Je suis infecte qui pourrait maider svphijack
Résolu
zuul
-
philae83 Messages postés 12854 Statut Contributeur sécurité -
philae83 Messages postés 12854 Statut Contributeur sécurité -
bonsoir
j ai un peu lu differents problemes d infections de virus c est dans ce cas que je me trouve!malgre avaast et des reglages corrects j ai des virus que seul avaast me signale en scan residant mais ils reviennent sans cesse j ai beau supprimer a chaque fois ils reviennent meme quelques secondes apres j ai essaye plusieurs logiciels gratuis pour desinfecter comme norton scan adware 2007 spywarefighter spybot.. et multivirus cleaner 2007 mais ils ne me les trouvent pas il n y a que norton scan qui en voit un (virtumonde et starware) sinon ceux qui m apparraissent et me bloquent certaines fonctionnnalites sont Vundo-gen48 ; tiny;onlygames; et un autre dont je ne me souviens plusEnfin bref j ai commence a effacer tout ce que je trouve inutile sur mon pc et je me préparait a formater mon disque dur mais j avoue que cela m ennui beaucoup car il y a beaucoup de donnees et j ai peur qu en les enregistrant sur un support amovible qu un virus le suiveJ ai donc fait un rapport hijackhthis ce qui est apparrement nécessaire mais comme cela est indiqué je fais appel a un expert pour ne pas supprime ce qu il ne faut pas!je remercie d avance celui ou celle qui pourra me sortir de ce fichu petrin
Logfile of HijackThis v1.99.1
Scan saved at 20:03:30, on 12/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\cisvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\windows\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\windows\System32\snmp.exe
C:\windows\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\System32\alg.exe
C:\windows\system32\cidaemon.exe
C:\windows\Explorer.EXE
C:\windows\system32\wuauclt.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\windows\mHotkey.exe
C:\windows\CNYHKey.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\windows\RTHDCPL.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Program Files\Club-Internet\Le Compagnon Club\bin\mpbtn.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: (no name) - {300a1872-2659-460f-b7d4-3fcdfd259d87} - C:\Program Files\Starware370\bin\Starware370.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezobho.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
O2 - BHO: (no name) - {E9F15ACE-1E4B-42A8-AF2E-6EDFD0671C3D} - C:\windows\system32\vtsqn.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Share Accelerator Toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbShar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Starware Toolbar Musique - {dd37610c-baa7-4541-b6e9-fae7d78d49d5} - C:\Program Files\Starware370\bin\Starware370.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Showwnd] showwnd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_SD6B.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?f32452549b2742cdaef52ece3871069d
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?f32452549b2742cdaef52ece3871069d
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4E8A3661-FB5B-4AEF-BF60-B0E9712FAE49} (Silverwire Image Uploader 3.0 Control) - http://cdiscount.htmlupload.com/upload/JavaActiveX/ImageUploader3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://zuulc.wordpress.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.leaderphoto.com/uploaders/ImageUploader3.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - http://espaceabonnes.club-internet.fr/services/symantec/SymDlBrg.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\cyracqfr.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
j ai un peu lu differents problemes d infections de virus c est dans ce cas que je me trouve!malgre avaast et des reglages corrects j ai des virus que seul avaast me signale en scan residant mais ils reviennent sans cesse j ai beau supprimer a chaque fois ils reviennent meme quelques secondes apres j ai essaye plusieurs logiciels gratuis pour desinfecter comme norton scan adware 2007 spywarefighter spybot.. et multivirus cleaner 2007 mais ils ne me les trouvent pas il n y a que norton scan qui en voit un (virtumonde et starware) sinon ceux qui m apparraissent et me bloquent certaines fonctionnnalites sont Vundo-gen48 ; tiny;onlygames; et un autre dont je ne me souviens plusEnfin bref j ai commence a effacer tout ce que je trouve inutile sur mon pc et je me préparait a formater mon disque dur mais j avoue que cela m ennui beaucoup car il y a beaucoup de donnees et j ai peur qu en les enregistrant sur un support amovible qu un virus le suiveJ ai donc fait un rapport hijackhthis ce qui est apparrement nécessaire mais comme cela est indiqué je fais appel a un expert pour ne pas supprime ce qu il ne faut pas!je remercie d avance celui ou celle qui pourra me sortir de ce fichu petrin
Logfile of HijackThis v1.99.1
Scan saved at 20:03:30, on 12/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\cisvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\windows\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\windows\System32\snmp.exe
C:\windows\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\System32\alg.exe
C:\windows\system32\cidaemon.exe
C:\windows\Explorer.EXE
C:\windows\system32\wuauclt.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\windows\mHotkey.exe
C:\windows\CNYHKey.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\windows\RTHDCPL.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Program Files\Club-Internet\Le Compagnon Club\bin\mpbtn.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: (no name) - {300a1872-2659-460f-b7d4-3fcdfd259d87} - C:\Program Files\Starware370\bin\Starware370.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezobho.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
O2 - BHO: (no name) - {E9F15ACE-1E4B-42A8-AF2E-6EDFD0671C3D} - C:\windows\system32\vtsqn.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Share Accelerator Toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbShar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Starware Toolbar Musique - {dd37610c-baa7-4541-b6e9-fae7d78d49d5} - C:\Program Files\Starware370\bin\Starware370.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Showwnd] showwnd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_SD6B.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?f32452549b2742cdaef52ece3871069d
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?f32452549b2742cdaef52ece3871069d
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4E8A3661-FB5B-4AEF-BF60-B0E9712FAE49} (Silverwire Image Uploader 3.0 Control) - http://cdiscount.htmlupload.com/upload/JavaActiveX/ImageUploader3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://zuulc.wordpress.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.leaderphoto.com/uploaders/ImageUploader3.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - http://espaceabonnes.club-internet.fr/services/symantec/SymDlBrg.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\cyracqfr.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
A voir également:
- Je suis infecte qui pourrait maider svphijack
- Alerte windows ordinateur infecté - Accueil - Arnaque
- Si ce site existait, quelle adresse pourrait-on saisir pour tenter d’accéder directement à la page d’accueil ? - Forum Facebook
- L'ordinateur d'arthur a été infecté par un virus répertorié récemment ✓ - Forum Virus
- Vérifier que firefox a l’autorisation d’accéder au web (votre connexion pourrait être effective, mais protégée par un pare-feu) ✓ - Forum Mozilla Firefox
- Retirer bouclier pare-feu sur l'icone firefox ✓ - Forum Windows
66 réponses
il se fait tard je ne vais pas te deranger plus longtemps pour ce soir et j ai besoin de sommeil aussi si tu le veux bien on pourra reprendre demain ou laisse moi des instructions et j appliquerai en tout cas grand grand merci je pense qu un gros traail a ete fait grace a toi c est tres rassurant de pouvoir compter sur la gratitude de certain sur ce forum
te souhaites une bonne nuit et j espere a bientot
te souhaites une bonne nuit et j espere a bientot
ok, bonne nuit à demain, je vais te mettre la suite, demain par contre je ne serais peut être pas présente avant le soir
* Télécharge combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Double clique combofix.exe.
* Tape sur la touche Y (Yes) pour démarrer le scan.
* Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
ainsi qu'un nouveau rapport hiajckthis
* Télécharge combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Double clique combofix.exe.
* Tape sur la touche Y (Yes) pour démarrer le scan.
* Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
ainsi qu'un nouveau rapport hiajckthis
bonjour
impossible de lancer le scanonline de bitdefender il m ecrit un truc avec hostfix....
par contre j ai fais combo voii le rapport
ComboFix 07-09-10.6 - "ZUUL" 2007-09-13 12:19:25.1 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.33.1036.18.436 [GMT 2:00]
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\563_button_1b_def.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\563_button_1b_over.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\572_button_1b_def.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\572_button_1b_over.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\573_button_1b_def.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\573_button_1b_over.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\Button_60.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\Button_60.bmp_new
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\Button_70.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\Button_70.bmp_new
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\Button_80.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\Button_80.bmp_new
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\FindIt.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\FindItHot.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\findithotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\finditxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\logo.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\logoxp.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\contexts\error.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\contexts\Related.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\contexts\Travel.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\SimpleUpdate\ProductMessagingConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\SimpleUpdate\SimpleUpdateConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\SimpleUpdate\TimerManagerConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\SimpleUpdate\TimerManagerConfig.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\BrowserSearch\BrowserSearch.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\BrowserSearch\BrowserSearch.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Button_6\Button_6Options.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Button_6\Button_6Options.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Button_7\Button_7Options.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Button_7\Button_7Options.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Button_8\Button_8Options.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Button_8\Button_8Options.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Configurator\Configurator.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Configurator\Configurator.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\ErrorSearch\ErrorSearchOptions.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\ErrorSearch\ErrorSearchOptions.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Layouts\ToolbarLayout.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Layouts\ToolbarLayout.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Manager\ManagerOptions.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Manager\ManagerOptions.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Paroles\ParolesOptions.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Paroles\ParolesOptions.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Radio_FR\Radio_FROptions.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Radio_FR\Radio_FROptions.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Recherche_de_musique\Recherche_de_musiqueOptions.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Recherche_de_musique\Recherche_de_musiqueOptions.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\RelatedSearch\RelatedSearchOptions.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\RelatedSearch\RelatedSearchOptions.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Telechargement\TelechargementOptions.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Telechargement\TelechargementOptions.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Toolbar\TBProductsOptions.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Toolbar\TBProductsOptions.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\ToolbarLogo\ToolbarLogoOptions.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\ToolbarSearch\ToolbarSearchOptions.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\TravelSearch\TravelSearchOptions.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\TravelSearch\TravelSearchOptions.xml.backup
C:\DOCUME~1\DELPHINE\err.log
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\BrowserSearch\BrowserSearch.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\BrowserSearch\BrowserSearch.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Button_6\Button_6Options.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Button_6\Button_6Options.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Button_7\Button_7Options.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Button_7\Button_7Options.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Button_8\Button_8Options.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Button_8\Button_8Options.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Configurator\Configurator.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Configurator\Configurator.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\ErrorSearch\ErrorSearchOptions.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\ErrorSearch\ErrorSearchOptions.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Layouts\ToolbarLayout.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Layouts\ToolbarLayout.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Manager\ManagerOptions.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Manager\ManagerOptions.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Paroles\ParolesOptions.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Paroles\ParolesOptions.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Radio_FR\Radio_FROptions.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Radio_FR\Radio_FROptions.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Recherche_de_musique\Recherche_de_musiqueOptions.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Recherche_de_musique\Recherche_de_musiqueOptions.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\RelatedSearch\RelatedSearchOptions.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\RelatedSearch\RelatedSearchOptions.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Telechargement\TelechargementOptions.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Telechargement\TelechargementOptions.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Toolbar\TBProductsOptions.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Toolbar\TBProductsOptions.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\ToolbarLogo\ToolbarLogoOptions.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\ToolbarSearch\ToolbarSearchOptions.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\TravelSearch\TravelSearchOptions.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\TravelSearch\TravelSearchOptions.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\macromedia\Flash Player\#SharedObjects\XFKQR7M7\www.broadcaster.com
C:\DOCUME~1\ZUUL\APPLIC~1\macromedia\Flash Player\#SharedObjects\XFKQR7M7\www.broadcaster.com\played_list.sol
C:\DOCUME~1\ZUUL\APPLIC~1\macromedia\Flash Player\#SharedObjects\XFKQR7M7\www.broadcaster.com\video_queue.sol
C:\DOCUME~1\ZUUL\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\ZUUL\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\BrowserSearch\BrowserSearch.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\BrowserSearch\BrowserSearch.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Button_6\Button_6Options.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Button_6\Button_6Options.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Button_7\Button_7Options.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Button_7\Button_7Options.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Button_8\Button_8Options.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Button_8\Button_8Options.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Configurator\Configurator.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Configurator\Configurator.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\ErrorSearch\ErrorSearchOptions.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\ErrorSearch\ErrorSearchOptions.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Layouts\ToolbarLayout.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Layouts\ToolbarLayout.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Manager\ManagerOptions.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Manager\ManagerOptions.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Paroles\ParolesOptions.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Paroles\ParolesOptions.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Radio_FR\Radio_FROptions.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Radio_FR\Radio_FROptions.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Recherche_de_musique\Recherche_de_musiqueOptions.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Recherche_de_musique\Recherche_de_musiqueOptions.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\RelatedSearch\RelatedSearchOptions.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\RelatedSearch\RelatedSearchOptions.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Telechargement\TelechargementOptions.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Telechargement\TelechargementOptions.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Toolbar\TBProductsOptions.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Toolbar\TBProductsOptions.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\ToolbarLogo\ToolbarLogoOptions.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\ToolbarSearch\ToolbarSearchOptions.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\TravelSearch\TravelSearchOptions.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\TravelSearch\TravelSearchOptions.xml.backup
C:\Program Files\autorun.inf
C:\windows\system\msmsgc.cmd
C:\windows\system\msn.dat
C:\windows\system\svchost.dat
C:\windows\system32\awtss.dll
C:\WINDOWS\system32\ffhkj.tmp
C:\windows\system32\jkhff.dll
C:\windows\system32\sstqo.dll
C:\WINDOWS\system32\tvvwa.bak1
C:\WINDOWS\system32\tvvwa.ini
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((((((( Fichiers créés 2007-08-13 to 2007-09-13 ))))))))))))))))))))))))))))))))))))
.
2007-09-13 12:17 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-12 21:22 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-09-12 20:02 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2007-09-12 19:31 <REP> d-------- C:\VundoFix Backups
2007-09-12 18:20 6,944 ---hs---- C:\WINDOWS\system32\nqstv.bak2
2007-09-12 13:08 <REP> d-------- C:\DOCUME~1\ZUUL\DoctorWeb
2007-09-12 12:29 <REP> d-------- C:\Program Files\AxBx
2007-09-12 09:51 6,448 ---hs---- C:\WINDOWS\system32\nqstv.bak1
2007-09-12 09:51 244,832 --a------ C:\WINDOWS\system32\vtsqn.dll
2007-09-11 22:47 <REP> d-------- C:\Program Files\mvc
2007-09-11 22:43 <REP> d-------- C:\Program Files\7-Zip
2007-09-10 08:10 244,832 --------- C:\WINDOWS\system32\awvvt.dll
2007-09-09 21:06 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-09-08 14:34 <REP> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\X10 Commander
2007-09-08 13:57 933,891 ---hs---- C:\WINDOWS\system32\jjllm.bak2
2007-09-08 12:08 6,741 ---hs---- C:\WINDOWS\system32\jjllm.ini2
2007-09-08 08:17 6,448 ---hs---- C:\WINDOWS\system32\jjllm.bak1
2007-09-08 08:16 244,832 --a------ C:\WINDOWS\system32\mlljj.dll
2007-09-06 21:45 <REP> d-------- C:\Program Files\Nero
2007-09-03 22:00 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-12 22:05 --------- d-------- C:\Program Files\Macrogaming
2007-09-12 13:36 --------- d-------- C:\Program Files\Norton Security Scan
2007-09-12 12:30 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
2007-09-11 22:45 1452881 --a------ C:\Program Files\mvc.zip
2007-09-11 21:59 --------- d-------- C:\Program Files\Google
2007-09-11 21:45 --------- d-------- C:\Program Files\Encarta
2007-09-11 21:34 --------- d-------- C:\Program Files\DivX
2007-09-10 13:37 --------- d-------- C:\DOCUME~1\ZUUL\APPLIC~1\Azureus
2007-09-10 13:28 --------- d-------- C:\Program Files\Fichiers communs\Autodesk Shared
2007-09-10 13:27 --------- d-------- C:\Program Files\AnswerWorks 4.0
2007-09-10 13:23 --------- d-------- C:\Program Files\Autodesk
2007-09-10 13:23 --------- d-------- C:\DOCUME~1\ZUUL\APPLIC~1\Autodesk
2007-09-10 13:23 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk
2007-09-10 12:23 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-09-10 12:23 --------- d-------- C:\Program Files\Windows Live Toolbar
2007-09-10 12:23 --------- d-------- C:\Program Files\USB Disk Win98 Driver
2007-09-10 12:23 --------- d-------- C:\Program Files\Pontifex II
2007-09-10 12:23 --------- d-------- C:\Program Files\Microsoft Works
2007-09-10 12:23 --------- d-------- C:\Program Files\Microsoft Digital Image 2006
2007-09-10 12:23 --------- d-------- C:\Program Files\LimeWire
2007-09-10 12:23 --------- d-------- C:\Program Files\AOL Toolbar
2007-09-09 21:12 --------- d-------- C:\Program Files\Fichiers communs\Ahead
2007-09-08 21:33 --------- d-------- C:\Program Files\VideoLAN
2007-09-08 14:35 --------- d-------- C:\Program Files\Fichiers communs\AOL
2007-09-08 14:33 --------- d-------- C:\DOCUME~1\ZUUL\APPLIC~1\AOL
2007-09-08 14:33 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-09-08 14:29 --------- d-------- C:\DOCUME~1\ZUUL\APPLIC~1\SmartCom
2007-09-08 14:29 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\RTE
2007-09-08 14:17 --------- d-------- C:\Program Files\Fichiers communs\Logitech
2007-09-08 14:11 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-08 14:09 --------- d-------- C:\Program Files\AutoCAD 2005
2007-09-08 14:08 --------- d-------- C:\Program Files\eco_dora1
2007-09-08 14:07 --------- d-------- C:\Program Files\Atlantis3D
2007-09-08 14:04 --------- d-------- C:\Program Files\Common Files
2007-09-08 14:01 --------- d-------- C:\DOCUME~1\NOEMIE\APPLIC~1\AOL
2007-09-08 14:01 --------- d-------- C:\DOCUME~1\INTERD~1\APPLIC~1\AOL
2007-09-08 14:01 --------- d-------- C:\DOCUME~1\FLORIAN\APPLIC~1\AOL
2007-09-08 14:01 --------- d-------- C:\DOCUME~1\DELPHINE\APPLIC~1\AOL
2007-09-08 14:01 --------- d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\AOL
2007-09-06 22:46 --------- d-------- C:\DOCUME~1\ZUUL\APPLIC~1\Ahead
2007-09-04 22:35 --------- d-------- C:\Program Files\Ahead
2007-09-04 19:12 --------- d-------- C:\Program Files\eMule
2007-09-03 22:00 --------- d-------- C:\DOCUME~1\ZUUL\APPLIC~1\Lavasoft
2007-09-02 09:20 --------- d-------- C:\Program Files\Azureus
2007-08-14 21:00 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-08-10 13:30 --------- d-------- C:\Program Files\Neuf
2007-08-07 16:35 --------- d-------- C:\DOCUME~1\FLORIAN\APPLIC~1\DivX
2007-08-07 16:35 --------- d-------- C:\DOCUME~1\FLORIAN\APPLIC~1\Ahead
2007-07-28 00:02 94416 --a------ C:\windows\system32\drivers\aswmon2.sys
2007-07-28 00:02 92848 --a------ C:\windows\system32\drivers\aswmon.sys
2007-07-28 00:00 23152 --a------ C:\windows\system32\drivers\aswRdr.sys
2007-07-27 23:59 42912 --a------ C:\windows\system32\drivers\aswTdi.sys
2007-07-27 23:58 26624 --a------ C:\windows\system32\drivers\aavmker4.sys
2007-07-21 10:57 --------- d-------- C:\DOCUME~1\DELPHINE\APPLIC~1\vlc
2007-07-20 20:37 --------- d-------- C:\Program Files\Destinator PC Portal
2007-07-20 20:37 --------- d-------- C:\DOCUME~1\ZUUL\APPLIC~1\Destinator
2007-07-13 21:17 --------- d-------- C:\Program Files\InstantTouch
2007-06-13 15:22 1037312 --a------ C:\windows\explorer.exe
2007-04-28 11:28 13905464 --a------ C:\Program Files\snagit.exe
2007-02-05 19:52 4608 --ahs---- C:\Program Files\Thumbs.db
2006-11-09 14:24 4300800 --ah----- C:\Program Files\NeroStartSmart.exe
2006-09-25 04:13 12616042 --a------ C:\Program Files\Techsmith.Snagit.v8.1.0.incl.keygen-Zwt.by.ChingLiu.rar
2006-09-09 10:06 2935293 --a------ C:\Program Files\Microsoft Power Point Viewer 8.0.zip
2006-05-07 10:55 482 --a------ C:\Program Files\Raccourci vers Jardins3D.lnk
2005-09-15 11:01 6697656 --a------ C:\Program Files\eDrawingsFrench.exe
2004-07-22 10:51 3432656 --a------ C:\Program Files\ManagedDX.CAB
2004-07-19 22:58 1156363 --a------ C:\Program Files\BDANT.cab
2004-07-19 22:53 976020 --a------ C:\Program Files\BDAXP.cab
2004-07-09 14:17 13265040 --a------ C:\Program Files\dxnt.cab
2004-07-09 09:13 703080 --a------ C:\Program Files\BDA.cab
2004-07-09 09:13 15493481 --a------ C:\Program Files\DirectX.cab
2004-07-09 04:08 472576 --a------ C:\Program Files\dxsetup.exe
2004-07-09 04:08 2242560 --a------ C:\Program Files\dsetup32.dll
2004-07-09 03:03 62976 --a------ C:\Program Files\DSETUP.dll
2003-03-19 08:20 1060864 --a------ C:\Program Files\MFC71.dll
2003-03-19 08:14 499712 --a------ C:\Program Files\msvcp71.dll
2003-03-18 20:05 106496 --a------ C:\Program Files\atl71.dll
2003-02-21 16:42 348160 --a------ C:\Program Files\msvcr71.dll
2002-10-23 14:37 9314 --a------ C:\Program Files\readme.txt
1999-06-25 10:55 149504 --a------ C:\Program Files\UNWISE.EXE
--------- C:\Program Files\Hijackthis Version Française
2005-11-04 12:00:05 56 --sha-r C:\windows\system32\07E9BADCB3.sys
2006-09-03 17:49:04 56 --sha-r C:\windows\system32\20A9F74845.sys
2005-10-19 19:19:28 8 --sha-r C:\windows\system32\CFE20AE075.sys
2006-09-03 17:49:04 10,332 --sha-w C:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1EEC233D-F279-4933-9C71-B71867403425}]
2007-09-12 09:51 244832 --a------ C:\windows\system32\vtsqn.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-10 21:49]
"CmUCRRun"="C:\WINDOWS\system32\CmUCReye.exe" [2006-06-22 20:17]
"CHotkey"="mHotkey.exe" [2004-12-08 18:57 C:\WINDOWS\mHotkey.exe]
"ledpointer"="CNYHKey.exe" [2005-11-10 15:41 C:\WINDOWS\CNYHKey.exe]
"Showwnd"="showwnd.exe" [2003-09-18 21:09 C:\WINDOWS\ShowWnd.exe]
"PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2006-02-09 20:02]
"InstantOn"="C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe" [2005-09-22 13:19]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 17:16]
"StandardInstall"="" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03]
"EoEngine"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-18 16:20 C:\WINDOWS\RTHDCPL.EXE]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-31 09:18]
"EoWeather"="" []
"EoClock"="" []
"EoComputer"="" []
"EoRss"="" []
"EoNet"="" []
"EoSudoku"="" []
"EoPhoto"="" []
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 20:44]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-05 14:00]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 22:45]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-29 13:32]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45]
"MsnMsgr"="~C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59]
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\
Acc‚l‚rateur de d‚marrage AutoCAD.lnk - C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe [2005-03-05 08:18:22]
LE COMPAGNON CLUB.lnk - C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe [2006-11-20 21:26:13]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-01-23 20:17:01]
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2005-10-19 20:34:35]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\jkkji
R3 3xHybrid;3xHybrid service;C:\windows\system32\DRIVERS\3xHybrid.sys
R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;C:\windows\system32\DRIVERS\cmiucr.SYS
R3 XUIF;X10 USB Wireless Transceiver;C:\windows\system32\Drivers\x10ufx2.sys
S3 mu05bus;Sagem Communication Mobile Platform MU2005 driver (WDM);C:\windows\system32\DRIVERS\mu05bus.sys
S3 mu05mdfl;Sagem Communication MU2005 CDC WMC Modem Filter;C:\windows\system32\DRIVERS\mu05mdfl.sys
S3 mu05mdm;Sagem Communication MU2005 CDC WMC Modem Drivers;C:\windows\system32\DRIVERS\mu05mdm.sys
S3 mu05mgmt;Sagem Communication MU2005 CDC WMC Device Management Drivers;C:\windows\system32\DRIVERS\mu05mgmt.sys
S3 mu05obex;Sagem Communication MU2005 CDC WMC OBEX Interface Drivers;C:\windows\system32\DRIVERS\mu05obex.sys
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-09-09 17:49:09 C:\windows\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-07 15:08:48 C:\windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2007-09-13 10:33:01 C:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-13 13:08:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr = ~"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background??s
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-13 13:09:58 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-13 13:09
.
--- E O F ---
Et voici le rapport hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 13:13:51, on 13/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\cisvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\windows\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\windows\System32\snmp.exe
C:\windows\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\System32\alg.exe
C:\windows\system32\cidaemon.exe
C:\windows\Explorer.EXE
C:\windows\system32\wuauclt.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\windows\mHotkey.exe
C:\windows\CNYHKey.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\windows\RTHDCPL.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\Program Files\Club-Internet\Le Compagnon Club\bin\mpbtn.exe
C:\windows\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {1EEC233D-F279-4933-9C71-B71867403425} - C:\windows\system32\vtsqn.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Share Accelerator Toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbShar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Showwnd] showwnd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?f32452549b2742cdaef52ece3871069d
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?f32452549b2742cdaef52ece3871069d
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Voila apparrement ce fichu fichier et encore la je vais essayer de nouveau la procedure demarrer executer... puis je vais faire un scan minutieux avec avaast en attendant ta precieuse aide
a bientôt
impossible de lancer le scanonline de bitdefender il m ecrit un truc avec hostfix....
par contre j ai fais combo voii le rapport
ComboFix 07-09-10.6 - "ZUUL" 2007-09-13 12:19:25.1 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.33.1036.18.436 [GMT 2:00]
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\563_button_1b_def.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\563_button_1b_over.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\572_button_1b_def.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\572_button_1b_over.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\573_button_1b_def.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\573_button_1b_over.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\Button_60.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\Button_60.bmp_new
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\Button_70.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\Button_70.bmp_new
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\Button_80.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\Button_80.bmp_new
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\FindIt.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\FindItHot.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\findithotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\finditxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\logo.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\logoxp.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\contexts\error.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\contexts\Related.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\contexts\Travel.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\SimpleUpdate\ProductMessagingConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\SimpleUpdate\SimpleUpdateConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\SimpleUpdate\TimerManagerConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\SimpleUpdate\TimerManagerConfig.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\BrowserSearch\BrowserSearch.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\BrowserSearch\BrowserSearch.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Button_6\Button_6Options.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Button_6\Button_6Options.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Button_7\Button_7Options.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Button_7\Button_7Options.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Button_8\Button_8Options.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Button_8\Button_8Options.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Configurator\Configurator.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Configurator\Configurator.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\ErrorSearch\ErrorSearchOptions.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\ErrorSearch\ErrorSearchOptions.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Layouts\ToolbarLayout.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Layouts\ToolbarLayout.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Manager\ManagerOptions.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Manager\ManagerOptions.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Paroles\ParolesOptions.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Paroles\ParolesOptions.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Radio_FR\Radio_FROptions.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Radio_FR\Radio_FROptions.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Recherche_de_musique\Recherche_de_musiqueOptions.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Recherche_de_musique\Recherche_de_musiqueOptions.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\RelatedSearch\RelatedSearchOptions.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\RelatedSearch\RelatedSearchOptions.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Telechargement\TelechargementOptions.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Telechargement\TelechargementOptions.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Toolbar\TBProductsOptions.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Toolbar\TBProductsOptions.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\ToolbarLogo\ToolbarLogoOptions.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\ToolbarSearch\ToolbarSearchOptions.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\TravelSearch\TravelSearchOptions.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\TravelSearch\TravelSearchOptions.xml.backup
C:\DOCUME~1\DELPHINE\err.log
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\BrowserSearch\BrowserSearch.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\BrowserSearch\BrowserSearch.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Button_6\Button_6Options.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Button_6\Button_6Options.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Button_7\Button_7Options.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Button_7\Button_7Options.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Button_8\Button_8Options.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Button_8\Button_8Options.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Configurator\Configurator.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Configurator\Configurator.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\ErrorSearch\ErrorSearchOptions.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\ErrorSearch\ErrorSearchOptions.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Layouts\ToolbarLayout.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Layouts\ToolbarLayout.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Manager\ManagerOptions.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Manager\ManagerOptions.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Paroles\ParolesOptions.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Paroles\ParolesOptions.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Radio_FR\Radio_FROptions.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Radio_FR\Radio_FROptions.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Recherche_de_musique\Recherche_de_musiqueOptions.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Recherche_de_musique\Recherche_de_musiqueOptions.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\RelatedSearch\RelatedSearchOptions.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\RelatedSearch\RelatedSearchOptions.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Telechargement\TelechargementOptions.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Telechargement\TelechargementOptions.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Toolbar\TBProductsOptions.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Toolbar\TBProductsOptions.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\ToolbarLogo\ToolbarLogoOptions.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\ToolbarSearch\ToolbarSearchOptions.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\TravelSearch\TravelSearchOptions.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\TravelSearch\TravelSearchOptions.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\macromedia\Flash Player\#SharedObjects\XFKQR7M7\www.broadcaster.com
C:\DOCUME~1\ZUUL\APPLIC~1\macromedia\Flash Player\#SharedObjects\XFKQR7M7\www.broadcaster.com\played_list.sol
C:\DOCUME~1\ZUUL\APPLIC~1\macromedia\Flash Player\#SharedObjects\XFKQR7M7\www.broadcaster.com\video_queue.sol
C:\DOCUME~1\ZUUL\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\ZUUL\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\BrowserSearch\BrowserSearch.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\BrowserSearch\BrowserSearch.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Button_6\Button_6Options.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Button_6\Button_6Options.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Button_7\Button_7Options.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Button_7\Button_7Options.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Button_8\Button_8Options.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Button_8\Button_8Options.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Configurator\Configurator.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Configurator\Configurator.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\ErrorSearch\ErrorSearchOptions.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\ErrorSearch\ErrorSearchOptions.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Layouts\ToolbarLayout.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Layouts\ToolbarLayout.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Manager\ManagerOptions.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Manager\ManagerOptions.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Paroles\ParolesOptions.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Paroles\ParolesOptions.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Radio_FR\Radio_FROptions.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Radio_FR\Radio_FROptions.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Recherche_de_musique\Recherche_de_musiqueOptions.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Recherche_de_musique\Recherche_de_musiqueOptions.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\RelatedSearch\RelatedSearchOptions.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\RelatedSearch\RelatedSearchOptions.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Telechargement\TelechargementOptions.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Telechargement\TelechargementOptions.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Toolbar\TBProductsOptions.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Toolbar\TBProductsOptions.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\ToolbarLogo\ToolbarLogoOptions.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\ToolbarSearch\ToolbarSearchOptions.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\TravelSearch\TravelSearchOptions.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\TravelSearch\TravelSearchOptions.xml.backup
C:\Program Files\autorun.inf
C:\windows\system\msmsgc.cmd
C:\windows\system\msn.dat
C:\windows\system\svchost.dat
C:\windows\system32\awtss.dll
C:\WINDOWS\system32\ffhkj.tmp
C:\windows\system32\jkhff.dll
C:\windows\system32\sstqo.dll
C:\WINDOWS\system32\tvvwa.bak1
C:\WINDOWS\system32\tvvwa.ini
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((((((( Fichiers créés 2007-08-13 to 2007-09-13 ))))))))))))))))))))))))))))))))))))
.
2007-09-13 12:17 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-12 21:22 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-09-12 20:02 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2007-09-12 19:31 <REP> d-------- C:\VundoFix Backups
2007-09-12 18:20 6,944 ---hs---- C:\WINDOWS\system32\nqstv.bak2
2007-09-12 13:08 <REP> d-------- C:\DOCUME~1\ZUUL\DoctorWeb
2007-09-12 12:29 <REP> d-------- C:\Program Files\AxBx
2007-09-12 09:51 6,448 ---hs---- C:\WINDOWS\system32\nqstv.bak1
2007-09-12 09:51 244,832 --a------ C:\WINDOWS\system32\vtsqn.dll
2007-09-11 22:47 <REP> d-------- C:\Program Files\mvc
2007-09-11 22:43 <REP> d-------- C:\Program Files\7-Zip
2007-09-10 08:10 244,832 --------- C:\WINDOWS\system32\awvvt.dll
2007-09-09 21:06 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-09-08 14:34 <REP> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\X10 Commander
2007-09-08 13:57 933,891 ---hs---- C:\WINDOWS\system32\jjllm.bak2
2007-09-08 12:08 6,741 ---hs---- C:\WINDOWS\system32\jjllm.ini2
2007-09-08 08:17 6,448 ---hs---- C:\WINDOWS\system32\jjllm.bak1
2007-09-08 08:16 244,832 --a------ C:\WINDOWS\system32\mlljj.dll
2007-09-06 21:45 <REP> d-------- C:\Program Files\Nero
2007-09-03 22:00 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-12 22:05 --------- d-------- C:\Program Files\Macrogaming
2007-09-12 13:36 --------- d-------- C:\Program Files\Norton Security Scan
2007-09-12 12:30 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
2007-09-11 22:45 1452881 --a------ C:\Program Files\mvc.zip
2007-09-11 21:59 --------- d-------- C:\Program Files\Google
2007-09-11 21:45 --------- d-------- C:\Program Files\Encarta
2007-09-11 21:34 --------- d-------- C:\Program Files\DivX
2007-09-10 13:37 --------- d-------- C:\DOCUME~1\ZUUL\APPLIC~1\Azureus
2007-09-10 13:28 --------- d-------- C:\Program Files\Fichiers communs\Autodesk Shared
2007-09-10 13:27 --------- d-------- C:\Program Files\AnswerWorks 4.0
2007-09-10 13:23 --------- d-------- C:\Program Files\Autodesk
2007-09-10 13:23 --------- d-------- C:\DOCUME~1\ZUUL\APPLIC~1\Autodesk
2007-09-10 13:23 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk
2007-09-10 12:23 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-09-10 12:23 --------- d-------- C:\Program Files\Windows Live Toolbar
2007-09-10 12:23 --------- d-------- C:\Program Files\USB Disk Win98 Driver
2007-09-10 12:23 --------- d-------- C:\Program Files\Pontifex II
2007-09-10 12:23 --------- d-------- C:\Program Files\Microsoft Works
2007-09-10 12:23 --------- d-------- C:\Program Files\Microsoft Digital Image 2006
2007-09-10 12:23 --------- d-------- C:\Program Files\LimeWire
2007-09-10 12:23 --------- d-------- C:\Program Files\AOL Toolbar
2007-09-09 21:12 --------- d-------- C:\Program Files\Fichiers communs\Ahead
2007-09-08 21:33 --------- d-------- C:\Program Files\VideoLAN
2007-09-08 14:35 --------- d-------- C:\Program Files\Fichiers communs\AOL
2007-09-08 14:33 --------- d-------- C:\DOCUME~1\ZUUL\APPLIC~1\AOL
2007-09-08 14:33 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-09-08 14:29 --------- d-------- C:\DOCUME~1\ZUUL\APPLIC~1\SmartCom
2007-09-08 14:29 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\RTE
2007-09-08 14:17 --------- d-------- C:\Program Files\Fichiers communs\Logitech
2007-09-08 14:11 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-08 14:09 --------- d-------- C:\Program Files\AutoCAD 2005
2007-09-08 14:08 --------- d-------- C:\Program Files\eco_dora1
2007-09-08 14:07 --------- d-------- C:\Program Files\Atlantis3D
2007-09-08 14:04 --------- d-------- C:\Program Files\Common Files
2007-09-08 14:01 --------- d-------- C:\DOCUME~1\NOEMIE\APPLIC~1\AOL
2007-09-08 14:01 --------- d-------- C:\DOCUME~1\INTERD~1\APPLIC~1\AOL
2007-09-08 14:01 --------- d-------- C:\DOCUME~1\FLORIAN\APPLIC~1\AOL
2007-09-08 14:01 --------- d-------- C:\DOCUME~1\DELPHINE\APPLIC~1\AOL
2007-09-08 14:01 --------- d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\AOL
2007-09-06 22:46 --------- d-------- C:\DOCUME~1\ZUUL\APPLIC~1\Ahead
2007-09-04 22:35 --------- d-------- C:\Program Files\Ahead
2007-09-04 19:12 --------- d-------- C:\Program Files\eMule
2007-09-03 22:00 --------- d-------- C:\DOCUME~1\ZUUL\APPLIC~1\Lavasoft
2007-09-02 09:20 --------- d-------- C:\Program Files\Azureus
2007-08-14 21:00 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-08-10 13:30 --------- d-------- C:\Program Files\Neuf
2007-08-07 16:35 --------- d-------- C:\DOCUME~1\FLORIAN\APPLIC~1\DivX
2007-08-07 16:35 --------- d-------- C:\DOCUME~1\FLORIAN\APPLIC~1\Ahead
2007-07-28 00:02 94416 --a------ C:\windows\system32\drivers\aswmon2.sys
2007-07-28 00:02 92848 --a------ C:\windows\system32\drivers\aswmon.sys
2007-07-28 00:00 23152 --a------ C:\windows\system32\drivers\aswRdr.sys
2007-07-27 23:59 42912 --a------ C:\windows\system32\drivers\aswTdi.sys
2007-07-27 23:58 26624 --a------ C:\windows\system32\drivers\aavmker4.sys
2007-07-21 10:57 --------- d-------- C:\DOCUME~1\DELPHINE\APPLIC~1\vlc
2007-07-20 20:37 --------- d-------- C:\Program Files\Destinator PC Portal
2007-07-20 20:37 --------- d-------- C:\DOCUME~1\ZUUL\APPLIC~1\Destinator
2007-07-13 21:17 --------- d-------- C:\Program Files\InstantTouch
2007-06-13 15:22 1037312 --a------ C:\windows\explorer.exe
2007-04-28 11:28 13905464 --a------ C:\Program Files\snagit.exe
2007-02-05 19:52 4608 --ahs---- C:\Program Files\Thumbs.db
2006-11-09 14:24 4300800 --ah----- C:\Program Files\NeroStartSmart.exe
2006-09-25 04:13 12616042 --a------ C:\Program Files\Techsmith.Snagit.v8.1.0.incl.keygen-Zwt.by.ChingLiu.rar
2006-09-09 10:06 2935293 --a------ C:\Program Files\Microsoft Power Point Viewer 8.0.zip
2006-05-07 10:55 482 --a------ C:\Program Files\Raccourci vers Jardins3D.lnk
2005-09-15 11:01 6697656 --a------ C:\Program Files\eDrawingsFrench.exe
2004-07-22 10:51 3432656 --a------ C:\Program Files\ManagedDX.CAB
2004-07-19 22:58 1156363 --a------ C:\Program Files\BDANT.cab
2004-07-19 22:53 976020 --a------ C:\Program Files\BDAXP.cab
2004-07-09 14:17 13265040 --a------ C:\Program Files\dxnt.cab
2004-07-09 09:13 703080 --a------ C:\Program Files\BDA.cab
2004-07-09 09:13 15493481 --a------ C:\Program Files\DirectX.cab
2004-07-09 04:08 472576 --a------ C:\Program Files\dxsetup.exe
2004-07-09 04:08 2242560 --a------ C:\Program Files\dsetup32.dll
2004-07-09 03:03 62976 --a------ C:\Program Files\DSETUP.dll
2003-03-19 08:20 1060864 --a------ C:\Program Files\MFC71.dll
2003-03-19 08:14 499712 --a------ C:\Program Files\msvcp71.dll
2003-03-18 20:05 106496 --a------ C:\Program Files\atl71.dll
2003-02-21 16:42 348160 --a------ C:\Program Files\msvcr71.dll
2002-10-23 14:37 9314 --a------ C:\Program Files\readme.txt
1999-06-25 10:55 149504 --a------ C:\Program Files\UNWISE.EXE
--------- C:\Program Files\Hijackthis Version Française
2005-11-04 12:00:05 56 --sha-r C:\windows\system32\07E9BADCB3.sys
2006-09-03 17:49:04 56 --sha-r C:\windows\system32\20A9F74845.sys
2005-10-19 19:19:28 8 --sha-r C:\windows\system32\CFE20AE075.sys
2006-09-03 17:49:04 10,332 --sha-w C:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1EEC233D-F279-4933-9C71-B71867403425}]
2007-09-12 09:51 244832 --a------ C:\windows\system32\vtsqn.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-10 21:49]
"CmUCRRun"="C:\WINDOWS\system32\CmUCReye.exe" [2006-06-22 20:17]
"CHotkey"="mHotkey.exe" [2004-12-08 18:57 C:\WINDOWS\mHotkey.exe]
"ledpointer"="CNYHKey.exe" [2005-11-10 15:41 C:\WINDOWS\CNYHKey.exe]
"Showwnd"="showwnd.exe" [2003-09-18 21:09 C:\WINDOWS\ShowWnd.exe]
"PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2006-02-09 20:02]
"InstantOn"="C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe" [2005-09-22 13:19]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 17:16]
"StandardInstall"="" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03]
"EoEngine"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-18 16:20 C:\WINDOWS\RTHDCPL.EXE]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-31 09:18]
"EoWeather"="" []
"EoClock"="" []
"EoComputer"="" []
"EoRss"="" []
"EoNet"="" []
"EoSudoku"="" []
"EoPhoto"="" []
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 20:44]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-05 14:00]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 22:45]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-29 13:32]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45]
"MsnMsgr"="~C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59]
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\
Acc‚l‚rateur de d‚marrage AutoCAD.lnk - C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe [2005-03-05 08:18:22]
LE COMPAGNON CLUB.lnk - C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe [2006-11-20 21:26:13]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-01-23 20:17:01]
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2005-10-19 20:34:35]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\jkkji
R3 3xHybrid;3xHybrid service;C:\windows\system32\DRIVERS\3xHybrid.sys
R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;C:\windows\system32\DRIVERS\cmiucr.SYS
R3 XUIF;X10 USB Wireless Transceiver;C:\windows\system32\Drivers\x10ufx2.sys
S3 mu05bus;Sagem Communication Mobile Platform MU2005 driver (WDM);C:\windows\system32\DRIVERS\mu05bus.sys
S3 mu05mdfl;Sagem Communication MU2005 CDC WMC Modem Filter;C:\windows\system32\DRIVERS\mu05mdfl.sys
S3 mu05mdm;Sagem Communication MU2005 CDC WMC Modem Drivers;C:\windows\system32\DRIVERS\mu05mdm.sys
S3 mu05mgmt;Sagem Communication MU2005 CDC WMC Device Management Drivers;C:\windows\system32\DRIVERS\mu05mgmt.sys
S3 mu05obex;Sagem Communication MU2005 CDC WMC OBEX Interface Drivers;C:\windows\system32\DRIVERS\mu05obex.sys
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-09-09 17:49:09 C:\windows\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-07 15:08:48 C:\windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2007-09-13 10:33:01 C:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-13 13:08:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr = ~"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background??s
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-13 13:09:58 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-13 13:09
.
--- E O F ---
Et voici le rapport hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 13:13:51, on 13/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\cisvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\windows\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\windows\System32\snmp.exe
C:\windows\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\System32\alg.exe
C:\windows\system32\cidaemon.exe
C:\windows\Explorer.EXE
C:\windows\system32\wuauclt.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\windows\mHotkey.exe
C:\windows\CNYHKey.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\windows\RTHDCPL.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\Program Files\Club-Internet\Le Compagnon Club\bin\mpbtn.exe
C:\windows\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {1EEC233D-F279-4933-9C71-B71867403425} - C:\windows\system32\vtsqn.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Share Accelerator Toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbShar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Showwnd] showwnd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?f32452549b2742cdaef52ece3871069d
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?f32452549b2742cdaef52ece3871069d
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Voila apparrement ce fichu fichier et encore la je vais essayer de nouveau la procedure demarrer executer... puis je vais faire un scan minutieux avec avaast en attendant ta precieuse aide
a bientôt
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
voici le rapport ed kaspersky can online
KASPERSKY ON-LINE SCANNER REPORT
Thursday, September 13, 2007 6:18:21 PM
Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 13/09/2007
Enregistrements dans la base antivirus Kaspersky : 392435
Paramètres d'analyse
Analyser avec la base antivirus suivante standard
Analyser les archives vrai
Analyser les bases de messagerie vrai
Cible de l'analyse Zones critiques
C:\windows
C:\DOCUME~1\ZUUL\LOCALS~1\Temp\
Statistiques de l'analyse
Total d'objets analysés 27002
Nombre de virus trouvés 0
Nombre d'objets infectés 0 / 0
Nombre d'objets suspects 0
Durée de l'analyse 00:21:57
Nom de l'objet infecté Nom du virus Dernière action
C:\windows\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\windows\pchealth\ERRORREP\UserDumps\svchost.exe.20060914-210806-00.hdmp L'objet est verrouillé ignoré
C:\windows\pchealth\ERRORREP\UserDumps\svchost.exe.20060914-210806-00.mdmp L'objet est verrouillé ignoré
C:\windows\SchedLgU.Txt L'objet est verrouillé ignoré
C:\windows\SoftwareDistribution\EventCache\{3223E226-3E32-4DC9-8FFA-AC8173A29728}.bin L'objet est verrouillé ignoré
C:\windows\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\windows\Sti_Trace.log L'objet est verrouillé ignoré
C:\windows\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\windows\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\windows\system32\config\Antivirus.Evt L'objet est verrouillé ignoré
C:\windows\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\windows\system32\config\default L'objet est verrouillé ignoré
C:\windows\system32\config\default.LOG L'objet est verrouillé ignoré
C:\windows\system32\config\Internet.evt L'objet est verrouillé ignoré
C:\windows\system32\config\ODiag.evt L'objet est verrouillé ignoré
C:\windows\system32\config\OSession.evt L'objet est verrouillé ignoré
C:\windows\system32\config\SAM L'objet est verrouillé ignoré
C:\windows\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\windows\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\windows\system32\config\SECURITY L'objet est verrouillé ignoré
C:\windows\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\windows\system32\config\software L'objet est verrouillé ignoré
C:\windows\system32\config\software.LOG L'objet est verrouillé ignoré
C:\windows\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\windows\system32\config\system L'objet est verrouillé ignoré
C:\windows\system32\config\system.LOG L'objet est verrouillé ignoré
C:\windows\system32\drivers\sptd.sys L'objet est verrouillé ignoré
C:\windows\system32\h323log.txt L'objet est verrouillé ignoré
C:\windows\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\windows\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\windows\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\windows\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\windows\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\windows\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\windows\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\windows\Temp\CLML_AGENT_LOG1.txt L'objet est verrouillé ignoré
C:\windows\Temp\Perflib_Perfdata_2b4.dat L'objet est verrouillé ignoré
C:\windows\Temp\Perflib_Perfdata_678.dat L'objet est verrouillé ignoré
C:\windows\Temp\sqlite_QTVO7FGBKOyTPMK L'objet est verrouillé ignoré
C:\windows\Temp\_avast4_\Webshlock.txt L'objet est verrouillé ignoré
C:\windows\wiadebug.log L'objet est verrouillé ignoré
C:\windows\wiaservc.log L'objet est verrouillé ignoré
C:\windows\WindowsUpdate.log L'objet est verrouillé ignoré
C:\DOCUME~1\ZUUL\LOCALS~1\Temp\WCESLog.log L'objet est verrouillé ignoré
C:\DOCUME~1\ZUUL\LOCALS~1\Temp\~DF5C3B.tmp L'objet est verrouillé ignoré
Analyse terminée.
je te donnerai les resultats du scan avaast et norton scan
a bientôt
KASPERSKY ON-LINE SCANNER REPORT
Thursday, September 13, 2007 6:18:21 PM
Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 13/09/2007
Enregistrements dans la base antivirus Kaspersky : 392435
Paramètres d'analyse
Analyser avec la base antivirus suivante standard
Analyser les archives vrai
Analyser les bases de messagerie vrai
Cible de l'analyse Zones critiques
C:\windows
C:\DOCUME~1\ZUUL\LOCALS~1\Temp\
Statistiques de l'analyse
Total d'objets analysés 27002
Nombre de virus trouvés 0
Nombre d'objets infectés 0 / 0
Nombre d'objets suspects 0
Durée de l'analyse 00:21:57
Nom de l'objet infecté Nom du virus Dernière action
C:\windows\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\windows\pchealth\ERRORREP\UserDumps\svchost.exe.20060914-210806-00.hdmp L'objet est verrouillé ignoré
C:\windows\pchealth\ERRORREP\UserDumps\svchost.exe.20060914-210806-00.mdmp L'objet est verrouillé ignoré
C:\windows\SchedLgU.Txt L'objet est verrouillé ignoré
C:\windows\SoftwareDistribution\EventCache\{3223E226-3E32-4DC9-8FFA-AC8173A29728}.bin L'objet est verrouillé ignoré
C:\windows\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\windows\Sti_Trace.log L'objet est verrouillé ignoré
C:\windows\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\windows\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\windows\system32\config\Antivirus.Evt L'objet est verrouillé ignoré
C:\windows\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\windows\system32\config\default L'objet est verrouillé ignoré
C:\windows\system32\config\default.LOG L'objet est verrouillé ignoré
C:\windows\system32\config\Internet.evt L'objet est verrouillé ignoré
C:\windows\system32\config\ODiag.evt L'objet est verrouillé ignoré
C:\windows\system32\config\OSession.evt L'objet est verrouillé ignoré
C:\windows\system32\config\SAM L'objet est verrouillé ignoré
C:\windows\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\windows\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\windows\system32\config\SECURITY L'objet est verrouillé ignoré
C:\windows\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\windows\system32\config\software L'objet est verrouillé ignoré
C:\windows\system32\config\software.LOG L'objet est verrouillé ignoré
C:\windows\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\windows\system32\config\system L'objet est verrouillé ignoré
C:\windows\system32\config\system.LOG L'objet est verrouillé ignoré
C:\windows\system32\drivers\sptd.sys L'objet est verrouillé ignoré
C:\windows\system32\h323log.txt L'objet est verrouillé ignoré
C:\windows\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\windows\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\windows\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\windows\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\windows\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\windows\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\windows\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\windows\Temp\CLML_AGENT_LOG1.txt L'objet est verrouillé ignoré
C:\windows\Temp\Perflib_Perfdata_2b4.dat L'objet est verrouillé ignoré
C:\windows\Temp\Perflib_Perfdata_678.dat L'objet est verrouillé ignoré
C:\windows\Temp\sqlite_QTVO7FGBKOyTPMK L'objet est verrouillé ignoré
C:\windows\Temp\_avast4_\Webshlock.txt L'objet est verrouillé ignoré
C:\windows\wiadebug.log L'objet est verrouillé ignoré
C:\windows\wiaservc.log L'objet est verrouillé ignoré
C:\windows\WindowsUpdate.log L'objet est verrouillé ignoré
C:\DOCUME~1\ZUUL\LOCALS~1\Temp\WCESLog.log L'objet est verrouillé ignoré
C:\DOCUME~1\ZUUL\LOCALS~1\Temp\~DF5C3B.tmp L'objet est verrouillé ignoré
Analyse terminée.
je te donnerai les resultats du scan avaast et norton scan
a bientôt
bonsoir
resultat de norton scan qui m indique oujours un adware: STARWARE par contre il ne m indique plus virtuomonde
demain je vais lancer l analyse de avaast car je n ai pas pu la lancer cet apres midi
a bientôt
resultat de norton scan qui m indique oujours un adware: STARWARE par contre il ne m indique plus virtuomonde
demain je vais lancer l analyse de avaast car je n ai pas pu la lancer cet apres midi
a bientôt
Bonsoir,
je n'arrive pas à comprendre pourquoi il ne ressort pas avec VUNDO, il devrait pourtant. C'est une histoire de fou, ou alors j'ai zappé qq chose.
et pour starware, visiblement il ne devrait plus y être.
fait une recherche en ayant pris soin d'afficher les fichiers et dossiers cachés de
Starware370
si tu en retrouves, supprime
* Copie les lignes de la citation suivante, d'un trait :
--> Clic droit / "copier"
Maintenant crée un nouveau document texte : clic droit de souris sur le bureau, "Nouveau" > "Document Texte".
* Ouvre-le et colle dedans ce que tu viens de copier précédemment
* Enregistre ce fichier sur ton bureau (nom : mad.txt)
* Télécharge à présent The Avenger
* Dézippe-le sur ton bureau et double-clique sur le fichier "avenger.exe"
* Clique sur "Ok"
* Sélectionne "Load Script from File" et clique sur l'icône en forme de dossier.
* Sélectionne le fichier mad.txt qui est sur ton bureau
* Clique sur le feu vert pour lancer le script
* Clique sur "Oui"
* Accepte de redémarrer ton pc
après le redémarrage :
* Ouvre le fichier C:\avenger.txt et copie/colle son contenu ici.
ainsi qu'un nouveau Log HijackThis
si après ceci la dll est toujours présente
.Télécharge : http://ww25.evosla.com/pca_cpt.php?agr=pca_securite de Evosla
Décompresse le sur ton " Bureau "
Lance l'analyse (en haut à gauche) --- enregistre le rapport généré (en bas à droite)
Le rapport va etre positionné sur ton bureau " PCA_LOG.txt " --->publie le dans ta prochaine réponse
******************************************************************************************
...Bien maintenant tu prends cette option, avec PCA.EXE ( qui est sur ton bureau )
* Clique sur l'onglet "paramètres",
* Sur le bouton "mise à jour de la base virale", clique sur "mise à jour",
* Autorise le pare-feu,
* Clique sur OK si un message apparait,
* Clique sur l'onglet "analyse anti-spyware",
* Clique sur "scanner",
* Quand l'analyse est terminée, clique sur "enregistrer le rapport" et sauvegarde-le sur le bureau. Il se nomme PCA_SCAN_LOG.txt
je n'arrive pas à comprendre pourquoi il ne ressort pas avec VUNDO, il devrait pourtant. C'est une histoire de fou, ou alors j'ai zappé qq chose.
et pour starware, visiblement il ne devrait plus y être.
fait une recherche en ayant pris soin d'afficher les fichiers et dossiers cachés de
Starware370
si tu en retrouves, supprime
* Copie les lignes de la citation suivante, d'un trait :
Files to Delete: C:\windows\system32\vtsqn.dll
--> Clic droit / "copier"
Maintenant crée un nouveau document texte : clic droit de souris sur le bureau, "Nouveau" > "Document Texte".
* Ouvre-le et colle dedans ce que tu viens de copier précédemment
* Enregistre ce fichier sur ton bureau (nom : mad.txt)
* Télécharge à présent The Avenger
* Dézippe-le sur ton bureau et double-clique sur le fichier "avenger.exe"
* Clique sur "Ok"
* Sélectionne "Load Script from File" et clique sur l'icône en forme de dossier.
* Sélectionne le fichier mad.txt qui est sur ton bureau
* Clique sur le feu vert pour lancer le script
* Clique sur "Oui"
* Accepte de redémarrer ton pc
après le redémarrage :
* Ouvre le fichier C:\avenger.txt et copie/colle son contenu ici.
ainsi qu'un nouveau Log HijackThis
si après ceci la dll est toujours présente
.Télécharge : http://ww25.evosla.com/pca_cpt.php?agr=pca_securite de Evosla
Décompresse le sur ton " Bureau "
Lance l'analyse (en haut à gauche) --- enregistre le rapport généré (en bas à droite)
Le rapport va etre positionné sur ton bureau " PCA_LOG.txt " --->publie le dans ta prochaine réponse
******************************************************************************************
...Bien maintenant tu prends cette option, avec PCA.EXE ( qui est sur ton bureau )
* Clique sur l'onglet "paramètres",
* Sur le bouton "mise à jour de la base virale", clique sur "mise à jour",
* Autorise le pare-feu,
* Clique sur OK si un message apparait,
* Clique sur l'onglet "analyse anti-spyware",
* Clique sur "scanner",
* Quand l'analyse est terminée, clique sur "enregistrer le rapport" et sauvegarde-le sur le bureau. Il se nomme PCA_SCAN_LOG.txt
bonsoir
je viens de faire un scan spybot et j ai retire une dizaines de logiciel espuions la je viens de faire un nouveau hijackthis que voici et je vais faire ce que tu me propose
Logfile of HijackThis v1.99.1
Scan saved at 23:02:30, on 13/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\cisvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\windows\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\windows\System32\snmp.exe
C:\windows\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\System32\alg.exe
C:\windows\Explorer.EXE
C:\windows\system32\wuauclt.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\windows\mHotkey.exe
C:\windows\CNYHKey.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\windows\RTHDCPL.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\Program Files\Club-Internet\Le Compagnon Club\bin\mpbtn.exe
C:\windows\system32\cidaemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {45E07D9E-D90C-47EC-975C-BBAA423FA5FD} - C:\windows\system32\vtsqn.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Share Accelerator Toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbShar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Showwnd] showwnd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?f32452549b2742cdaef52ece3871069d
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?f32452549b2742cdaef52ece3871069d
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
je viens de faire un scan spybot et j ai retire une dizaines de logiciel espuions la je viens de faire un nouveau hijackthis que voici et je vais faire ce que tu me propose
Logfile of HijackThis v1.99.1
Scan saved at 23:02:30, on 13/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\cisvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\windows\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\windows\System32\snmp.exe
C:\windows\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\System32\alg.exe
C:\windows\Explorer.EXE
C:\windows\system32\wuauclt.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\windows\mHotkey.exe
C:\windows\CNYHKey.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\windows\RTHDCPL.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\Program Files\Club-Internet\Le Compagnon Club\bin\mpbtn.exe
C:\windows\system32\cidaemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {45E07D9E-D90C-47EC-975C-BBAA423FA5FD} - C:\windows\system32\vtsqn.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Share Accelerator Toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbShar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Showwnd] showwnd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?f32452549b2742cdaef52ece3871069d
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?f32452549b2742cdaef52ece3871069d
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
je viens de faire un scan spybot et j ai retire une dizaines de logiciel espuions
si ce ne sont que des cookies par exemple, ce n'est pas bien grave
as tu essayé The Avenger ou non ?
re
j ai un souci avec avenger ma version est ave1060full.exe et quand je clic dessusj ai une grande fenetre qui apparait mais apres suis perdu sur la gauche j ai cracks en dessous keys ...je n ai pet etre pa la bonne version si tu as le lien ou si tu peux me diriger afin que j execute les actions que tu me preconise je ferai cela demain merci encore et bonne soiree
j ai un souci avec avenger ma version est ave1060full.exe et quand je clic dessusj ai une grande fenetre qui apparait mais apres suis perdu sur la gauche j ai cracks en dessous keys ...je n ai pet etre pa la bonne version si tu as le lien ou si tu peux me diriger afin que j execute les actions que tu me preconise je ferai cela demain merci encore et bonne soiree
ah flute, j'ai oublié le lien, désolée
http://swandog46.geekstogo.com/avenger.ziphttp://swandog46.geekstogo.com/avenger.zip
http://swandog46.geekstogo.com/avenger.ziphttp://swandog46.geekstogo.com/avenger.zip
bonjour
je pense que ce sont des cookies celui dont je me rappelle et qui m embeter sur internet c est winantivirus
je crois que j aila poisse quan je clic sur ton lien ca marque error internal servor j ai essaye de plusieurs manieres d y acceder je pense qu il y a un probleme d acces je vais reessayer ce soir mais sinon si tu as une autre option
ps tu dois penser que je suis assez casse pied! j ai tous les problemes en meme temps
a bientot
je pense que ce sont des cookies celui dont je me rappelle et qui m embeter sur internet c est winantivirus
je crois que j aila poisse quan je clic sur ton lien ca marque error internal servor j ai essaye de plusieurs manieres d y acceder je pense qu il y a un probleme d acces je vais reessayer ce soir mais sinon si tu as une autre option
ps tu dois penser que je suis assez casse pied! j ai tous les problemes en meme temps
a bientot
bonsoir
a l aide! c est de pis en pis j ai lance un scan avaast et j en ai des nouveaux vundo se multiplie et d autres dans p^lusieurs fichiers j ai deje essaye tout a l heure de te marquer le chemin d acces complet trouve par avaast ainsi que la denomination du virus mais ca a bugge les virus me bloquent tout je t envois et reprend tout de suite peur que ca coupe de nouvo
a l aide! c est de pis en pis j ai lance un scan avaast et j en ai des nouveaux vundo se multiplie et d autres dans p^lusieurs fichiers j ai deje essaye tout a l heure de te marquer le chemin d acces complet trouve par avaast ainsi que la denomination du virus mais ca a bugge les virus me bloquent tout je t envois et reprend tout de suite peur que ca coupe de nouvo
re
j ai fais un scan bit defender j ai meme du mal a te donner le rapport je vais essaye de nouvo en esperant que ca passe il m a indique que j etais toujours infecte et virtumondd est revenu a tout de suite
j ai fais un scan bit defender j ai meme du mal a te donner le rapport je vais essaye de nouvo en esperant que ca passe il m a indique que j etais toujours infecte et virtumondd est revenu a tout de suite
j ai eu du mal a revenir quelle poisse!
voici un rapport combo que je viens de faire
ComboFix 07-09-10.6 - "ZUUL" 2007-09-13 12:19:25.1 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.33.1036.18.436 [GMT 2:00]
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\563_button_1b_def.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\563_button_1b_over.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\572_button_1b_def.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\572_button_1b_over.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\573_button_1b_def.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\573_button_1b_over.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\Button_60.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\Button_60.bmp_new
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\Button_70.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\Button_70.bmp_new
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\Button_80.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\Button_80.bmp_new
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\FindIt.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\FindItHot.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\findithotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\finditxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\logo.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\logoxp.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\contexts\error.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\contexts\Related.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\contexts\Travel.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\SimpleUpdate\ProductMessagingConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\SimpleUpdate\SimpleUpdateConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\SimpleUpdate\TimerManagerConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\SimpleUpdate\TimerManagerConfig.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\BrowserSearch\BrowserSearch.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\BrowserSearch\BrowserSearch.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Button_6\Button_6Options.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Button_6\Button_6Options.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Button_7\Button_7Options.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Button_7\Button_7Options.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Button_8\Button_8Options.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Button_8\Button_8Options.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Configurator\Configurator.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Configurator\Configurator.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\ErrorSearch\ErrorSearchOptions.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\ErrorSearch\ErrorSearchOptions.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Layouts\ToolbarLayout.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Layouts\ToolbarLayout.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Manager\ManagerOptions.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Manager\ManagerOptions.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Paroles\ParolesOptions.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Paroles\ParolesOptions.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Radio_FR\Radio_FROptions.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Radio_FR\Radio_FROptions.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Recherche_de_musique\Recherche_de_musiqueOptions.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Recherche_de_musique\Recherche_de_musiqueOptions.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\RelatedSearch\RelatedSearchOptions.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\RelatedSearch\RelatedSearchOptions.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Telechargement\TelechargementOptions.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Telechargement\TelechargementOptions.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Toolbar\TBProductsOptions.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Toolbar\TBProductsOptions.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\ToolbarLogo\ToolbarLogoOptions.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\ToolbarSearch\ToolbarSearchOptions.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\TravelSearch\TravelSearchOptions.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\TravelSearch\TravelSearchOptions.xml.backup
C:\DOCUME~1\DELPHINE\err.log
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\BrowserSearch\BrowserSearch.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\BrowserSearch\BrowserSearch.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Button_6\Button_6Options.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Button_6\Button_6Options.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Button_7\Button_7Options.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Button_7\Button_7Options.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Button_8\Button_8Options.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Button_8\Button_8Options.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Configurator\Configurator.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Configurator\Configurator.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\ErrorSearch\ErrorSearchOptions.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\ErrorSearch\ErrorSearchOptions.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Layouts\ToolbarLayout.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Layouts\ToolbarLayout.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Manager\ManagerOptions.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Manager\ManagerOptions.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Paroles\ParolesOptions.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Paroles\ParolesOptions.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Radio_FR\Radio_FROptions.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Radio_FR\Radio_FROptions.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Recherche_de_musique\Recherche_de_musiqueOptions.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Recherche_de_musique\Recherche_de_musiqueOptions.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\RelatedSearch\RelatedSearchOptions.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\RelatedSearch\RelatedSearchOptions.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Telechargement\TelechargementOptions.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Telechargement\TelechargementOptions.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Toolbar\TBProductsOptions.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Toolbar\TBProductsOptions.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\ToolbarLogo\ToolbarLogoOptions.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\ToolbarSearch\ToolbarSearchOptions.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\TravelSearch\TravelSearchOptions.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\TravelSearch\TravelSearchOptions.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\macromedia\Flash Player\#SharedObjects\XFKQR7M7\www.broadcaster.com
C:\DOCUME~1\ZUUL\APPLIC~1\macromedia\Flash Player\#SharedObjects\XFKQR7M7\www.broadcaster.com\played_list.sol
C:\DOCUME~1\ZUUL\APPLIC~1\macromedia\Flash Player\#SharedObjects\XFKQR7M7\www.broadcaster.com\video_queue.sol
C:\DOCUME~1\ZUUL\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\ZUUL\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\BrowserSearch\BrowserSearch.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\BrowserSearch\BrowserSearch.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Button_6\Button_6Options.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Button_6\Button_6Options.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Button_7\Button_7Options.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Button_7\Button_7Options.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Button_8\Button_8Options.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Button_8\Button_8Options.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Configurator\Configurator.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Configurator\Configurator.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\ErrorSearch\ErrorSearchOptions.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\ErrorSearch\ErrorSearchOptions.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Layouts\ToolbarLayout.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Layouts\ToolbarLayout.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Manager\ManagerOptions.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Manager\ManagerOptions.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Paroles\ParolesOptions.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Paroles\ParolesOptions.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Radio_FR\Radio_FROptions.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Radio_FR\Radio_FROptions.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Recherche_de_musique\Recherche_de_musiqueOptions.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Recherche_de_musique\Recherche_de_musiqueOptions.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\RelatedSearch\RelatedSearchOptions.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\RelatedSearch\RelatedSearchOptions.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Telechargement\TelechargementOptions.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Telechargement\TelechargementOptions.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Toolbar\TBProductsOptions.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Toolbar\TBProductsOptions.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\ToolbarLogo\ToolbarLogoOptions.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\ToolbarSearch\ToolbarSearchOptions.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\TravelSearch\TravelSearchOptions.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\TravelSearch\TravelSearchOptions.xml.backup
C:\Program Files\autorun.inf
C:\windows\system\msmsgc.cmd
C:\windows\system\msn.dat
C:\windows\system\svchost.dat
C:\windows\system32\awtss.dll
C:\WINDOWS\system32\ffhkj.tmp
C:\windows\system32\jkhff.dll
C:\windows\system32\sstqo.dll
C:\WINDOWS\system32\tvvwa.bak1
C:\WINDOWS\system32\tvvwa.ini
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((((((( Fichiers créés 2007-08-13 to 2007-09-13 ))))))))))))))))))))))))))))))))))))
.
2007-09-13 12:17 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-12 21:22 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-09-12 20:02 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2007-09-12 19:31 <REP> d-------- C:\VundoFix Backups
2007-09-12 18:20 6,944 ---hs---- C:\WINDOWS\system32\nqstv.bak2
2007-09-12 13:08 <REP> d-------- C:\DOCUME~1\ZUUL\DoctorWeb
2007-09-12 12:29 <REP> d-------- C:\Program Files\AxBx
2007-09-12 09:51 6,448 ---hs---- C:\WINDOWS\system32\nqstv.bak1
2007-09-12 09:51 244,832 --a------ C:\WINDOWS\system32\vtsqn.dll
2007-09-11 22:47 <REP> d-------- C:\Program Files\mvc
2007-09-11 22:43 <REP> d-------- C:\Program Files\7-Zip
2007-09-10 08:10 244,832 --------- C:\WINDOWS\system32\awvvt.dll
2007-09-09 21:06 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-09-08 14:34 <REP> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\X10 Commander
2007-09-08 13:57 933,891 ---hs---- C:\WINDOWS\system32\jjllm.bak2
2007-09-08 12:08 6,741 ---hs---- C:\WINDOWS\system32\jjllm.ini2
2007-09-08 08:17 6,448 ---hs---- C:\WINDOWS\system32\jjllm.bak1
2007-09-08 08:16 244,832 --a------ C:\WINDOWS\system32\mlljj.dll
2007-09-06 21:45 <REP> d-------- C:\Program Files\Nero
2007-09-03 22:00 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-12 22:05 --------- d-------- C:\Program Files\Macrogaming
2007-09-12 13:36 --------- d-------- C:\Program Files\Norton Security Scan
2007-09-12 12:30 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
2007-09-11 22:45 1452881 --a------ C:\Program Files\mvc.zip
2007-09-11 21:59 --------- d-------- C:\Program Files\Google
2007-09-11 21:45 --------- d-------- C:\Program Files\Encarta
2007-09-11 21:34 --------- d-------- C:\Program Files\DivX
2007-09-10 13:37 --------- d-------- C:\DOCUME~1\ZUUL\APPLIC~1\Azureus
2007-09-10 13:28 --------- d-------- C:\Program Files\Fichiers communs\Autodesk Shared
2007-09-10 13:27 --------- d-------- C:\Program Files\AnswerWorks 4.0
2007-09-10 13:23 --------- d-------- C:\Program Files\Autodesk
2007-09-10 13:23 --------- d-------- C:\DOCUME~1\ZUUL\APPLIC~1\Autodesk
2007-09-10 13:23 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk
2007-09-10 12:23 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-09-10 12:23 --------- d-------- C:\Program Files\Windows Live Toolbar
2007-09-10 12:23 --------- d-------- C:\Program Files\USB Disk Win98 Driver
2007-09-10 12:23 --------- d-------- C:\Program Files\Pontifex II
2007-09-10 12:23 --------- d-------- C:\Program Files\Microsoft Works
2007-09-10 12:23 --------- d-------- C:\Program Files\Microsoft Digital Image 2006
2007-09-10 12:23 --------- d-------- C:\Program Files\LimeWire
2007-09-10 12:23 --------- d-------- C:\Program Files\AOL Toolbar
2007-09-09 21:12 --------- d-------- C:\Program Files\Fichiers communs\Ahead
2007-09-08 21:33 --------- d-------- C:\Program Files\VideoLAN
2007-09-08 14:35 --------- d-------- C:\Program Files\Fichiers communs\AOL
2007-09-08 14:33 --------- d-------- C:\DOCUME~1\ZUUL\APPLIC~1\AOL
2007-09-08 14:33 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-09-08 14:29 --------- d-------- C:\DOCUME~1\ZUUL\APPLIC~1\SmartCom
2007-09-08 14:29 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\RTE
2007-09-08 14:17 --------- d-------- C:\Program Files\Fichiers communs\Logitech
2007-09-08 14:11 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-08 14:09 --------- d-------- C:\Program Files\AutoCAD 2005
2007-09-08 14:08 --------- d-------- C:\Program Files\eco_dora1
2007-09-08 14:07 --------- d-------- C:\Program Files\Atlantis3D
2007-09-08 14:04 --------- d-------- C:\Program Files\Common Files
2007-09-08 14:01 --------- d-------- C:\DOCUME~1\NOEMIE\APPLIC~1\AOL
2007-09-08 14:01 --------- d-------- C:\DOCUME~1\INTERD~1\APPLIC~1\AOL
2007-09-08 14:01 --------- d-------- C:\DOCUME~1\FLORIAN\APPLIC~1\AOL
2007-09-08 14:01 --------- d-------- C:\DOCUME~1\DELPHINE\APPLIC~1\AOL
2007-09-08 14:01 --------- d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\AOL
2007-09-06 22:46 --------- d-------- C:\DOCUME~1\ZUUL\APPLIC~1\Ahead
2007-09-04 22:35 --------- d-------- C:\Program Files\Ahead
2007-09-04 19:12 --------- d-------- C:\Program Files\eMule
2007-09-03 22:00 --------- d-------- C:\DOCUME~1\ZUUL\APPLIC~1\Lavasoft
2007-09-02 09:20 --------- d-------- C:\Program Files\Azureus
2007-08-14 21:00 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-08-10 13:30 --------- d-------- C:\Program Files\Neuf
2007-08-07 16:35 --------- d-------- C:\DOCUME~1\FLORIAN\APPLIC~1\DivX
2007-08-07 16:35 --------- d-------- C:\DOCUME~1\FLORIAN\APPLIC~1\Ahead
2007-07-28 00:02 94416 --a------ C:\windows\system32\drivers\aswmon2.sys
2007-07-28 00:02 92848 --a------ C:\windows\system32\drivers\aswmon.sys
2007-07-28 00:00 23152 --a------ C:\windows\system32\drivers\aswRdr.sys
2007-07-27 23:59 42912 --a------ C:\windows\system32\drivers\aswTdi.sys
2007-07-27 23:58 26624 --a------ C:\windows\system32\drivers\aavmker4.sys
2007-07-21 10:57 --------- d-------- C:\DOCUME~1\DELPHINE\APPLIC~1\vlc
2007-07-20 20:37 --------- d-------- C:\Program Files\Destinator PC Portal
2007-07-20 20:37 --------- d-------- C:\DOCUME~1\ZUUL\APPLIC~1\Destinator
2007-07-13 21:17 --------- d-------- C:\Program Files\InstantTouch
2007-06-13 15:22 1037312 --a------ C:\windows\explorer.exe
2007-04-28 11:28 13905464 --a------ C:\Program Files\snagit.exe
2007-02-05 19:52 4608 --ahs---- C:\Program Files\Thumbs.db
2006-11-09 14:24 4300800 --ah----- C:\Program Files\NeroStartSmart.exe
2006-09-25 04:13 12616042 --a------ C:\Program Files\Techsmith.Snagit.v8.1.0.incl.keygen-Zwt.by.ChingLiu.rar
2006-09-09 10:06 2935293 --a------ C:\Program Files\Microsoft Power Point Viewer 8.0.zip
2006-05-07 10:55 482 --a------ C:\Program Files\Raccourci vers Jardins3D.lnk
2005-09-15 11:01 6697656 --a------ C:\Program Files\eDrawingsFrench.exe
2004-07-22 10:51 3432656 --a------ C:\Program Files\ManagedDX.CAB
2004-07-19 22:58 1156363 --a------ C:\Program Files\BDANT.cab
2004-07-19 22:53 976020 --a------ C:\Program Files\BDAXP.cab
2004-07-09 14:17 13265040 --a------ C:\Program Files\dxnt.cab
2004-07-09 09:13 703080 --a------ C:\Program Files\BDA.cab
2004-07-09 09:13 15493481 --a------ C:\Program Files\DirectX.cab
2004-07-09 04:08 472576 --a------ C:\Program Files\dxsetup.exe
2004-07-09 04:08 2242560 --a------ C:\Program Files\dsetup32.dll
2004-07-09 03:03 62976 --a------ C:\Program Files\DSETUP.dll
2003-03-19 08:20 1060864 --a------ C:\Program Files\MFC71.dll
2003-03-19 08:14 499712 --a------ C:\Program Files\msvcp71.dll
2003-03-18 20:05 106496 --a------ C:\Program Files\atl71.dll
2003-02-21 16:42 348160 --a------ C:\Program Files\msvcr71.dll
2002-10-23 14:37 9314 --a------ C:\Program Files\readme.txt
1999-06-25 10:55 149504 --a------ C:\Program Files\UNWISE.EXE
--------- C:\Program Files\Hijackthis Version Française
2005-11-04 12:00:05 56 --sha-r C:\windows\system32\07E9BADCB3.sys
2006-09-03 17:49:04 56 --sha-r C:\windows\system32\20A9F74845.sys
2005-10-19 19:19:28 8 --sha-r C:\windows\system32\CFE20AE075.sys
2006-09-03 17:49:04 10,332 --sha-w C:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1EEC233D-F279-4933-9C71-B71867403425}]
2007-09-12 09:51 244832 --a------ C:\windows\system32\vtsqn.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-10 21:49]
"CmUCRRun"="C:\WINDOWS\system32\CmUCReye.exe" [2006-06-22 20:17]
"CHotkey"="mHotkey.exe" [2004-12-08 18:57 C:\WINDOWS\mHotkey.exe]
"ledpointer"="CNYHKey.exe" [2005-11-10 15:41 C:\WINDOWS\CNYHKey.exe]
"Showwnd"="showwnd.exe" [2003-09-18 21:09 C:\WINDOWS\ShowWnd.exe]
"PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2006-02-09 20:02]
"InstantOn"="C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe" [2005-09-22 13:19]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 17:16]
"StandardInstall"="" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03]
"EoEngine"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-18 16:20 C:\WINDOWS\RTHDCPL.EXE]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-31 09:18]
"EoWeather"="" []
"EoClock"="" []
"EoComputer"="" []
"EoRss"="" []
"EoNet"="" []
"EoSudoku"="" []
"EoPhoto"="" []
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 20:44]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-05 14:00]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 22:45]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-29 13:32]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45]
"MsnMsgr"="~C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59]
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\
Acc‚l‚rateur de d‚marrage AutoCAD.lnk - C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe [2005-03-05 08:18:22]
LE COMPAGNON CLUB.lnk - C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe [2006-11-20 21:26:13]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-01-23 20:17:01]
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2005-10-19 20:34:35]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\jkkji
R3 3xHybrid;3xHybrid service;C:\windows\system32\DRIVERS\3xHybrid.sys
R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;C:\windows\system32\DRIVERS\cmiucr.SYS
R3 XUIF;X10 USB Wireless Transceiver;C:\windows\system32\Drivers\x10ufx2.sys
S3 mu05bus;Sagem Communication Mobile Platform MU2005 driver (WDM);C:\windows\system32\DRIVERS\mu05bus.sys
S3 mu05mdfl;Sagem Communication MU2005 CDC WMC Modem Filter;C:\windows\system32\DRIVERS\mu05mdfl.sys
S3 mu05mdm;Sagem Communication MU2005 CDC WMC Modem Drivers;C:\windows\system32\DRIVERS\mu05mdm.sys
S3 mu05mgmt;Sagem Communication MU2005 CDC WMC Device Management Drivers;C:\windows\system32\DRIVERS\mu05mgmt.sys
S3 mu05obex;Sagem Communication MU2005 CDC WMC OBEX Interface Drivers;C:\windows\system32\DRIVERS\mu05obex.sys
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-09-09 17:49:09 C:\windows\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-07 15:08:48 C:\windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2007-09-13 10:33:01 C:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-13 13:08:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr = ~"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background??s
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-13 13:09:58 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-13 13:09
.
--- E O F ---
la suite apres j espere
voici un rapport combo que je viens de faire
ComboFix 07-09-10.6 - "ZUUL" 2007-09-13 12:19:25.1 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.33.1036.18.436 [GMT 2:00]
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\563_button_1b_def.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\563_button_1b_over.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\572_button_1b_def.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\572_button_1b_over.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\573_button_1b_def.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\573_button_1b_over.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\Button_60.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\Button_60.bmp_new
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\Button_70.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\Button_70.bmp_new
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\Button_80.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\Button_80.bmp_new
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\FindIt.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\FindItHot.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\findithotxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\finditxp.png
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\logo.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\buttons\logoxp.bmp
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\contexts\error.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\contexts\Related.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\contexts\Travel.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\SimpleUpdate\ProductMessagingConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\SimpleUpdate\SimpleUpdateConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\SimpleUpdate\TimerManagerConfig.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Starware370\SimpleUpdate\TimerManagerConfig.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\BrowserSearch\BrowserSearch.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\BrowserSearch\BrowserSearch.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Button_6\Button_6Options.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Button_6\Button_6Options.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Button_7\Button_7Options.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Button_7\Button_7Options.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Button_8\Button_8Options.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Button_8\Button_8Options.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Configurator\Configurator.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Configurator\Configurator.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\ErrorSearch\ErrorSearchOptions.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\ErrorSearch\ErrorSearchOptions.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Layouts\ToolbarLayout.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Layouts\ToolbarLayout.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Manager\ManagerOptions.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Manager\ManagerOptions.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Paroles\ParolesOptions.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Paroles\ParolesOptions.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Radio_FR\Radio_FROptions.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Radio_FR\Radio_FROptions.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Recherche_de_musique\Recherche_de_musiqueOptions.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Recherche_de_musique\Recherche_de_musiqueOptions.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\RelatedSearch\RelatedSearchOptions.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\RelatedSearch\RelatedSearchOptions.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Telechargement\TelechargementOptions.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Telechargement\TelechargementOptions.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Toolbar\TBProductsOptions.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\Toolbar\TBProductsOptions.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\ToolbarLogo\ToolbarLogoOptions.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\ToolbarSearch\ToolbarSearchOptions.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\TravelSearch\TravelSearchOptions.xml
C:\DOCUME~1\DELPHINE\APPLIC~1\Starware370\TravelSearch\TravelSearchOptions.xml.backup
C:\DOCUME~1\DELPHINE\err.log
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\BrowserSearch\BrowserSearch.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\BrowserSearch\BrowserSearch.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Button_6\Button_6Options.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Button_6\Button_6Options.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Button_7\Button_7Options.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Button_7\Button_7Options.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Button_8\Button_8Options.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Button_8\Button_8Options.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Configurator\Configurator.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Configurator\Configurator.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\ErrorSearch\ErrorSearchOptions.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\ErrorSearch\ErrorSearchOptions.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Layouts\ToolbarLayout.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Layouts\ToolbarLayout.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Manager\ManagerOptions.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Manager\ManagerOptions.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Paroles\ParolesOptions.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Paroles\ParolesOptions.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Radio_FR\Radio_FROptions.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Radio_FR\Radio_FROptions.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Recherche_de_musique\Recherche_de_musiqueOptions.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Recherche_de_musique\Recherche_de_musiqueOptions.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\RelatedSearch\RelatedSearchOptions.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\RelatedSearch\RelatedSearchOptions.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Telechargement\TelechargementOptions.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Telechargement\TelechargementOptions.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Toolbar\TBProductsOptions.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\Toolbar\TBProductsOptions.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\ToolbarLogo\ToolbarLogoOptions.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\ToolbarSearch\ToolbarSearchOptions.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\TravelSearch\TravelSearchOptions.xml
C:\DOCUME~1\FLORIAN\APPLIC~1\Starware370\TravelSearch\TravelSearchOptions.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\macromedia\Flash Player\#SharedObjects\XFKQR7M7\www.broadcaster.com
C:\DOCUME~1\ZUUL\APPLIC~1\macromedia\Flash Player\#SharedObjects\XFKQR7M7\www.broadcaster.com\played_list.sol
C:\DOCUME~1\ZUUL\APPLIC~1\macromedia\Flash Player\#SharedObjects\XFKQR7M7\www.broadcaster.com\video_queue.sol
C:\DOCUME~1\ZUUL\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\ZUUL\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\BrowserSearch\BrowserSearch.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\BrowserSearch\BrowserSearch.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Button_6\Button_6Options.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Button_6\Button_6Options.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Button_7\Button_7Options.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Button_7\Button_7Options.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Button_8\Button_8Options.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Button_8\Button_8Options.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Configurator\Configurator.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Configurator\Configurator.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\ErrorSearch\ErrorSearchOptions.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\ErrorSearch\ErrorSearchOptions.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Layouts\ToolbarLayout.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Layouts\ToolbarLayout.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Manager\ManagerOptions.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Manager\ManagerOptions.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Paroles\ParolesOptions.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Paroles\ParolesOptions.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Radio_FR\Radio_FROptions.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Radio_FR\Radio_FROptions.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Recherche_de_musique\Recherche_de_musiqueOptions.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Recherche_de_musique\Recherche_de_musiqueOptions.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\RelatedSearch\RelatedSearchOptions.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\RelatedSearch\RelatedSearchOptions.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Telechargement\TelechargementOptions.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Telechargement\TelechargementOptions.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Toolbar\TBProductsOptions.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\Toolbar\TBProductsOptions.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\ToolbarLogo\ToolbarLogoOptions.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\ToolbarSearch\ToolbarSearchOptions.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\TravelSearch\TravelSearchOptions.xml
C:\DOCUME~1\ZUUL\APPLIC~1\Starware370\TravelSearch\TravelSearchOptions.xml.backup
C:\Program Files\autorun.inf
C:\windows\system\msmsgc.cmd
C:\windows\system\msn.dat
C:\windows\system\svchost.dat
C:\windows\system32\awtss.dll
C:\WINDOWS\system32\ffhkj.tmp
C:\windows\system32\jkhff.dll
C:\windows\system32\sstqo.dll
C:\WINDOWS\system32\tvvwa.bak1
C:\WINDOWS\system32\tvvwa.ini
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((((((( Fichiers créés 2007-08-13 to 2007-09-13 ))))))))))))))))))))))))))))))))))))
.
2007-09-13 12:17 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-12 21:22 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-09-12 20:02 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2007-09-12 19:31 <REP> d-------- C:\VundoFix Backups
2007-09-12 18:20 6,944 ---hs---- C:\WINDOWS\system32\nqstv.bak2
2007-09-12 13:08 <REP> d-------- C:\DOCUME~1\ZUUL\DoctorWeb
2007-09-12 12:29 <REP> d-------- C:\Program Files\AxBx
2007-09-12 09:51 6,448 ---hs---- C:\WINDOWS\system32\nqstv.bak1
2007-09-12 09:51 244,832 --a------ C:\WINDOWS\system32\vtsqn.dll
2007-09-11 22:47 <REP> d-------- C:\Program Files\mvc
2007-09-11 22:43 <REP> d-------- C:\Program Files\7-Zip
2007-09-10 08:10 244,832 --------- C:\WINDOWS\system32\awvvt.dll
2007-09-09 21:06 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-09-08 14:34 <REP> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\X10 Commander
2007-09-08 13:57 933,891 ---hs---- C:\WINDOWS\system32\jjllm.bak2
2007-09-08 12:08 6,741 ---hs---- C:\WINDOWS\system32\jjllm.ini2
2007-09-08 08:17 6,448 ---hs---- C:\WINDOWS\system32\jjllm.bak1
2007-09-08 08:16 244,832 --a------ C:\WINDOWS\system32\mlljj.dll
2007-09-06 21:45 <REP> d-------- C:\Program Files\Nero
2007-09-03 22:00 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-12 22:05 --------- d-------- C:\Program Files\Macrogaming
2007-09-12 13:36 --------- d-------- C:\Program Files\Norton Security Scan
2007-09-12 12:30 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
2007-09-11 22:45 1452881 --a------ C:\Program Files\mvc.zip
2007-09-11 21:59 --------- d-------- C:\Program Files\Google
2007-09-11 21:45 --------- d-------- C:\Program Files\Encarta
2007-09-11 21:34 --------- d-------- C:\Program Files\DivX
2007-09-10 13:37 --------- d-------- C:\DOCUME~1\ZUUL\APPLIC~1\Azureus
2007-09-10 13:28 --------- d-------- C:\Program Files\Fichiers communs\Autodesk Shared
2007-09-10 13:27 --------- d-------- C:\Program Files\AnswerWorks 4.0
2007-09-10 13:23 --------- d-------- C:\Program Files\Autodesk
2007-09-10 13:23 --------- d-------- C:\DOCUME~1\ZUUL\APPLIC~1\Autodesk
2007-09-10 13:23 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk
2007-09-10 12:23 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-09-10 12:23 --------- d-------- C:\Program Files\Windows Live Toolbar
2007-09-10 12:23 --------- d-------- C:\Program Files\USB Disk Win98 Driver
2007-09-10 12:23 --------- d-------- C:\Program Files\Pontifex II
2007-09-10 12:23 --------- d-------- C:\Program Files\Microsoft Works
2007-09-10 12:23 --------- d-------- C:\Program Files\Microsoft Digital Image 2006
2007-09-10 12:23 --------- d-------- C:\Program Files\LimeWire
2007-09-10 12:23 --------- d-------- C:\Program Files\AOL Toolbar
2007-09-09 21:12 --------- d-------- C:\Program Files\Fichiers communs\Ahead
2007-09-08 21:33 --------- d-------- C:\Program Files\VideoLAN
2007-09-08 14:35 --------- d-------- C:\Program Files\Fichiers communs\AOL
2007-09-08 14:33 --------- d-------- C:\DOCUME~1\ZUUL\APPLIC~1\AOL
2007-09-08 14:33 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-09-08 14:29 --------- d-------- C:\DOCUME~1\ZUUL\APPLIC~1\SmartCom
2007-09-08 14:29 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\RTE
2007-09-08 14:17 --------- d-------- C:\Program Files\Fichiers communs\Logitech
2007-09-08 14:11 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-08 14:09 --------- d-------- C:\Program Files\AutoCAD 2005
2007-09-08 14:08 --------- d-------- C:\Program Files\eco_dora1
2007-09-08 14:07 --------- d-------- C:\Program Files\Atlantis3D
2007-09-08 14:04 --------- d-------- C:\Program Files\Common Files
2007-09-08 14:01 --------- d-------- C:\DOCUME~1\NOEMIE\APPLIC~1\AOL
2007-09-08 14:01 --------- d-------- C:\DOCUME~1\INTERD~1\APPLIC~1\AOL
2007-09-08 14:01 --------- d-------- C:\DOCUME~1\FLORIAN\APPLIC~1\AOL
2007-09-08 14:01 --------- d-------- C:\DOCUME~1\DELPHINE\APPLIC~1\AOL
2007-09-08 14:01 --------- d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\AOL
2007-09-06 22:46 --------- d-------- C:\DOCUME~1\ZUUL\APPLIC~1\Ahead
2007-09-04 22:35 --------- d-------- C:\Program Files\Ahead
2007-09-04 19:12 --------- d-------- C:\Program Files\eMule
2007-09-03 22:00 --------- d-------- C:\DOCUME~1\ZUUL\APPLIC~1\Lavasoft
2007-09-02 09:20 --------- d-------- C:\Program Files\Azureus
2007-08-14 21:00 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-08-10 13:30 --------- d-------- C:\Program Files\Neuf
2007-08-07 16:35 --------- d-------- C:\DOCUME~1\FLORIAN\APPLIC~1\DivX
2007-08-07 16:35 --------- d-------- C:\DOCUME~1\FLORIAN\APPLIC~1\Ahead
2007-07-28 00:02 94416 --a------ C:\windows\system32\drivers\aswmon2.sys
2007-07-28 00:02 92848 --a------ C:\windows\system32\drivers\aswmon.sys
2007-07-28 00:00 23152 --a------ C:\windows\system32\drivers\aswRdr.sys
2007-07-27 23:59 42912 --a------ C:\windows\system32\drivers\aswTdi.sys
2007-07-27 23:58 26624 --a------ C:\windows\system32\drivers\aavmker4.sys
2007-07-21 10:57 --------- d-------- C:\DOCUME~1\DELPHINE\APPLIC~1\vlc
2007-07-20 20:37 --------- d-------- C:\Program Files\Destinator PC Portal
2007-07-20 20:37 --------- d-------- C:\DOCUME~1\ZUUL\APPLIC~1\Destinator
2007-07-13 21:17 --------- d-------- C:\Program Files\InstantTouch
2007-06-13 15:22 1037312 --a------ C:\windows\explorer.exe
2007-04-28 11:28 13905464 --a------ C:\Program Files\snagit.exe
2007-02-05 19:52 4608 --ahs---- C:\Program Files\Thumbs.db
2006-11-09 14:24 4300800 --ah----- C:\Program Files\NeroStartSmart.exe
2006-09-25 04:13 12616042 --a------ C:\Program Files\Techsmith.Snagit.v8.1.0.incl.keygen-Zwt.by.ChingLiu.rar
2006-09-09 10:06 2935293 --a------ C:\Program Files\Microsoft Power Point Viewer 8.0.zip
2006-05-07 10:55 482 --a------ C:\Program Files\Raccourci vers Jardins3D.lnk
2005-09-15 11:01 6697656 --a------ C:\Program Files\eDrawingsFrench.exe
2004-07-22 10:51 3432656 --a------ C:\Program Files\ManagedDX.CAB
2004-07-19 22:58 1156363 --a------ C:\Program Files\BDANT.cab
2004-07-19 22:53 976020 --a------ C:\Program Files\BDAXP.cab
2004-07-09 14:17 13265040 --a------ C:\Program Files\dxnt.cab
2004-07-09 09:13 703080 --a------ C:\Program Files\BDA.cab
2004-07-09 09:13 15493481 --a------ C:\Program Files\DirectX.cab
2004-07-09 04:08 472576 --a------ C:\Program Files\dxsetup.exe
2004-07-09 04:08 2242560 --a------ C:\Program Files\dsetup32.dll
2004-07-09 03:03 62976 --a------ C:\Program Files\DSETUP.dll
2003-03-19 08:20 1060864 --a------ C:\Program Files\MFC71.dll
2003-03-19 08:14 499712 --a------ C:\Program Files\msvcp71.dll
2003-03-18 20:05 106496 --a------ C:\Program Files\atl71.dll
2003-02-21 16:42 348160 --a------ C:\Program Files\msvcr71.dll
2002-10-23 14:37 9314 --a------ C:\Program Files\readme.txt
1999-06-25 10:55 149504 --a------ C:\Program Files\UNWISE.EXE
--------- C:\Program Files\Hijackthis Version Française
2005-11-04 12:00:05 56 --sha-r C:\windows\system32\07E9BADCB3.sys
2006-09-03 17:49:04 56 --sha-r C:\windows\system32\20A9F74845.sys
2005-10-19 19:19:28 8 --sha-r C:\windows\system32\CFE20AE075.sys
2006-09-03 17:49:04 10,332 --sha-w C:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1EEC233D-F279-4933-9C71-B71867403425}]
2007-09-12 09:51 244832 --a------ C:\windows\system32\vtsqn.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-10 21:49]
"CmUCRRun"="C:\WINDOWS\system32\CmUCReye.exe" [2006-06-22 20:17]
"CHotkey"="mHotkey.exe" [2004-12-08 18:57 C:\WINDOWS\mHotkey.exe]
"ledpointer"="CNYHKey.exe" [2005-11-10 15:41 C:\WINDOWS\CNYHKey.exe]
"Showwnd"="showwnd.exe" [2003-09-18 21:09 C:\WINDOWS\ShowWnd.exe]
"PCMService"="C:\Program Files\Home Cinema\PowerCinema\PCMService.exe" [2006-02-09 20:02]
"InstantOn"="C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe" [2005-09-22 13:19]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 17:16]
"StandardInstall"="" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03]
"EoEngine"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-18 16:20 C:\WINDOWS\RTHDCPL.EXE]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-31 09:18]
"EoWeather"="" []
"EoClock"="" []
"EoComputer"="" []
"EoRss"="" []
"EoNet"="" []
"EoSudoku"="" []
"EoPhoto"="" []
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 20:44]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-05 14:00]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 22:45]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-29 13:32]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45]
"MsnMsgr"="~C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 10:59]
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\
Acc‚l‚rateur de d‚marrage AutoCAD.lnk - C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe [2005-03-05 08:18:22]
LE COMPAGNON CLUB.lnk - C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe [2006-11-20 21:26:13]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-01-23 20:17:01]
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2005-10-19 20:34:35]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\jkkji
R3 3xHybrid;3xHybrid service;C:\windows\system32\DRIVERS\3xHybrid.sys
R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;C:\windows\system32\DRIVERS\cmiucr.SYS
R3 XUIF;X10 USB Wireless Transceiver;C:\windows\system32\Drivers\x10ufx2.sys
S3 mu05bus;Sagem Communication Mobile Platform MU2005 driver (WDM);C:\windows\system32\DRIVERS\mu05bus.sys
S3 mu05mdfl;Sagem Communication MU2005 CDC WMC Modem Filter;C:\windows\system32\DRIVERS\mu05mdfl.sys
S3 mu05mdm;Sagem Communication MU2005 CDC WMC Modem Drivers;C:\windows\system32\DRIVERS\mu05mdm.sys
S3 mu05mgmt;Sagem Communication MU2005 CDC WMC Device Management Drivers;C:\windows\system32\DRIVERS\mu05mgmt.sys
S3 mu05obex;Sagem Communication MU2005 CDC WMC OBEX Interface Drivers;C:\windows\system32\DRIVERS\mu05obex.sys
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-09-09 17:49:09 C:\windows\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-07 15:08:48 C:\windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2007-09-13 10:33:01 C:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-13 13:08:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr = ~"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background??s
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-13 13:09:58 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-13 13:09
.
--- E O F ---
la suite apres j espere
voici le fichier de quarantain ede combo
[code]
2005-07-28 09:38 1247 --a------ C:\Qoobox\Quarantine\C\Program Files\Autorun.inf.vir
2006-10-19 18:00 235 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system\svchost.dat.vir
2006-10-26 20:58 244 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system\msn.dat.vir
2006-12-04 17:21 0 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\DELPHINE\err.log.vir
2007-05-01 13:39 89 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\ZUUL\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol.vir
2007-05-03 18:44 117 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\ZUUL\APPLIC~1\Macromedia\Flash Player\#SharedObjects\XFKQR7M7\www.broadcaster.com\played_list.sol.vir
2007-05-03 18:44 2109 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\ZUUL\APPLIC~1\Macromedia\Flash Player\#SharedObjects\XFKQR7M7\www.broadcaster.com\video_queue.sol.vir
2007-07-08 21:23 15399 --a------ C:\Qoobox\Quarantine\C\ComboFix\FProps.vbs.vir
2007-09-08 15:54 938042 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ffhkj.tmp.vir
2007-09-10 21:23 932439 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tvvwa.bak1.vir
2007-09-11 12:26 935873 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tvvwa.ini.vir
2007-09-13 12:23 2956 --a------ C:\Qoobox\Quarantine\Registry_backups\services_DomainService.reg.cf
2007-09-13 12:23 846 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_DOMAINSERVICE.reg.cf
Structure du dossier pour le volume BOOT
Le num‚ro de s‚rie du volume est 041F-429E
C:\QOOBOX\QUARANTINE
+---C
| +---ComboFix
| | FProps.vbs.vir
| |
| +---DOCUME~1
| | +---ALLUSE~1
| | | \---APPLIC~1
| | +---DELPHINE
| | | | err.log.vir
| | | |
| | | \---APPLIC~1
| | +---FLORIAN
| | | \---APPLIC~1
| | \---ZUUL
| | \---APPLIC~1
| | \---Macromedia
| | \---Flash Player
| | +---#SharedObjects
| | | \---XFKQR7M7
| | | \---www.broadcaster.com
| | | played_list.sol.vir
| | | video_queue.sol.vir
| | |
| | \---macromedia.com
| | \---support
| | \---flashplayer
| | \---sys
| | \---#www.broadcaster.com
| | settings.sol.vir
| |
| +---Program Files
| | Autorun.inf.vir
| |
| \---WINDOWS
| +---system
| | msn.dat.vir
| | svchost.dat.vir
| |
| \---system32
| ffhkj.tmp.vir
| tvvwa.bak1.vir
| tvvwa.ini.vir
|
\---Registry_backups
LEGACY_DOMAINSERVICE.reg.cf
services_DomainService.reg.cf
[/code]
asuivre
[code]
2005-07-28 09:38 1247 --a------ C:\Qoobox\Quarantine\C\Program Files\Autorun.inf.vir
2006-10-19 18:00 235 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system\svchost.dat.vir
2006-10-26 20:58 244 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system\msn.dat.vir
2006-12-04 17:21 0 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\DELPHINE\err.log.vir
2007-05-01 13:39 89 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\ZUUL\APPLIC~1\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol.vir
2007-05-03 18:44 117 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\ZUUL\APPLIC~1\Macromedia\Flash Player\#SharedObjects\XFKQR7M7\www.broadcaster.com\played_list.sol.vir
2007-05-03 18:44 2109 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\ZUUL\APPLIC~1\Macromedia\Flash Player\#SharedObjects\XFKQR7M7\www.broadcaster.com\video_queue.sol.vir
2007-07-08 21:23 15399 --a------ C:\Qoobox\Quarantine\C\ComboFix\FProps.vbs.vir
2007-09-08 15:54 938042 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ffhkj.tmp.vir
2007-09-10 21:23 932439 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tvvwa.bak1.vir
2007-09-11 12:26 935873 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tvvwa.ini.vir
2007-09-13 12:23 2956 --a------ C:\Qoobox\Quarantine\Registry_backups\services_DomainService.reg.cf
2007-09-13 12:23 846 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_DOMAINSERVICE.reg.cf
Structure du dossier pour le volume BOOT
Le num‚ro de s‚rie du volume est 041F-429E
C:\QOOBOX\QUARANTINE
+---C
| +---ComboFix
| | FProps.vbs.vir
| |
| +---DOCUME~1
| | +---ALLUSE~1
| | | \---APPLIC~1
| | +---DELPHINE
| | | | err.log.vir
| | | |
| | | \---APPLIC~1
| | +---FLORIAN
| | | \---APPLIC~1
| | \---ZUUL
| | \---APPLIC~1
| | \---Macromedia
| | \---Flash Player
| | +---#SharedObjects
| | | \---XFKQR7M7
| | | \---www.broadcaster.com
| | | played_list.sol.vir
| | | video_queue.sol.vir
| | |
| | \---macromedia.com
| | \---support
| | \---flashplayer
| | \---sys
| | \---#www.broadcaster.com
| | settings.sol.vir
| |
| +---Program Files
| | Autorun.inf.vir
| |
| \---WINDOWS
| +---system
| | msn.dat.vir
| | svchost.dat.vir
| |
| \---system32
| ffhkj.tmp.vir
| tvvwa.bak1.vir
| tvvwa.ini.vir
|
\---Registry_backups
LEGACY_DOMAINSERVICE.reg.cf
services_DomainService.reg.cf
[/code]
asuivre
bonsoir,
reposte un rapport hijackthis ainsi que :
* Double-clique VundoFix.exe afin de le lancer
* Clique sur le bouton Scan for Vundo
* Lorsque le scan est complété, clique sur le bouton Remove Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
* Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
reposte un rapport hijackthis ainsi que :
* Double-clique VundoFix.exe afin de le lancer
* Clique sur le bouton Scan for Vundo
* Lorsque le scan est complété, clique sur le bouton Remove Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
* Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
re le pc rame c est dur vundo je l ai fai 2 fois il me dit qu il n est pas infecte je comprend pa avaast il me le trouve a chaque fois ou alors avaaast arrive a le supprimer puis il revient par un chemin d acces enfin je ne suis pas specialise j imagine lol j ai fai virtuobegone voici le rapport
[09/12/2007, 19:36:09] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\ZUUL\Local Settings\Temporary Internet Files\Content.IE5\HU2OG5LO\VirtumundoBeGone[1].exe" )
[09/12/2007, 19:36:17] - Detected System Information:
[09/12/2007, 19:36:17] - Windows Version: 5.1.2600, Service Pack 2
[09/12/2007, 19:36:18] - Current Username: ZUUL (Admin)
[09/12/2007, 19:36:18] - Windows is in NORMAL mode.
[09/12/2007, 19:36:18] - Searching for Browser Helper Objects:
[09/12/2007, 19:36:18] - BHO 1: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class)
[09/12/2007, 19:36:18] - BHO 2: {300a1872-2659-460f-b7d4-3fcdfd259d87} ()
[09/12/2007, 19:36:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/12/2007, 19:36:18] - Checking for HKLM\...\Winlogon\Notify\Starware370
[09/12/2007, 19:36:18] - Key not found: HKLM\...\Winlogon\Notify\Starware370, continuing.
[09/12/2007, 19:36:18] - BHO 3: {38C2A070-7309-4B87-9292-F9B83E386DBC} ()
[09/12/2007, 19:36:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/12/2007, 19:36:18] - Checking for HKLM\...\Winlogon\Notify\vtsqn
[09/12/2007, 19:36:18] - Key not found: HKLM\...\Winlogon\Notify\vtsqn, continuing.
[09/12/2007, 19:36:18] - BHO 4: {435D08DD-665E-474F-B977-5EE75A2BDCB2} ()
[09/12/2007, 19:36:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/12/2007, 19:36:18] - Checking for HKLM\...\Winlogon\Notify\awttrpq
[09/12/2007, 19:36:18] - Found: HKLM\...\Winlogon\Notify\awttrpq - This is probably Virtumundo.
[09/12/2007, 19:36:18] - Assigning {435D08DD-665E-474F-B977-5EE75A2BDCB2} MSEvents Object
[09/12/2007, 19:36:18] - BHO list has been changed! Starting over...
[09/12/2007, 19:36:18] - BHO 1: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class)
[09/12/2007, 19:36:18] - BHO 2: {300a1872-2659-460f-b7d4-3fcdfd259d87} ()
[09/12/2007, 19:36:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/12/2007, 19:36:18] - Checking for HKLM\...\Winlogon\Notify\Starware370
[09/12/2007, 19:36:18] - Key not found: HKLM\...\Winlogon\Notify\Starware370, continuing.
[09/12/2007, 19:36:18] - BHO 3: {38C2A070-7309-4B87-9292-F9B83E386DBC} ()
[09/12/2007, 19:36:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/12/2007, 19:36:18] - Checking for HKLM\...\Winlogon\Notify\vtsqn
[09/12/2007, 19:36:18] - Key not found: HKLM\...\Winlogon\Notify\vtsqn, continuing.
[09/12/2007, 19:36:18] - BHO 4: {435D08DD-665E-474F-B977-5EE75A2BDCB2} (MSEvents Object)
[09/12/2007, 19:36:18] - ALERT: Found MSEvents Object!
[09/12/2007, 19:36:18] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} ()
[09/12/2007, 19:36:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/12/2007, 19:36:18] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[09/12/2007, 19:36:18] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[09/12/2007, 19:36:18] - BHO 6: {64F56FC1-1272-44CD-BA6E-39723696E350} (EoBho Class)
[09/12/2007, 19:36:18] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/12/2007, 19:36:18] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[09/12/2007, 19:36:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/12/2007, 19:36:18] - No filename found. Continuing.
[09/12/2007, 19:36:18] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[09/12/2007, 19:36:18] - BHO 10: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[09/12/2007, 19:36:18] - BHO 11: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[09/12/2007, 19:36:18] - BHO 12: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[09/12/2007, 19:36:18] - BHO 13: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[09/12/2007, 19:36:18] - Finished Searching Browser Helper Objects
[09/12/2007, 19:36:18] - *** Detected MSEvents Object
[09/12/2007, 19:36:18] - Trying to remove MSEvents Object...
[09/12/2007, 19:36:19] - Terminating Process: IEXPLORE.EXE
[09/12/2007, 19:36:20] - Terminating Process: RUNDLL32.EXE
[09/12/2007, 19:36:20] - Disabling Automatic Shell Restart
[09/12/2007, 19:36:20] - Terminating Process: EXPLORER.EXE
[09/12/2007, 19:36:21] - Suspending the NT Session Manager System Service
[09/12/2007, 19:36:22] - Terminating Windows NT Logon/Logoff Manager
[09/12/2007, 19:36:23] - Re-enabling Automatic Shell Restart
[09/12/2007, 19:36:23] - File to disable: C:\WINDOWS\system32\awttrpq.dll
[09/12/2007, 19:36:23] - Removing HKLM\...\Browser Helper Objects\{435D08DD-665E-474F-B977-5EE75A2BDCB2}
[09/12/2007, 19:36:24] - Removing HKCR\CLSID\{435D08DD-665E-474F-B977-5EE75A2BDCB2}
[09/12/2007, 19:36:24] - Adding Kill Bit for ActiveX for GUID: {435D08DD-665E-474F-B977-5EE75A2BDCB2}
[09/12/2007, 19:36:24] - Deleting ATLEvents/MSEvents Registry entries
[09/12/2007, 19:36:24] - Removing HKLM\...\Winlogon\Notify\awttrpq
[09/12/2007, 19:36:24] - Searching for Browser Helper Objects:
[09/12/2007, 19:36:24] - BHO 1: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class)
[09/12/2007, 19:36:24] - BHO 2: {300a1872-2659-460f-b7d4-3fcdfd259d87} ()
[09/12/2007, 19:36:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/12/2007, 19:36:24] - Checking for HKLM\...\Winlogon\Notify\Starware370
[09/12/2007, 19:36:24] - Key not found: HKLM\...\Winlogon\Notify\Starware370, continuing.
[09/12/2007, 19:36:24] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[09/12/2007, 19:36:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/12/2007, 19:36:24] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[09/12/2007, 19:36:24] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[09/12/2007, 19:36:24] - BHO 4: {64F56FC1-1272-44CD-BA6E-39723696E350} (EoBho Class)
[09/12/2007, 19:36:24] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/12/2007, 19:36:24] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[09/12/2007, 19:36:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/12/2007, 19:36:24] - No filename found. Continuing.
[09/12/2007, 19:36:24] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[09/12/2007, 19:36:24] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[09/12/2007, 19:36:24] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[09/12/2007, 19:36:24] - BHO 10: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[09/12/2007, 19:36:24] - BHO 11: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[09/12/2007, 19:36:25] - BHO 12: {E9F15ACE-1E4B-42A8-AF2E-6EDFD0671C3D} ()
[09/12/2007, 19:36:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/12/2007, 19:36:25] - Checking for HKLM\...\Winlogon\Notify\vtsqn
[09/12/2007, 19:36:25] - Key not found: HKLM\...\Winlogon\Notify\vtsqn, continuing.
[09/12/2007, 19:36:25] - Finished Searching Browser Helper Objects
[09/12/2007, 19:36:25] - Finishing up...
[09/12/2007, 19:36:25] - A restart is needed.
[09/12/2007, 19:36:37] - Attempting to Restart via STOP error (Blue Screen!)
[09/12/2007, 23:43:31] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\ZUUL\Bureau\VirtumundoBeGone.exe" )
[09/12/2007, 23:43:41] - Detected System Information:
[09/12/2007, 23:43:41] - Windows Version: 5.1.2600, Service Pack 2
[09/12/2007, 23:43:41] - Current Username: ZUUL (Admin)
[09/12/2007, 23:43:41] - Windows is in NORMAL mode.
[09/12/2007, 23:43:41] - Searching for Browser Helper Objects:
[09/12/2007, 23:43:41] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} ()
[09/12/2007, 23:43:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/12/2007, 23:43:41] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[09/12/2007, 23:43:41] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[09/12/2007, 23:43:41] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/12/2007, 23:43:41] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[09/12/2007, 23:43:41] - BHO 4: {93ACD2CF-2484-4689-8E67-CC228A50B69D} ()
[09/12/2007, 23:43:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/12/2007, 23:43:41] - Checking for HKLM\...\Winlogon\Notify\vtsqn
[09/12/2007, 23:43:41] - Key not found: HKLM\...\Winlogon\Notify\vtsqn, continuing.
[09/12/2007, 23:43:41] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[09/12/2007, 23:43:41] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[09/12/2007, 23:43:41] - BHO 7: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[09/12/2007, 23:43:41] - Finished Searching Browser Helper Objects
[09/12/2007, 23:43:41] - Finishing up...
[09/12/2007, 23:43:41] - Nothing found! Exiting...
[09/14/2007, 21:45:46] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\ZUUL\Bureau\VirtumundoBeGone.exe" )
[09/14/2007, 21:45:54] - Detected System Information:
[09/14/2007, 21:45:54] - Windows Version: 5.1.2600, Service Pack 2
[09/14/2007, 21:45:54] - Current Username: ZUUL (Admin)
[09/14/2007, 21:45:54] - Windows is in NORMAL mode.
[09/14/2007, 21:45:55] - Searching for Browser Helper Objects:
[09/14/2007, 21:45:55] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} ()
[09/14/2007, 21:45:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/14/2007, 21:45:55] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[09/14/2007, 21:45:55] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[09/14/2007, 21:45:55] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/14/2007, 21:45:55] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[09/14/2007, 21:45:55] - BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[09/14/2007, 21:45:55] - BHO 5: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[09/14/2007, 21:45:55] - BHO 6: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[09/14/2007, 21:45:55] - BHO 7: {FFF32773-F548-4787-B4F3-5415155F47C5} ()
[09/14/2007, 21:45:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/14/2007, 21:45:55] - Checking for HKLM\...\Winlogon\Notify\vtsqn
[09/14/2007, 21:45:55] - Key not found: HKLM\...\Winlogon\Notify\vtsqn, continuing.
[09/14/2007, 21:45:55] - Finished Searching Browser Helper Objects
[09/14/2007, 21:45:55] - Finishing up...
[09/14/2007, 21:45:55] - Nothing found! Exiting...
[09/14/2007, 22:03:54] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\ZUUL\Bureau\VirtumundoBeGone.exe" )
[09/14/2007, 22:04:01] - Detected System Information:
[09/14/2007, 22:04:01] - Windows Version: 5.1.2600, Service Pack 2
[09/14/2007, 22:04:01] - Current Username: ZUUL (Admin)
[09/14/2007, 22:04:01] - Windows is in NORMAL mode.
[09/14/2007, 22:04:01] - Searching for Browser Helper Objects:
[09/14/2007, 22:04:01] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} ()
[09/14/2007, 22:04:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/14/2007, 22:04:01] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[09/14/2007, 22:04:01] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[09/14/2007, 22:04:01] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/14/2007, 22:04:01] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[09/14/2007, 22:04:01] - BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[09/14/2007, 22:04:01] - BHO 5: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[09/14/2007, 22:04:01] - BHO 6: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[09/14/2007, 22:04:01] - BHO 7: {FFF32773-F548-4787-B4F3-5415155F47C5} ()
[09/14/2007, 22:04:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/14/2007, 22:04:02] - Checking for HKLM\...\Winlogon\Notify\vtsqn
[09/14/2007, 22:04:02] - Key not found: HKLM\...\Winlogon\Notify\vtsqn, continuing.
[09/14/2007, 22:04:02] - Finished Searching Browser Helper Objects
[09/14/2007, 22:04:02] - Finishing up...
[09/14/2007, 22:04:02] - Nothing found! Exiting...
et voici le hijack
Logfile of HijackThis v1.99.1
Scan saved at 22:08:44, on 14/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\windows\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\windows\System32\snmp.exe
C:\windows\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\System32\alg.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\windows\mHotkey.exe
C:\windows\CNYHKey.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\windows\RTHDCPL.EXE
C:\windows\system32\wuauclt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\Program Files\Club-Internet\Le Compagnon Club\bin\mpbtn.exe
C:\windows\system32\rundll32.exe
C:\windows\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FFF32773-F548-4787-B4F3-5415155F47C5} - C:\windows\system32\vtsqn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Share Accelerator Toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbShar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Showwnd] showwnd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?f32452549b2742cdaef52ece3871069d
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?f32452549b2742cdaef52ece3871069d
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
au cas ou peux tu me donner la procedure pour formater il parait quecela efface tout meme les virus ca m ennuierai mais bon j essaierai de sauvegarder sur dvd mes documents en esperan que les virus ne s y logent pas
pour le scan bit defender j ai le rapport en format html mais impossible de l ouvrir il rame et ne veut pas l ouvrir meùme en le transformant en bloc note ou alors c est que je m y sui mal pris
[09/12/2007, 19:36:09] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\ZUUL\Local Settings\Temporary Internet Files\Content.IE5\HU2OG5LO\VirtumundoBeGone[1].exe" )
[09/12/2007, 19:36:17] - Detected System Information:
[09/12/2007, 19:36:17] - Windows Version: 5.1.2600, Service Pack 2
[09/12/2007, 19:36:18] - Current Username: ZUUL (Admin)
[09/12/2007, 19:36:18] - Windows is in NORMAL mode.
[09/12/2007, 19:36:18] - Searching for Browser Helper Objects:
[09/12/2007, 19:36:18] - BHO 1: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class)
[09/12/2007, 19:36:18] - BHO 2: {300a1872-2659-460f-b7d4-3fcdfd259d87} ()
[09/12/2007, 19:36:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/12/2007, 19:36:18] - Checking for HKLM\...\Winlogon\Notify\Starware370
[09/12/2007, 19:36:18] - Key not found: HKLM\...\Winlogon\Notify\Starware370, continuing.
[09/12/2007, 19:36:18] - BHO 3: {38C2A070-7309-4B87-9292-F9B83E386DBC} ()
[09/12/2007, 19:36:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/12/2007, 19:36:18] - Checking for HKLM\...\Winlogon\Notify\vtsqn
[09/12/2007, 19:36:18] - Key not found: HKLM\...\Winlogon\Notify\vtsqn, continuing.
[09/12/2007, 19:36:18] - BHO 4: {435D08DD-665E-474F-B977-5EE75A2BDCB2} ()
[09/12/2007, 19:36:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/12/2007, 19:36:18] - Checking for HKLM\...\Winlogon\Notify\awttrpq
[09/12/2007, 19:36:18] - Found: HKLM\...\Winlogon\Notify\awttrpq - This is probably Virtumundo.
[09/12/2007, 19:36:18] - Assigning {435D08DD-665E-474F-B977-5EE75A2BDCB2} MSEvents Object
[09/12/2007, 19:36:18] - BHO list has been changed! Starting over...
[09/12/2007, 19:36:18] - BHO 1: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class)
[09/12/2007, 19:36:18] - BHO 2: {300a1872-2659-460f-b7d4-3fcdfd259d87} ()
[09/12/2007, 19:36:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/12/2007, 19:36:18] - Checking for HKLM\...\Winlogon\Notify\Starware370
[09/12/2007, 19:36:18] - Key not found: HKLM\...\Winlogon\Notify\Starware370, continuing.
[09/12/2007, 19:36:18] - BHO 3: {38C2A070-7309-4B87-9292-F9B83E386DBC} ()
[09/12/2007, 19:36:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/12/2007, 19:36:18] - Checking for HKLM\...\Winlogon\Notify\vtsqn
[09/12/2007, 19:36:18] - Key not found: HKLM\...\Winlogon\Notify\vtsqn, continuing.
[09/12/2007, 19:36:18] - BHO 4: {435D08DD-665E-474F-B977-5EE75A2BDCB2} (MSEvents Object)
[09/12/2007, 19:36:18] - ALERT: Found MSEvents Object!
[09/12/2007, 19:36:18] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} ()
[09/12/2007, 19:36:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/12/2007, 19:36:18] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[09/12/2007, 19:36:18] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[09/12/2007, 19:36:18] - BHO 6: {64F56FC1-1272-44CD-BA6E-39723696E350} (EoBho Class)
[09/12/2007, 19:36:18] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/12/2007, 19:36:18] - BHO 8: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[09/12/2007, 19:36:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/12/2007, 19:36:18] - No filename found. Continuing.
[09/12/2007, 19:36:18] - BHO 9: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[09/12/2007, 19:36:18] - BHO 10: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[09/12/2007, 19:36:18] - BHO 11: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[09/12/2007, 19:36:18] - BHO 12: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[09/12/2007, 19:36:18] - BHO 13: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[09/12/2007, 19:36:18] - Finished Searching Browser Helper Objects
[09/12/2007, 19:36:18] - *** Detected MSEvents Object
[09/12/2007, 19:36:18] - Trying to remove MSEvents Object...
[09/12/2007, 19:36:19] - Terminating Process: IEXPLORE.EXE
[09/12/2007, 19:36:20] - Terminating Process: RUNDLL32.EXE
[09/12/2007, 19:36:20] - Disabling Automatic Shell Restart
[09/12/2007, 19:36:20] - Terminating Process: EXPLORER.EXE
[09/12/2007, 19:36:21] - Suspending the NT Session Manager System Service
[09/12/2007, 19:36:22] - Terminating Windows NT Logon/Logoff Manager
[09/12/2007, 19:36:23] - Re-enabling Automatic Shell Restart
[09/12/2007, 19:36:23] - File to disable: C:\WINDOWS\system32\awttrpq.dll
[09/12/2007, 19:36:23] - Removing HKLM\...\Browser Helper Objects\{435D08DD-665E-474F-B977-5EE75A2BDCB2}
[09/12/2007, 19:36:24] - Removing HKCR\CLSID\{435D08DD-665E-474F-B977-5EE75A2BDCB2}
[09/12/2007, 19:36:24] - Adding Kill Bit for ActiveX for GUID: {435D08DD-665E-474F-B977-5EE75A2BDCB2}
[09/12/2007, 19:36:24] - Deleting ATLEvents/MSEvents Registry entries
[09/12/2007, 19:36:24] - Removing HKLM\...\Winlogon\Notify\awttrpq
[09/12/2007, 19:36:24] - Searching for Browser Helper Objects:
[09/12/2007, 19:36:24] - BHO 1: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE Class)
[09/12/2007, 19:36:24] - BHO 2: {300a1872-2659-460f-b7d4-3fcdfd259d87} ()
[09/12/2007, 19:36:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/12/2007, 19:36:24] - Checking for HKLM\...\Winlogon\Notify\Starware370
[09/12/2007, 19:36:24] - Key not found: HKLM\...\Winlogon\Notify\Starware370, continuing.
[09/12/2007, 19:36:24] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[09/12/2007, 19:36:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/12/2007, 19:36:24] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[09/12/2007, 19:36:24] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[09/12/2007, 19:36:24] - BHO 4: {64F56FC1-1272-44CD-BA6E-39723696E350} (EoBho Class)
[09/12/2007, 19:36:24] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/12/2007, 19:36:24] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[09/12/2007, 19:36:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/12/2007, 19:36:24] - No filename found. Continuing.
[09/12/2007, 19:36:24] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[09/12/2007, 19:36:24] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[09/12/2007, 19:36:24] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[09/12/2007, 19:36:24] - BHO 10: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[09/12/2007, 19:36:24] - BHO 11: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[09/12/2007, 19:36:25] - BHO 12: {E9F15ACE-1E4B-42A8-AF2E-6EDFD0671C3D} ()
[09/12/2007, 19:36:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/12/2007, 19:36:25] - Checking for HKLM\...\Winlogon\Notify\vtsqn
[09/12/2007, 19:36:25] - Key not found: HKLM\...\Winlogon\Notify\vtsqn, continuing.
[09/12/2007, 19:36:25] - Finished Searching Browser Helper Objects
[09/12/2007, 19:36:25] - Finishing up...
[09/12/2007, 19:36:25] - A restart is needed.
[09/12/2007, 19:36:37] - Attempting to Restart via STOP error (Blue Screen!)
[09/12/2007, 23:43:31] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\ZUUL\Bureau\VirtumundoBeGone.exe" )
[09/12/2007, 23:43:41] - Detected System Information:
[09/12/2007, 23:43:41] - Windows Version: 5.1.2600, Service Pack 2
[09/12/2007, 23:43:41] - Current Username: ZUUL (Admin)
[09/12/2007, 23:43:41] - Windows is in NORMAL mode.
[09/12/2007, 23:43:41] - Searching for Browser Helper Objects:
[09/12/2007, 23:43:41] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} ()
[09/12/2007, 23:43:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/12/2007, 23:43:41] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[09/12/2007, 23:43:41] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[09/12/2007, 23:43:41] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/12/2007, 23:43:41] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[09/12/2007, 23:43:41] - BHO 4: {93ACD2CF-2484-4689-8E67-CC228A50B69D} ()
[09/12/2007, 23:43:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/12/2007, 23:43:41] - Checking for HKLM\...\Winlogon\Notify\vtsqn
[09/12/2007, 23:43:41] - Key not found: HKLM\...\Winlogon\Notify\vtsqn, continuing.
[09/12/2007, 23:43:41] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[09/12/2007, 23:43:41] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[09/12/2007, 23:43:41] - BHO 7: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[09/12/2007, 23:43:41] - Finished Searching Browser Helper Objects
[09/12/2007, 23:43:41] - Finishing up...
[09/12/2007, 23:43:41] - Nothing found! Exiting...
[09/14/2007, 21:45:46] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\ZUUL\Bureau\VirtumundoBeGone.exe" )
[09/14/2007, 21:45:54] - Detected System Information:
[09/14/2007, 21:45:54] - Windows Version: 5.1.2600, Service Pack 2
[09/14/2007, 21:45:54] - Current Username: ZUUL (Admin)
[09/14/2007, 21:45:54] - Windows is in NORMAL mode.
[09/14/2007, 21:45:55] - Searching for Browser Helper Objects:
[09/14/2007, 21:45:55] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} ()
[09/14/2007, 21:45:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/14/2007, 21:45:55] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[09/14/2007, 21:45:55] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[09/14/2007, 21:45:55] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/14/2007, 21:45:55] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[09/14/2007, 21:45:55] - BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[09/14/2007, 21:45:55] - BHO 5: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[09/14/2007, 21:45:55] - BHO 6: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[09/14/2007, 21:45:55] - BHO 7: {FFF32773-F548-4787-B4F3-5415155F47C5} ()
[09/14/2007, 21:45:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/14/2007, 21:45:55] - Checking for HKLM\...\Winlogon\Notify\vtsqn
[09/14/2007, 21:45:55] - Key not found: HKLM\...\Winlogon\Notify\vtsqn, continuing.
[09/14/2007, 21:45:55] - Finished Searching Browser Helper Objects
[09/14/2007, 21:45:55] - Finishing up...
[09/14/2007, 21:45:55] - Nothing found! Exiting...
[09/14/2007, 22:03:54] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\ZUUL\Bureau\VirtumundoBeGone.exe" )
[09/14/2007, 22:04:01] - Detected System Information:
[09/14/2007, 22:04:01] - Windows Version: 5.1.2600, Service Pack 2
[09/14/2007, 22:04:01] - Current Username: ZUUL (Admin)
[09/14/2007, 22:04:01] - Windows is in NORMAL mode.
[09/14/2007, 22:04:01] - Searching for Browser Helper Objects:
[09/14/2007, 22:04:01] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} ()
[09/14/2007, 22:04:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/14/2007, 22:04:01] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[09/14/2007, 22:04:01] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[09/14/2007, 22:04:01] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/14/2007, 22:04:01] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[09/14/2007, 22:04:01] - BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[09/14/2007, 22:04:01] - BHO 5: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[09/14/2007, 22:04:01] - BHO 6: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[09/14/2007, 22:04:01] - BHO 7: {FFF32773-F548-4787-B4F3-5415155F47C5} ()
[09/14/2007, 22:04:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/14/2007, 22:04:02] - Checking for HKLM\...\Winlogon\Notify\vtsqn
[09/14/2007, 22:04:02] - Key not found: HKLM\...\Winlogon\Notify\vtsqn, continuing.
[09/14/2007, 22:04:02] - Finished Searching Browser Helper Objects
[09/14/2007, 22:04:02] - Finishing up...
[09/14/2007, 22:04:02] - Nothing found! Exiting...
et voici le hijack
Logfile of HijackThis v1.99.1
Scan saved at 22:08:44, on 14/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\windows\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\windows\System32\snmp.exe
C:\windows\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\System32\alg.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\windows\mHotkey.exe
C:\windows\CNYHKey.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\windows\RTHDCPL.EXE
C:\windows\system32\wuauclt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\Program Files\Club-Internet\Le Compagnon Club\bin\mpbtn.exe
C:\windows\system32\rundll32.exe
C:\windows\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FFF32773-F548-4787-B4F3-5415155F47C5} - C:\windows\system32\vtsqn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Share Accelerator Toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbShar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [Showwnd] showwnd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\RT2500 USB Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?f32452549b2742cdaef52ece3871069d
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?f32452549b2742cdaef52ece3871069d
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
au cas ou peux tu me donner la procedure pour formater il parait quecela efface tout meme les virus ca m ennuierai mais bon j essaierai de sauvegarder sur dvd mes documents en esperan que les virus ne s y logent pas
pour le scan bit defender j ai le rapport en format html mais impossible de l ouvrir il rame et ne veut pas l ouvrir meùme en le transformant en bloc note ou alors c est que je m y sui mal pris
bonsoir,
j'en perds mon latin, je dois passer à côté de qq chose, mais quoi....
je ne comprends tjs pas pourquoi vundo ne te trouve rien
pour le lien de the avenger, voilà
http://www.geekstogo.com/forum/files/file/393-the-avenger-by-swandog46/
je pense que c'est le bon cette fois
tu connais ceci :
O4 - HKLM\..\Run: [Showwnd] showwnd.exe
j'en perds mon latin, je dois passer à côté de qq chose, mais quoi....
je ne comprends tjs pas pourquoi vundo ne te trouve rien
pour le lien de the avenger, voilà
http://www.geekstogo.com/forum/files/file/393-the-avenger-by-swandog46/
je pense que c'est le bon cette fois
tu connais ceci :
O4 - HKLM\..\Run: [Showwnd] showwnd.exe
