmodul32d.a.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\3exmodul32d.a.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\42exmodul32d.a.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\42exmodul32d.a.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\87exmodul32d.a.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\87exmodul32d.a.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\40exmodul32d.a.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\40exmodul32d.a.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\72exmodul32d.a.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\72exmodul32d.a.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\96exmodul32d.a.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\96exmodul32d.a.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\55exmodul32d.a.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\55exmodul32d.a.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\43exmodul32d.a.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\43exmodul32d.a.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\76exmodul32d.a.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\76exmodul32d.a.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\6exmodul32d.a.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\6exmodul32d.a.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\82exmodul32d.a.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\82exmodul32d.a.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\80exmodul32d.a.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\80exmodul32d.a.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\59exmodul32d.a.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\59exmodul32d.a.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\93exmodul32d.a.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\93exmodul32d.a.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\91exmodul32d.a.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\91exmodul32d.a.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\66exmodul32d.a.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\66exmodul32d.a.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\38exmodul32d.a.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\38exmodul32d.a.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\14exmodul32d.a.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\14exmodul32d.a.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\10exmodul32d.a.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\10exmodul32d.a.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\86exmodul32d.a.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\86exmodul32d.a.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\56exmodul32d.a.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\56exmodul32d.a.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\33exmodul32d.a.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\33exmodul32d.a.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\68exmodul32d.a.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\68exmodul32d.a.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\26exmodul32d.a.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\26exmodul32d.a.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\9exmodul32d.a.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\9exmodul32d.a.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\37exmodul32d.a.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\37exmodul32d.a.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\46exmodul32d.a.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\46exmodul32d.a.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\51exmodul32d.a.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\51exmodul32d.a.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\44exmodul32d.a.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\44exmodul32d.a.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\86exmodul32d.b.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\86exmodul32d.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\61exmodul32d.b.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\61exmodul32d.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\77exmodul32d.b.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\77exmodul32d.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\59exmodul32d.b.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\59exmodul32d.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\39exmodul32d.b.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\39exmodul32d.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\97exmodul32d.b.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\97exmodul32d.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\36exmodul32d.b.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\36exmodul32d.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\57exmodul32d.b.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\57exmodul32d.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\35exmodul32d.b.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\35exmodul32d.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\27exmodul32d.b.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\27exmodul32d.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\45exmodul32d.b.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\45exmodul32d.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\52exmodul32d.b.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\52exmodul32d.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\15exmodul32d.b.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\15exmodul32d.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\68exmodul32d.b.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\68exmodul32d.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\5exmodul32d.b.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\5exmodul32d.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\60exmodul32d.b.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\60exmodul32d.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\83exmodul32d.b.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\83exmodul32d.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\18exmodul32d.b.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\18exmodul32d.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\19exmodul32d.b.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\19exmodul32d.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\14exmodul32d.b.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\14exmodul32d.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\94exmodul32d.b.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\94exmodul32d.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\58exmodul32d.b.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\58exmodul32d.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\70exmodul32d.b.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\70exmodul32d.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\71exmodul32d.b.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\71exmodul32d.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\73exmodul32d.b.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\73exmodul32d.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\93exmodul32d.b.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\93exmodul32d.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\16exmodul32d.b.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\16exmodul32d.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\91exmodul32d.b.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\91exmodul32d.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\76exmodul32d.b.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\76exmodul32d.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\56exmodul32d.b.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\56exmodul32d.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\23exmodul32d.b.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\23exmodul32d.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\37exmodul32d.b.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\37exmodul32d.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\62exmodul32d.b.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\62exmodul32d.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\24exmodul32d.c.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\24exmodul32d.c.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\8exmodul32d.c.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\8exmodul32d.c.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\73exmodul32d.c.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\73exmodul32d.c.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\36exmodul32d.c.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\36exmodul32d.c.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\48exmodul32d.c.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\48exmodul32d.c.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\85exmodul32d.c.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\85exmodul32d.c.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\76exmodul32d.c.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\76exmodul32d.c.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\67exmodul32d.c.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\67exmodul32d.c.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\4exmodul32d.c.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\4exmodul32d.c.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\41exmodul32d.c.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\41exmodul32d.c.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\59exmodul32d.c.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\59exmodul32d.c.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\39exmodul32d.c.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\39exmodul32d.c.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\93exmodul32d.c.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\93exmodul32d.c.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\68exmodul32d.c.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\68exmodul32d.c.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\14exmodul32d.c.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\14exmodul32d.c.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\10exmodul32d.c.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\10exmodul32d.c.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\84exmodul32d.c.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\84exmodul32d.c.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\47exmodul32d.c.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\47exmodul32d.c.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\91exmodul32d.c.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\91exmodul32d.c.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\88exmodul32d.c.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\88exmodul32d.c.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\66exmodul32d.c.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\66exmodul32d.c.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\20exmodul32d.c.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\20exmodul32d.c.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\80exmodul32d.c.exe"="C:\\DOCUME~1\\Antho\\LOCALS~1\\Temp\\80exmodul32d.c.exe:*:Enabled:Microsoft Update"
"C:\\Documents and Settings\\Antho\\Application Data\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Settings\\Antho\\Application Data\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopAdver"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Lecteur Windows Media"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\TVAnts\\Tvants.exe"="C:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
"C:\\Documents and Settings\\Antho\\Local Settings\\Temporary Internet Files\\Content.IE5\\H3SO9KZ3\\viviplay[1].exe"="C:\\Documents and Settings\\Antho\\Local Settings\\Temporary Internet Files\\Content.IE5\\H3SO9KZ3\\viviplay[1].exe:*:Disabled:ViViMediaPlay"
"C:\\Program Files\\microsoft office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\microsoft office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Documents and Settings\\Antho\\Local Settings\\Temporary Internet Files\\Content.IE5\\0RE39CNO\\WoW-frFR-Installer-downloader[1].exe"="C:\\Documents and Settings\\Antho\\Local Settings\\Temporary Internet Files\\Content.IE5\\0RE39CNO\\WoW-frFR-Installer-downloader[1].exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"
"C:\\Program Files\\Attensa\\AttensaEngine.exe"="C:\\Program Files\\Attensa\\AttensaEngine.exe:*:Enabled:AttensaEngine"
"C:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"="C:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe:*:Enabled:Halo"
"C:\\Program Files\\utorrent\\utorrent.exe"="C:\\Program Files\\utorrent\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\PPLive\\PPLive.exe"="C:\\Program Files\\PPLive\\PPLive.exe:*:Enabled:PPLive"
"C:\\Program Files\\PeerTV\\PeerCast.exe"="C:\\Program Files\\PeerTV\\PeerCast.exe:*:Enabled:PeerCast"
"C:\\Program Files\\PeerTV\\PeerTV.exe"="C:\\Program Files\\PeerTV\\PeerTV.exe:*:Enabled:PeerTV"
"C:\\Program Files\\PeerTV\\VLC\\vlc.exe"="C:\\Program Files\\PeerTV\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Steam\\Steam.exe"="C:\\Program Files\\Steam\\Steam.exe:*:Enabled:Steam Client"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

Remaining Files:
---------------


Files with Hidden Attributes:

C:\Documents and Settings\Antho\Bureau\Mes images\Naruto Tome 37 Japflap HQ by Gaara-fr.com\Naruto_ch330-FR-[Japflap]\Thumbs.db
C:\Documents and Settings\Antho\Bureau\Mes images\Naruto Tome 37 Japflap HQ by Gaara-fr.com\Naruto_ch330-FR-[Japflap]\bonus\Thumbs.db
C:\Documents and Settings\Antho\Bureau\Mes images\Naruto Tome 37 Japflap HQ by Gaara-fr.com\Naruto_ch331-FR-[Japflap]\Thumbs.db
C:\Documents and Settings\Antho\Bureau\Mes images\Naruto Tome 37 Japflap HQ by Gaara-fr.com\Naruto_ch331-FR-[Japflap]\bonus\Thumbs.db
C:\Documents and Settings\Antho\Bureau\Mes images\Naruto Tome 37 Japflap HQ by Gaara-fr.com\Naruto_ch332-FR-[Japflap]\Thumbs.db
C:\Documents and Settings\Antho\Bureau\Mes images\Naruto Tome 37 Japflap HQ by Gaara-fr.com\Naruto_ch332-FR-[Japflap]\bonus\Thumbs.db
C:\Documents and Settings\Antho\Bureau\Mes images\Naruto Tome 37 Japflap HQ by Gaara-fr.com\Naruto_ch333-FR-[Japflap]\bonus\Thumbs.db
C:\Documents and Settings\Antho\Bureau\Mes images\Naruto Tome 37 Japflap HQ by Gaara-fr.com\Naruto_ch334-FR-[Japflap]\bonus\Thumbs.db
C:\Documents and Settings\Antho\Bureau\Mes images\Naruto Tome 37 Japflap HQ by Gaara-fr.com\Naruto_ch337-FR-[Japflap]\bonus\Thumbs.db
C:\Documents and Settings\Antho\Bureau\Mes images\Naruto Tome 37 Japflap HQ by Gaara-fr.com\Naruto_ch338-FR-[Japflap]\bonus\Thumbs.db
C:\Documents and Settings\Antho\Bureau\Mes images\Naruto Tome 37 Japflap HQ by Gaara-fr.com\Naruto_ch339-FR-[Japflap]\Thumbs.db
C:\Documents and Settings\Antho\Bureau\Mes images\Naruto Tome 37 Japflap HQ by Gaara-fr.com\Naruto_ch339-FR-[Japflap]\bonus\Thumbs.db
C:\Documents and Settings\Antho\Bureau\Mes images\Naruto Tome 38 Japflap HQ by Gaara-fr.com\Naruto_ch340-FR-[Japflap]\Thumbs.db
C:\Documents and Settings\Antho\Bureau\Mes images\Naruto Tome 38 Japflap HQ by Gaara-fr.com\Naruto_ch340-FR-[Japflap]\bonus\Thumbs.db
C:\Documents and Settings\Antho\Bureau\Mes images\Naruto Tome 38 Japflap HQ by Gaara-fr.com\Naruto_ch341-FR-[Japflap]\Thumbs.db
C:\Documents and Settings\Antho\Bureau\Mes images\Naruto Tome 38 Japflap HQ by Gaara-fr.com\Naruto_ch341-FR-[Japflap]\bonus\Thumbs.db
C:\Documents and Settings\Antho\Bureau\Mes images\Naruto Tome 38 Japflap HQ by Gaara-fr.com\Naruto_ch342-FR-[Japflap]\Thumbs.db
C:\Documents and Settings\Antho\Bureau\Mes images\Naruto Tome 38 Japflap HQ by Gaara-fr.com\Naruto_ch342-FR-[Japflap]\bonus\Thumbs.db
C:\Documents and Settings\Antho\Bureau\Mes images\Naruto Tome 38 Japflap HQ by Gaara-fr.com\Naruto_ch342-FR-[Japflap]\fix\Thumbs.db
C:\Documents and Settings\Antho\Bureau\Mes images\Naruto Tome 38 Japflap HQ by Gaara-fr.com\Naruto_ch343-FR-[Japflap]\Thumbs.db
C:\Documents and Settings\Antho\Bureau\Mes images\Naruto Tome 38 Japflap HQ by Gaara-fr.com\Naruto_ch343-FR-[Japflap]\bonus\Thumbs.db
C:\Documents and Settings\Antho\Bureau\Mes images\Naruto Tome 38 Japflap HQ by Gaara-fr.com\Naruto_ch344-FR-[Japflap]\Thumbs.db
C:\Documents and Settings\Antho\Bureau\Mes images\Naruto Tome 38 Japflap HQ by Gaara-fr.com\Naruto_ch344-FR-[Japflap]\bonus\Thumbs.db
C:\Documents and Settings\Antho\Bureau\Mes images\Naruto Tome 38 Japflap HQ by Gaara-fr.com\Naruto_ch345-FR-[Japflap]\Thumbs.db
C:\Documents and Settings\Antho\Bureau\Mes images\Naruto Tome 38 Japflap HQ by Gaara-fr.com\Naruto_ch345-FR-[Japflap]\bonus\Thumbs.db
C:\Documents and Settings\Antho\Bureau\Mes images\Naruto Tome 38 Japflap HQ by Gaara-fr.com\Naruto_ch346-FR-[Japflap]\Thumbs.db
C:\Documents and Settings\Antho\Bureau\Mes images\Naruto Tome 38 Japflap HQ by Gaara-fr.com\Naruto_ch346-FR-[Japflap]\bonus\Thumbs.db
C:\Documents and Settings\Antho\Bureau\Mes images\Naruto Tome 38 Japflap HQ by Gaara-fr.com\Naruto_ch347-FR-[Japflap]\Thumbs.db
C:\Documents and Settings\Antho\Bureau\Mes images\Naruto Tome 38 Japflap HQ by Gaara-fr.com\Naruto_ch347-FR-[Japflap]\bonus\Thumbs.db
C:\Documents and Settings\Antho\Bureau\Mes images\Naruto Tome 38 Japflap HQ by Gaara-fr.com\Naruto_ch348-FR-[Japflap]\Thumbs.db
C:\Documents and Settings\Antho\Bureau\Mes images\Naruto Tome 38 Japflap HQ by Gaara-fr.com\Naruto_ch348-FR-[Japflap]\bonus\Thumbs.db
C:\Documents and Settings\Antho\Bureau\Mes images\Naruto Tome 38 Japflap HQ by Gaara-fr.com\Naruto_ch349-FR-[Japflap]\Thumbs.db
C:\Documents and Settings\Antho\Bureau\Mes images\Naruto Tome 38 Japflap HQ by Gaara-fr.com\Naruto_ch349-FR-[Japflap]\bonus\Thumbs.db
C:\Documents and Settings\Antho\Local Settings\Application Data\Microsoft\Messenger\Anthony_Italia06@hotmail.com\Sharing Folders\nico--7@hotmail.com\Thumbs.db
C:\Documents and Settings\Antho\Local Settings\Application Data\Microsoft\Messenger\Anthony_Italia06@hotmail.com\Sharing Folders\zibou99@msn.com\Thumbs.db
C:\Documents and Settings\Antho\Local Settings\Application Data\Microsoft\Messenger\anthony_linkin_park@hotmail.com\Sharing Folders\nico--7@hotmail.com\Thumbs.db
C:\Documents and Settings\Nicolas\Local Settings\Application Data\Microsoft\Messenger\anthony_linkin_park@hotmail.com\Sharing Folders\nico--7@hotmail.com\Thumbs.db
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp
C:\Documents and Settings\Antho\Mes documents\~WRL0004.tmp
C:\Documents and Settings\Antho\Mes documents\~WRL0650.tmp
C:\Documents and Settings\Antho\Mes documents\~WRL0988.tmp
C:\Documents and Settings\Antho\Mes documents\~WRL1991.tmp

Finished



Hijack =>


Logfile of HijackThis v1.99.1
Scan saved at 11:00:06, on 16/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ICRAplus\ICRAplus\ICRAplus.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
C:\Program Files\ICRAplus\RDFLabel\RDFLabel.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fox Magic\ScreenVirtuoso Pro 2.50\dxlock.exe
C:\Program Files\Larousse\Encyclopédie Universelle Larousse\bin\hyperappel.exe
C:\HijackThis.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Belgacom Skynet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;;localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Program Files\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Program Files\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Program Files\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S85.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [dxlock] C:\Program Files\Fox Magic\ScreenVirtuoso Pro 2.50\dxlock.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Startup: MaxTV.lnk = C:\Program Files\DMV\MaxTV\MaxTV.exe
O4 - Global Startup: Hyperappel de l'Encyclopédie Universelle Larousse.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: SWF Capture tool - C:\Program Files\Eltima Software\Flash Decompiler\iebt.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
O14 - IERESET.INF: START_PAGE_URL=https://www.proximus.be/pickx
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.coolstreaming.us/webtv/tvkoo/KooPlayer.ocx
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://bagnolavela.axiscam.net/activex/AMC.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
Juugoo Messages postés 16 Date d'inscription vendredi 8 juin 2007 Statut Membre Dernière intervention 23 juillet 2007
19 juil. 2007 à 17:38
Bonjour,

Est-il possible que je sois infecté par le virus "CarpeDiem" car il m'as semblé voir carpe diem dans l'URL d'un pop-up !!

Voilà en ésperant que cette info puisse nous faire avancer ;-)

@+++
0