Tentative de nettoyage virus msn img0012.zip

Résolu
anneo -  
 anneso -
Bonsoir à tous,
j'ai suivi les conseil de Jeff et voici donc mon rapport :

MSNFix 1.518

C:\Documents and Settings\annesophie\Bureau\MSNFix
Fix exécuté le 23/09/2007 - 22:56:46,78 By annesophie
mode normal

************************ Recherche les fichiers présents

... C:\WINDOWS\cookies.ini

************************ MSNCHK ***** /!\ beta test /!\

************************ Recherche les dossiers présents

... C:\Temp\

************************ Suppression des fichiers

.. OK ... C:\WINDOWS\cookies.ini

************************ Suppression des dossiers

.. OK ... C:\Temp\

************************ Nettoyage du registre

************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\WINDOWS\system32\Whirl.scr] 74A9A00CC4272DC2FBD4575F9C6BC1BD
[C:\WINDOWS\system32\Zoom.scr] E903C524336DC38E8186E6AB7DACB728

[color=#FF0000][b]==>[/b][/color] SVP merci d'envoyer le fichier [b] C:\DOCUME~1\ANNESO~1\Bureau\Upload_Me.zip [/b] sur http://upload.changelog.fr

Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 23092007_23005644.zip

------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

Merci de me tenir au courant rapidement de ce que je dois faire.

AnneSophie
Configuration: Windows XP
Internet Explorer 7.0

23 réponses

  • 1
  • 2
  1. clownface Messages postés 1490 Statut Membre 73
     
    bonsoir,

    continuer à suivre les conseils de jeff, et poster un log hijack :)
    0
  2. farheen Messages postés 53 Statut Membre
     
    comment on utilise msnfix.....jy arive pa. c amarche pa. aidez moi svppppppppp. merci
    0
    1. clownface Messages postés 1490 Statut Membre 73
       
      merci de créer ton sujet...
      on ne va plus s'y retrouver sinon
      A+
      0
  3. !aur3n7
     
    Bonjour anneo,

    Peux tu, s'il te plait, me faire parvenir le fichier Upload_Me.zip situé sur ton bureau .
    Regarde ici pour la méthode http://www.infos-du-net.com/forum/272805-11-upload-fichiers-supects-msnfix

    ensuite

    Merci de bien lire et suivre attentivement ce qui est écrit car tu dois appuyer sur une touche lors du scan.. si tu ne le fais pas le rapport ne sera pas entier et tu devras recommencer donc :

    - Télécharge sur ton bureau [url=http://www.malekal.com/download/DiagHelp.zip]DiagHelp.zip[/url] sur ton bureau - Tuto : [url=http://www.malekal.com/DiagHelp/DiagHelp.php]http://www.malekal.com/DiagHelp/DiagHelp.php[/url]
    - !!! Ne double-clic pas dessus !!! Fais un clic droit sur le fichier et extraire tout
    - Un nouveau dossier chercher va être créé DiagHelp
    - Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
    - Une fenêtre va s'ouvrir, choisis [b]l'option 1[/b]
    - L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande.

    [b]ATTENTION :[/b] pendant l'analyse, après le rapport catchme sur l'écran rouge, il te sera demandé d'appuyer sur [b]entrée[/b] afin de poursuivre le scan, suis bien les instructions à l'écran !

    - Lorsque l'analyse sera terminé... le bloc-note va s'ouvrir.
    - Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
    -- Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
    -- A nouveau menu Edition / copier
    -- Dans un nouveau message ici, faire un clic droit / coller
    0
    1. anneso
       
      VOICI LES RESULTATS DU SCAN PAR DIAGHELP.
      MERCI DE ME DIRE CE QUE JE DOIS EN FAIRE DE TOUT CES RESULTATS DE SCAN, CAR JE SUIS UN PEU PERDU DANS TOUT CA;
      AS-TU RECU LE FICHIER UPLOAD_ME.ZIP ???

      JE FAIS QUOI MAINTENANT ???

      ANNESO
      
      
      DiagHelp version v1.2 - http://www.malekal.com
      excute le 24/09/2007 à 11:32:48,17


      Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
      C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->24/09/2007 11:32:24
      C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->24/09/2007 11:31:59
      C:\WINDOWS\prefetch\WINZIP32.EXE-335422C1.pf -->24/09/2007 11:30:44
      C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf -->24/09/2007 11:30:07
      C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf -->24/09/2007 11:24:28
      C:\WINDOWS\prefetch\MSNTBUP.EXE-0D913FB9.pf -->24/09/2007 11:24:12
      C:\WINDOWS\prefetch\LOGIACTION.EXE-36CAB6C8.pf -->24/09/2007 11:21:35
      C:\WINDOWS\prefetch\SPRITE6.EXE-2DFBE220.pf -->24/09/2007 11:21:34
      C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->24/09/2007 11:09:49
      C:\WINDOWS\prefetch\MSN_SL.EXE-18A18BC5.pf -->24/09/2007 11:06:50

      C:\WINDOWS\System32\drivers\aswmon.sys -->06/09/2007 12:05:25
      C:\WINDOWS\System32\drivers\aswmon2.sys -->06/09/2007 12:05:10
      C:\WINDOWS\System32\drivers\aswRdr.sys -->06/09/2007 12:03:02
      C:\WINDOWS\System32\drivers\aswTdi.sys -->06/09/2007 12:02:20
      C:\WINDOWS\System32\drivers\aavmker4.sys -->06/09/2007 12:00:53
      C:\WINDOWS\System32\drivers\ntfs.sys -->09/02/2007 13:10:35
      C:\WINDOWS\System32\drivers\wpdusb.sys -->18/10/2006 21:00:00

      C:\WINDOWS\System32\jknmp.tmp2 -->24/09/2007 11:32:53
      C:\WINDOWS\System32\jknmp.ini2 -->24/09/2007 11:32:53
      C:\WINDOWS\System32\rdneyddt.ini -->24/09/2007 10:48:16
      C:\WINDOWS\System32\psqlnvck.ini -->24/09/2007 10:48:16
      C:\WINDOWS\System32\tddyendr.dll -->24/09/2007 10:47:35
      C:\WINDOWS\System32\jknmp.bak2 -->24/09/2007 10:41:35
      C:\WINDOWS\System32\kcvnlqsp.dll -->23/09/2007 23:39:30
      C:\WINDOWS\System32\otmqiymv.ini -->23/09/2007 22:32:53
      C:\WINDOWS\System32\vmyiqmto.dll -->23/09/2007 22:13:43
      C:\WINDOWS\System32\bhibisjd.ini -->23/09/2007 19:49:36
      C:\WINDOWS\System32\djsibihb.dll -->23/09/2007 19:49:21
      C:\WINDOWS\System32\cgqvpykc.ini -->23/09/2007 18:49:33
      C:\WINDOWS\System32\aqvuhavi.ini -->23/09/2007 18:24:23
      C:\WINDOWS\System32\ivahuvqa.dll -->23/09/2007 18:23:58
      C:\WINDOWS\System32\rxlwwsgh.ini -->23/09/2007 18:15:36
      C:\WINDOWS\System32\wpa.dbl -->23/09/2007 18:13:18
      C:\WINDOWS\System32\ybypuuhe.ini -->22/09/2007 19:28:01
      C:\WINDOWS\System32\ehuupyby.dll -->22/09/2007 18:00:40
      C:\WINDOWS\System32\ysuboumi.ini -->22/09/2007 17:53:09
      C:\WINDOWS\System32\wshrckwb.ini -->21/09/2007 23:04:04
      C:\WINDOWS\System32\aotsnhcd.ini -->21/09/2007 20:02:36
      C:\WINDOWS\System32\dchnstoa.dll -->21/09/2007 20:01:02
      C:\WINDOWS\System32\jaonexoh.ini -->21/09/2007 19:50:52
      C:\WINDOWS\System32\hoxenoaj.dll -->21/09/2007 19:50:30
      C:\WINDOWS\System32\ddyppiij.ini -->21/09/2007 19:45:48

      C:\WINDOWS\0.log -->24/09/2007 10:38:39
      C:\WINDOWS\wiadebug.log -->24/09/2007 10:37:54
      C:\WINDOWS\WindowsUpdate.log -->24/09/2007 10:37:52
      C:\WINDOWS\wiaservc.log -->24/09/2007 10:37:26
      C:\WINDOWS\bootstat.dat -->24/09/2007 10:34:22
      C:\WINDOWS\SchedLgU.Txt -->23/09/2007 23:50:08
      C:\WINDOWS\cookies.ini -->23/09/2007 23:40:03
      C:\WINDOWS\setupapi.log -->23/09/2007 23:35:09
      C:\WINDOWS\msnfix.txt -->23/09/2007 23:04:48
      C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe -->11/09/2007 20:46:07
      C:\WINDOWS\tsoc.log -->04/09/2007 18:05:13
      C:\WINDOWS\ocmsn.log -->04/09/2007 18:05:13
      C:\WINDOWS\ntdtcsetup.log -->04/09/2007 18:05:13
      C:\WINDOWS\imsins.log -->04/09/2007 18:05:13
      C:\WINDOWS\iis6.log -->04/09/2007 18:05:13


      MD5 des fichiers sensibles
      tcpip.sys 1dbf125862891817f374f407626967f4
      ndis.sys 558635d3af1c7546d26067d5d9b6959e
      null.sys 73c1e1f395918bc2c6dd67af7591a3ad
      svchost.exe 2979b03d5382a602623c0535b16ab9c0

      Le volume dans le lecteur C n'a pas de nom.
      Le numéro de série du volume est 4857-861D

      Répertoire de C:\WINDOWS\temp

      10/10/2000 13:48 65 536 IEHost.exe
      12/09/2001 15:42 212 992 NavBrowser.exe
      2 fichier(s) 278 528 octets
      0 Rép(s) 9 573 642 240 octets libres

      Le volume dans le lecteur C n'a pas de nom.
      Le numéro de série du volume est 4857-861D

      Répertoire de C:\WINDOWS\system32

      20/08/2004 01:09 6 144 csrss.exe
      1 fichier(s) 6 144 octets
      0 Rép(s) 9 573 642 240 octets libres

      Contenu de Downloaded Program Files
      Le volume dans le lecteur C n'a pas de nom.
      Le numéro de série du volume est 4857-861D

      Répertoire de C:\WINDOWS\Downloaded Program Files

      23/09/2007 23:35 <REP> .
      23/09/2007 23:35 <REP> ..
      07/12/2004 17:07 32 bdcore.dll
      25/05/2006 01:21 118 784 bdupd.dll
      13/09/2007 15:36 <REP> CONFLICT.1
      08/10/2004 11:39 65 desktop.ini
      28/03/2002 17:05 1 268 erma.inf
      29/03/2005 14:06 2 011 ESTPTEST.INF
      09/10/2006 04:32 173 328 IEAWSDC.DLL
      09/10/2006 04:11 452 ieawsdc.inf
      14/02/2007 19:44 378 ImageUploader4.inf
      14/02/2007 19:44 2 557 752 ImageUploader4.ocx
      25/05/2006 01:21 53 248 ipsupd.dll
      04/03/2005 04:52 752 jinstall-1_5_0_02.inf
      16/03/2005 12:34 7 407 lang.ini
      23/05/2005 13:41 495 LegitCheckControl.inf
      07/12/2004 17:07 32 libfn.dll
      14/03/2005 14:38 126 live.ini
      20/01/2000 15:25 1 162 Microsoft XML Parser for Java.osd
      20/06/2006 16:44 379 704 MsnPUpld.dll
      19/06/2006 15:40 393 MsnPUpld.inf
      22/08/2003 22:10 226 opuc.inf
      01/06/2006 02:57 1 331 oscan8.inf
      01/06/2006 02:54 471 040 oscan8.ocx
      31/05/2006 04:15 10 oscan81.ocx_x
      22/09/2004 16:59 110 592 PURen-us.dll
      31/05/2002 10:20 117 328 purfr-fr.dll
      14/03/2005 14:58 7 073 scanoptions.tsi
      09/11/2006 15:36 5 019 swflash.inf
      26 fichier(s) 4 010 008 octets

      Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.1

      13/09/2007 15:36 <REP> .
      13/09/2007 15:36 <REP> ..
      02/08/2007 11:31 360 320 MsnPUpld.dll
      02/08/2007 15:47 569 MSNPUpld.inf
      02/08/2007 11:31 67 456 PURen-us.dll
      06/08/2007 12:10 68 992 PURfr-fr.dll
      26/06/2006 19:21 169 672 SymAData.dll
      5 fichier(s) 667 009 octets

      Total des fichiers listés :
      31 fichier(s) 4 677 017 octets
      5 Rép(s) 9 573 642 240 octets libres

      Recherche de rootkit! (Merci S!Ri)

      Recherche d'infections connues

      Export des clefs sensibles..

      Liste des fichiers en exception sur le pare-feu XP SP2

      "C:\\Program Files\\messenger\\msmsgs.exe"="C:\\Program Files\\messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
      "C:\\Program Files\\AOL 9.0a\\waol.exe"="C:\\Program Files\\AOL 9.0a\\waol.exe:*:Disabled:AOL 9.0a"
      "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
      "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule"
      "C:\\Program Files\\Pando Networks\\Pando\\pando.exe"="C:\\Program Files\\Pando Networks\\Pando\\pando.exe:*:Disabled:pando"
      "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Disabled:Skype"
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
      "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
      "C:\\Program Files\\Neuf\\Kit\\9props.exe"="C:\\Program Files\\Neuf\\Kit\\9props.exe:*:Enabled:Etat de votre connexion"
      "C:\\Program Files\\Neuf\\Kit\\9conf.exe"="C:\\Program Files\\Neuf\\Kit\\9conf.exe:*:Enabled:Reconfigurer votre connexion"
      "C:\\Program Files\\Neuf\\Kit\\9launch.exe"="C:\\Program Files\\Neuf\\Kit\\9launch.exe:*:Enabled:9launch.exe"
      "C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Disabled:AOL Instant Messenger"
      "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
      "C:\\WINDOWS\\system\\lsass.exe"="C:\\WINDOWS\\system\\lsass.exe:*:Enabled:Windows Sharing"
      "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
      "C:\\Program Files\\Neuf\\Kit\\9mail.exe"="C:\\Program Files\\Neuf\\Kit\\9mail.exe:*:Disabled:Assistant de messagerie"

      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "C:\\Program Files\\AOL 9.0a\\waol.exe"="C:\\Program Files\\AOL 9.0a\\waol.exe:*:Enabled:AOL 9.0a"
      "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
      "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
      "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

      Export de la clef SharedTaskScheduler

      [SharedTaskScheduler]
      "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
      "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"



      exports des policies
      REGEDIT4

      [system]
      "dontdisplaylastusername"=dword:00000000
      "legalnoticecaption"=""
      "legalnoticetext"=""
      "shutdownwithoutlogon"=dword:00000001
      "undockwithoutlogon"=dword:00000001



      Export des clefs sensibles..
      Rechercher adresses sensibles dans le fichier HOSTS...
      catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2007-09-24 11:35:58
      Windows 5.1.2600 Service Pack 2 NTFS

      scanning hidden services & system hive ...

      scanning hidden registry entries ...

      scanning hidden files ...

      scan completed successfully
      hidden services: 0
      hidden files: 0


      KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

      Process list by traversal of KiWaitListHead

      4 - System
      256 - ashServ.exe
      308 - explorer.exe
      724 - SynTPEnh.exe
      928 - csrss.exe
      952 - winlogon.exe
      996 - services.exe
      1008 - lsass.exe
      1172 - cmd.exe
      1192 - svchost.exe
      1256 - ashDisp.exe
      1260 - msnmsgr.exe
      1272 - svchost.exe
      1348 - spoolsv.exe
      1372 - Directcd.exe
      1404 - LogitechDesktop
      1412 - svchost.exe
      1508 - LVPrcSrv.exe
      1540 - 9wifi.exe
      1560 - usnsvc.exe
      1764 - LVCOMSX.EXE
      2020 - cisvc.exe
      2504 - cidaemon.exe
      2568 - iexplore.exe
      2944 - ashMaiSv.exe
      3308 - ashWebSv.exe

      Total number of processes = 26
      NOTE: Under WinXP, this will not show all processes.

      KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

      Driver/Module list by traversal of PsLoadedModuleList

      804D7000 - \WINDOWS\system32\ntoskrnl.exe
      806EC000 - \WINDOWS\system32\hal.dll
      F9D53000 - \WINDOWS\system32\KDCOM.DLL
      F9C63000 - \WINDOWS\system32\BOOTVID.dll
      F9803000 - ACPI.sys
      F9D55000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS
      F97F2000 - pci.sys
      F9853000 - isapnp.sys
      F9C67000 - compbatt.sys
      F9C6B000 - \WINDOWS\System32\DRIVERS\BATTC.SYS
      F9D57000 - viaide.sys
      F9AD3000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
      F97D4000 - pcmcia.sys
      F9863000 - MountMgr.sys
      F97B5000 - ftdisk.sys
      F9C6F000 - ACPIEC.sys
      F9E1B000 - \WINDOWS\System32\DRIVERS\OPRGHDLR.SYS
      F9ADB000 - PartMgr.sys
      F9873000 - VolSnap.sys
      F979D000 - atapi.sys
      F9883000 - disk.sys
      F9893000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
      F977D000 - fltmgr.sys
      F976B000 - sr.sys
      F9AE3000 - PxHelp20.sys
      F9754000 - KSecDD.sys
      F96C7000 - Ntfs.sys
      F969A000 - NDIS.sys
      F98A3000 - viaagp.sys
      F967F000 - Mup.sys
      F98C3000 - \SystemRoot\System32\DRIVERS\amdk7.sys
      F9CF7000 - \SystemRoot\System32\DRIVERS\CmBatt.sys
      F960A000 - \SystemRoot\System32\DRIVERS\s3gnbm.sys
      F95F6000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
      F9B0B000 - \SystemRoot\System32\DRIVERS\fdc.sys
      F95E2000 - \SystemRoot\System32\DRIVERS\parport.sys
      F98D3000 - \SystemRoot\System32\DRIVERS\i8042prt.sys
      F95B2000 - \SystemRoot\System32\DRIVERS\SynTP.sys
      F9D5B000 - \SystemRoot\System32\DRIVERS\USBD.SYS
      F9B2B000 - \SystemRoot\System32\DRIVERS\mouclass.sys
      F9B3B000 - \SystemRoot\System32\DRIVERS\eaps2kbd.sys
      F9B4B000 - \SystemRoot\System32\DRIVERS\kbdclass.sys
      F98E3000 - \SystemRoot\system32\drivers\Imapi.sys
      F98F3000 - \SystemRoot\System32\Drivers\Cdr4_xp.SYS
      F9903000 - \SystemRoot\System32\DRIVERS\cdrom.sys
      F9913000 - \SystemRoot\System32\DRIVERS\redbook.sys
      F958F000 - \SystemRoot\System32\DRIVERS\ks.sys
      F9B7B000 - \SystemRoot\System32\Drivers\Cdralw2k.SYS
      F956F000 - \SystemRoot\System32\Drivers\pwd_2K.SYS
      F9B83000 - \SystemRoot\System32\DRIVERS\usbuhci.sys
      F954C000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS
      F94E5000 - \SystemRoot\system32\drivers\smwdm.sys
      F9F13000 - \SystemRoot\system32\drivers\SENSUPGD.SYS
      F94C1000 - \SystemRoot\system32\drivers\portcls.sys
      F9933000 - \SystemRoot\system32\drivers\drmk.sys
      F8EB0000 - \SystemRoot\System32\DRIVERS\basic2.sys
      F9943000 - \SystemRoot\System32\DRIVERS\SOAR.SYS
      F9953000 - \SystemRoot\System32\DRIVERS\rksample.sys
      F8E29000 - \SystemRoot\System32\DRIVERS\HSF_CNXT.sys
      F8E03000 - \SystemRoot\System32\DRIVERS\AmosNt.SYS
      F9BA3000 - \SystemRoot\System32\Drivers\Modem.SYS
      F9BAB000 - \SystemRoot\System32\DRIVERS\RTL8139.SYS
      F9F1C000 - \SystemRoot\System32\DRIVERS\audstub.sys
      F99B3000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys
      F9D2B000 - \SystemRoot\System32\DRIVERS\ndistapi.sys
      F8DEC000 - \SystemRoot\System32\DRIVERS\ndiswan.sys
      F99C3000 - \SystemRoot\System32\DRIVERS\raspppoe.sys
      F99D3000 - \SystemRoot\System32\DRIVERS\raspptp.sys
      F9BCB000 - \SystemRoot\System32\DRIVERS\TDI.SYS
      F8DDB000 - \SystemRoot\System32\DRIVERS\psched.sys
      F99E3000 - \SystemRoot\System32\DRIVERS\msgpc.sys
      F9BDB000 - \SystemRoot\System32\DRIVERS\ptilink.sys
      F9BEB000 - \SystemRoot\System32\DRIVERS\raspti.sys
      F9D3B000 - \SystemRoot\System32\DRIVERS\wandrv.sys
      F8DC2000 - \SystemRoot\System32\DRIVERS\PPPoEWin.SYS
      F99F3000 - \SystemRoot\System32\DRIVERS\termdd.sys
      F9D65000 - \SystemRoot\System32\DRIVERS\swenum.sys
      F8CEE000 - \SystemRoot\System32\DRIVERS\update.sys
      F9D43000 - \SystemRoot\System32\DRIVERS\mssmbios.sys
      F9C0B000 - \SystemRoot\System32\Drivers\mmc_2K.SYS
      F9A03000 - \SystemRoot\System32\Drivers\NDProxy.SYS
      F9C1B000 - \SystemRoot\System32\DRIVERS\flpydisk.sys
      F9A43000 - \SystemRoot\System32\DRIVERS\usbhub.sys
      F9D73000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
      F9F69000 - \SystemRoot\System32\Drivers\Null.SYS
      F9D77000 - \SystemRoot\System32\Drivers\Beep.SYS
      F9C43000 - \SystemRoot\System32\drivers\vga.sys
      F9D7B000 - \SystemRoot\System32\Drivers\mnmdd.SYS
      F9D7F000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
      F7C02000 - \SystemRoot\System32\Drivers\cdudf_xp.SYS
      F9C53000 - \SystemRoot\System32\Drivers\Msfs.SYS
      F9AFB000 - \SystemRoot\System32\Drivers\Npfs.SYS
      F7BBD000 - \SystemRoot\System32\Drivers\UdfReadr_xp.SYS
      F7B20000 - \SystemRoot\system32\DRIVERS\WlanBZXP.sys
      F9D03000 - \SystemRoot\System32\DRIVERS\rasacd.sys
      F7B0D000 - \SystemRoot\System32\DRIVERS\ipsec.sys
      F7AB5000 - \SystemRoot\System32\DRIVERS\tcpip.sys
      F9A53000 - \SystemRoot\System32\Drivers\aswTdi.SYS
      F7A94000 - \SystemRoot\System32\DRIVERS\ipnat.sys
      F9A63000 - \SystemRoot\System32\DRIVERS\wanarp.sys
      F7A6C000 - \SystemRoot\System32\DRIVERS\netbt.sys
      F7A4A000 - \SystemRoot\System32\drivers\afd.sys
      F9A73000 - \SystemRoot\System32\DRIVERS\netbios.sys
      F7A1F000 - \SystemRoot\System32\DRIVERS\rdbss.sys
      F7766000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys
      F9A93000 - \SystemRoot\system32\DRIVERS\LVUSBSta.sys
      F9AA3000 - \SystemRoot\System32\Drivers\Fips.SYS
      F767F000 - \SystemRoot\system32\DRIVERS\LV561AV.SYS
      F9AB3000 - \SystemRoot\system32\DRIVERS\STREAM.SYS
      F9B33000 - \SystemRoot\System32\Drivers\Aavmker4.SYS
      F7634000 - \SystemRoot\System32\Drivers\Fastfat.SYS
      F761C000 - \SystemRoot\System32\Drivers\dump_atapi.sys
      F9D95000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
      BF800000 - \SystemRoot\System32\win32k.sys
      F9CE7000 - \SystemRoot\System32\drivers\Dxapi.sys
      F9B5B000 - \SystemRoot\System32\watchdog.sys
      BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
      F9EF4000 - \SystemRoot\System32\drivers\dxgthk.sys
      BF9D5000 - \SystemRoot\System32\s3gnb.dll
      F45D3000 - \SystemRoot\System32\DRIVERS\ndisuio.sys
      F4395000 - \SystemRoot\System32\Drivers\aswMon2.SYS
      F4463000 - \SystemRoot\System32\Drivers\Cdfs.SYS
      F4060000 - \SystemRoot\system32\drivers\wdmaud.sys
      F40BD000 - \SystemRoot\system32\drivers\sysaudio.sys
      F4010000 - \SystemRoot\System32\DRIVERS\mrxdav.sys
      F9D69000 - \SystemRoot\System32\Drivers\ParVdm.SYS
      F41A1000 - \SystemRoot\System32\DRIVERS\cnxtdiag.sys
      F3D16000 - \SystemRoot\System32\DRIVERS\fallback.sys
      F3CFA000 - \SystemRoot\System32\DRIVERS\fsksnt.sys
      F3C72000 - \SystemRoot\System32\DRIVERS\k56nt.sys
      F3BA1000 - \SystemRoot\System32\DRIVERS\faxnt.sys
      F3F88000 - \SystemRoot\System32\DRIVERS\tonesnt.sys
      F3B00000 - \SystemRoot\System32\DRIVERS\v124nt.sys
      F3A0E000 - \SystemRoot\System32\DRIVERS\srv.sys
      F9B6B000 - \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys
      F9B8B000 - \SystemRoot\System32\Drivers\PCASp50.sys
      F3635000 - \SystemRoot\System32\Drivers\HTTP.sys
      F37C6000 - \SystemRoot\System32\Drivers\aswRdr.SYS
      F9E82000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

      Total number of drivers = 139

      Liste des programmes installes

      Adobe Flash Player 9 ActiveX
      Adobe Reader 7.0.9 - Français
      ArcSoft PhotoImpression
      avast! Antivirus
      Bloqueur de fenêtres pop-up (Windows Live Toolbar)
      Correctif pour Lecteur Windows Media 11 (KB939683)
      Correctif pour Windows XP (KB914440)
      Correctif Windows XP - KB834707
      Correctif Windows XP - KB867282
      Correctif Windows XP - KB873333
      Correctif Windows XP - KB873339
      Correctif Windows XP - KB885250
      Correctif Windows XP - KB885835
      Correctif Windows XP - KB885836
      Correctif Windows XP - KB886185
      Correctif Windows XP - KB887472
      Correctif Windows XP - KB887742
      Correctif Windows XP - KB888113
      Correctif Windows XP - KB888302
      Correctif Windows XP - KB890047
      Correctif Windows XP - KB890175
      Correctif Windows XP - KB890859
      Correctif Windows XP - KB890923
      Correctif Windows XP - KB891781
      Correctif Windows XP - KB893066
      Correctif Windows XP - KB893086
      Easy CD Creator 5 Basic
      EPSON Logiciel imprimante
      Friendly PPPoE v3.0.0.26
      HijackThis 2.0.2
      Hotfix for Windows Media Format 11 SDK (KB929399)
      Hotfix for Windows XP (KB915865)
      Hotfix for Windows XP (KB926239)
      Lecteur Windows Media 11
      Logiciel QuickCam de Logitech
      Logitech Desktop Messenger
      Microsoft Compression Client Pack 1.0 for Windows XP
      Microsoft Data Access Components KB870669
      Microsoft Internationalized Domain Names Mitigation APIs
      Microsoft National Language Support Downlevel APIs
      Microsoft Office 2000 CD-ROM 2
      Microsoft Office 2000 Premium
      Microsoft User-Mode Driver Framework Feature Pack 1.0
      Mise à jour de sécurité pour Lecteur Windows Media (KB911564)
      Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)
      Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)
      Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
      Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
      Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)
      Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)
      Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)
      Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)
      Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)
      Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)
      Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
      Mise à jour de sécurité pour Windows XP (KB883939)
      Mise à jour de sécurité pour Windows XP (KB890046)
      Mise à jour de sécurité pour Windows XP (KB893756)
      Mise à jour de sécurité pour Windows XP (KB896358)
      Mise à jour de sécurité pour Windows XP (KB896422)
      Mise à jour de sécurité pour Windows XP (KB896423)
      Mise à jour de sécurité pour Windows XP (KB896424)
      Mise à jour de sécurité pour Windows XP (KB896428)
      Mise à jour de sécurité pour Windows XP (KB896688)
      Mise à jour de sécurité pour Windows XP (KB899587)
      Mise à jour de sécurité pour Windows XP (KB899588)
      Mise à jour de sécurité pour Windows XP (KB899591)
      Mise à jour de sécurité pour Windows XP (KB900725)
      Mise à jour de sécurité pour Windows XP (KB901017)
      Mise à jour de sécurité pour Windows XP (KB901214)
      Mise à jour de sécurité pour Windows XP (KB902400)
      Mise à jour de sécurité pour Windows XP (KB903235)
      Mise à jour de sécurité pour Windows XP (KB904706)
      Mise à jour de sécurité pour Windows XP (KB905414)
      Mise à jour de sécurité pour Windows XP (KB905749)
      Mise à jour de sécurité pour Windows XP (KB905915)
      Mise à jour de sécurité pour Windows XP (KB908519)
      Mise à jour de sécurité pour Windows XP (KB911562)
      Mise à jour de sécurité pour Windows XP (KB911567)
      Mise à jour de sécurité pour Windows XP (KB911927)
      Mise à jour de sécurité pour Windows XP (KB912812)
      Mise à jour de sécurité pour Windows XP (KB912919)
      Mise à jour de sécurité pour Windows XP (KB913446)
      Mise à jour de sécurité pour Windows XP (KB913580)
      Mise à jour de sécurité pour Windows XP (KB914388)
      Mise à jour de sécurité pour Windows XP (KB914389)
      Mise à jour de sécurité pour Windows XP (KB916281)
      Mise à jour de sécurité pour Windows XP (KB917159)
      Mise à jour de sécurité pour Windows XP (KB917344)
      Mise à jour de sécurité pour Windows XP (KB917422)
      Mise à jour de sécurité pour Windows XP (KB917953)
      Mise à jour de sécurité pour Windows XP (KB918118)
      Mise à jour de sécurité pour Windows XP (KB918439)
      Mise à jour de sécurité pour Windows XP (KB918899)
      Mise à jour de sécurité pour Windows XP (KB919007)
      Mise à jour de sécurité pour Windows XP (KB920213)
      Mise à jour de sécurité pour Windows XP (KB920214)
      Mise à jour de sécurité pour Windows XP (KB920670)
      Mise à jour de sécurité pour Windows XP (KB920683)
      Mise à jour de sécurité pour Windows XP (KB920685)
      Mise à jour de sécurité pour Windows XP (KB921398)
      Mise à jour de sécurité pour Windows XP (KB921503)
      Mise à jour de sécurité pour Windows XP (KB921883)
      Mise à jour de sécurité pour Windows XP (KB922616)
      Mise à jour de sécurité pour Windows XP (KB922760)
      Mise à jour de sécurité pour Windows XP (KB922819)
      Mise à jour de sécurité pour Windows XP (KB923191)
      Mise à jour de sécurité pour Windows XP (KB923414)
      Mise à jour de sécurité pour Windows XP (KB923689)
      Mise à jour de sécurité pour Windows XP (KB923694)
      Mise à jour de sécurité pour Windows XP (KB923980)
      Mise à jour de sécurité pour Windows XP (KB924191)
      Mise à jour de sécurité pour Windows XP (KB924270)
      Mise à jour de sécurité pour Windows XP (KB924496)
      Mise à jour de sécurité pour Windows XP (KB924667)
      Mise à jour de sécurité pour Windows XP (KB925486)
      Mise à jour de sécurité pour Windows XP (KB925902)
      Mise à jour de sécurité pour Windows XP (KB926255)
      Mise à jour de sécurité pour Windows XP (KB926436)
      Mise à jour de sécurité pour Windows XP (KB927779)
      Mise à jour de sécurité pour Windows XP (KB927802)
      Mise à jour de sécurité pour Windows XP (KB928255)
      Mise à jour de sécurité pour Windows XP (KB928843)
      Mise à jour de sécurité pour Windows XP (KB929123)
      Mise à jour de sécurité pour Windows XP (KB930178)
      Mise à jour de sécurité pour Windows XP (KB931261)
      Mise à jour de sécurité pour Windows XP (KB931784)
      Mise à jour de sécurité pour Windows XP (KB932168)
      Mise à jour de sécurité pour Windows XP (KB935839)
      Mise à jour de sécurité pour Windows XP (KB935840)
      Mise à jour de sécurité pour Windows XP (KB936021)
      Mise à jour de sécurité pour Windows XP (KB938829)
      Mise à jour pour Windows XP (KB894391)
      Mise à jour pour Windows XP (KB896727)
      Mise à jour pour Windows XP (KB898461)
      Mise à jour pour Windows XP (KB904942)
      Mise à jour pour Windows XP (KB908531)
      Mise à jour pour Windows XP (KB910437)
      Mise à jour pour Windows XP (KB911280)
      Mise à jour pour Windows XP (KB916595)
      Mise à jour pour Windows XP (KB920872)
      Mise à jour pour Windows XP (KB922582)
      Mise à jour pour Windows XP (KB927891)
      Mise à jour pour Windows XP (KB929338)
      Mise à jour pour Windows XP (KB930916)
      Mise à jour pour Windows XP (KB931836)
      Mise à jour pour Windows XP (KB933360)
      Mise à jour pour Windows XP (KB938828)
      MSXML 4.0 SP2 (KB927978)
      MSXML 4.0 SP2 (KB936181)
      Neuf - Kit de connexion
      OneCare Advisor (Windows Live Toolbar)
      PCFriendly
      Programme de gestion Camera de Logitech®
      QuickTime
      QuickTime for Windows (32-bit)
      S3 Graphics Utilities
      Security Update for CAPICOM (KB931906)
      Security Update for CAPICOM (KB931906)
      Shockwave
      SoundMAXWDM
      Synaptics Pointing Device Driver
      Twister and Utilities
      USB MODEM Driver
      Viewpoint Media Player (Remove Only)
      WebFldrs XP
      WildTangent Web Driver
      Windows Genuine Advantage Notifications (KB905474)
      Windows Installer 3.1 (KB893803)
      Windows Installer 3.1 (KB893803)
      Windows Internet Explorer 7
      Windows Live Favorites pour Windows Live Toolbar
      Windows Live Messenger
      Windows Live Sign-in Assistant
      Windows Live Toolbar
      Windows Live Toolbar
      Windows Media Format 11 runtime
      Windows Media Format 11 runtime
      Windows Media Player 11
      Windows XP Service Pack 2
      WinZip
      XVID MPEG-4 CODEC



      Le volume dans le lecteur C n'a pas de nom.
      Le numéro de série du volume est 4857-861D

      Répertoire de C:\Program Files

      23/09/2007 23:20 <REP> .
      23/09/2007 23:20 <REP> ..
      30/03/2002 16:39 <REP> Adaptec
      18/01/2006 22:48 <REP> Adobe
      22/05/2007 22:19 <REP> Alwil Software
      21/11/2001 19:04 <REP> Analog Devices
      20/12/2002 20:50 <REP> ArcSoft
      09/09/2003 10:46 127 AUTORUN.INF
      05/09/2007 22:50 <REP> EPSON
      23/05/2007 17:19 <REP> Fichiers communs
      20/06/2003 16:57 556 057 flashplayer6installer.exe
      08/10/2004 11:35 <REP> Friendly Technologies
      08/09/2003 05:07 26 934 GNULICNS.TXT
      06/07/2006 19:22 <REP> Google
      31/08/2007 18:58 <REP> Internet Explorer
      01/10/2006 21:50 <REP> Java
      11/11/2006 23:05 <REP> Kikoo
      21/04/2007 15:25 <REP> Kit ADSL
      09/09/2003 13:35 19 344 LISEZMOI.TXT
      01/09/2007 15:38 <REP> Logitech
      16/09/2003 12:14 <REP> MANUAL
      12/02/2005 12:52 <REP> messenger
      10/05/2007 22:10 <REP> Microsoft CAPICOM 2.1.0.2
      08/03/2002 19:11 <REP> microsoft frontpage
      08/03/2002 19:12 <REP> Microsoft Office
      17/03/2007 23:12 <REP> Microsoft Picture It! PhotoPub
      06/01/2007 16:27 <REP> Microsoft Works
      07/11/2004 00:48 <REP> Movie Maker
      21/11/2001 18:27 <REP> MSN
      21/11/2001 18:27 <REP> MSN Gaming Zone
      02/02/2007 15:15 <REP> MSN Messenger
      22/03/2003 11:52 2 499 584 MsnMsgs.Msi
      20/11/2006 21:33 <REP> MSXML 4.0
      06/01/2007 17:05 <REP> NAV
      07/11/2004 00:17 <REP> NetMeeting
      20/04/2007 14:30 <REP> Neuf
      23/06/2003 21:15 <REP> Nullsoft
      22/12/2004 21:38 <REP> OfficeUpdate11
      21/08/2007 12:49 <REP> Outlook Express
      29/07/2006 12:08 <REP> PCFriendly
      25/08/2002 20:13 <REP> quickmov
      14/04/2005 23:23 <REP> QuickTime
      09/02/2003 23:58 <REP> Real
      21/11/2001 19:05 <REP> S3Inc
      21/11/2001 18:30 <REP> Services en ligne
      06/01/2007 17:05 <REP> SETUP
      21/11/2001 19:04 <REP> Staccato
      16/09/2003 12:11 <REP> SUPPORT
      21/11/2001 19:22 <REP> Synaptics
      09/08/2002 22:01 <REP> Telepix
      23/09/2007 23:20 <REP> Trend Micro
      03/01/2006 19:22 <REP> USB Driver-Express
      18/09/2006 22:36 <REP> Viewpoint
      02/03/2006 20:26 <REP> Virtools Web Player 3.0
      22/10/2006 21:50 <REP> Virtools Web Player 3.5
      06/01/2007 17:05 <REP> VIRUSDEF
      02/01/2005 18:11 <REP> WildTangent
      05/12/2006 19:53 <REP> Windows Live Favorites
      05/12/2006 19:53 <REP> Windows Live Toolbar
      19/01/2007 15:03 <REP> Windows Media Connect 2
      19/01/2007 15:03 <REP> Windows Media Player
      07/11/2004 00:16 <REP> Windows NT
      27/02/2003 21:32 <REP> WinZip
      21/11/2001 18:33 <REP> xerox
      21/11/2001 19:21 <REP> Your Application Name
      5 fichier(s) 3 102 046 octets
      60 Rép(s) 9 572 974 592 octets libres
      Le volume dans le lecteur C n'a pas de nom.
      Le numéro de série du volume est 4857-861D

      Répertoire de C:\Program Files\fichiers communs

      23/05/2007 17:19 <REP> .
      23/05/2007 17:19 <REP> ..
      04/11/2005 23:46 <REP> Adaptec Shared
      10/05/2007 20:25 <REP> Adobe
      21/11/2001 19:15 <REP> Designer
      14/05/2007 11:06 <REP> EPSON
      08/10/2004 11:35 <REP> FTL Shared
      08/10/2004 11:25 <REP> InstallShield
      01/09/2007 15:46 <REP> Logitech
      17/03/2007 23:12 <REP> Microsoft Shared
      21/11/2001 18:29 <REP> MSSoap
      01/06/2004 14:47 <REP> Nullsoft
      29/11/2006 00:10 <REP> Real
      09/01/2005 00:52 <REP> Roxio Shared
      10/05/2005 14:51 <REP> Services
      21/11/2001 18:20 <REP> SpeechEngines
      21/08/2007 12:49 <REP> System
      0 fichier(s) 0 octets
      17 Rép(s) 9 572 974 592 octets libres
      Le volume dans le lecteur C n'a pas de nom.
      Le numéro de série du volume est 4857-861D

      Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

      08/03/2002 19:03 <REP> .
      08/03/2002 19:03 <REP> ..
      18/05/2001 18:57 561 209 MSONSEXT.DLL
      03/06/1999 15:09 122 937 MSOWS409.DLL
      07/03/2001 10:00 127 033 MSOWS40c.DLL
      18/03/1999 07:37 593 977 RAGENT.DLL
      4 fichier(s) 1 405 156 octets
      2 Rép(s) 9 572 974 592 octets libres
      Le volume dans le lecteur C n'a pas de nom.
      Le numéro de série du volume est 4857-861D

      Répertoire de C:\

      24/05/2001 12:59 162 304 UNWISE.EXE
      1 fichier(s) 162 304 octets
      0 Rép(s) 9 572 974 592 octets libres




      c:\Documents and Settings\annesophie\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe
      c:\Documents and Settings\annesophie\Application Data\U3\temp\cleanup.exe
      c:\Documents and Settings\annesophie\Bureau\DiagHelp\catchme.exe
      c:\Documents and Settings\annesophie\Bureau\DiagHelp\diff.exe
      c:\Documents and Settings\annesophie\Bureau\DiagHelp\dumphive.exe
      c:\Documents and Settings\annesophie\Bureau\DiagHelp\FilesInfoCmd.exe
      c:\Documents and Settings\annesophie\Bureau\DiagHelp\find2.exe
      c:\Documents and Settings\annesophie\Bureau\DiagHelp\Fport.exe
      c:\Documents and Settings\annesophie\Bureau\DiagHelp\grep.exe
      c:\Documents and Settings\annesophie\Bureau\DiagHelp\KProcCheck.exe
      c:\Documents and Settings\annesophie\Bureau\DiagHelp\LFiles.exe
      c:\Documents and Settings\annesophie\Bureau\DiagHelp\LISTDLLS.exe
      c:\Documents and Settings\annesophie\Bureau\DiagHelp\md5sums.exe
      c:\Documents and Settings\annesophie\Bureau\DiagHelp\pslist.exe
      c:\Documents and Settings\annesophie\Bureau\DiagHelp\streams.exe
      c:\Documents and Settings\annesophie\Bureau\DiagHelp\swreg.exe
      c:\Documents and Settings\annesophie\Bureau\MSNFix\msnchk.exe
      c:\Documents and Settings\annesophie\Bureau\MSNFix\incl\MD5File.exe
      c:\Documents and Settings\annesophie\Bureau\MSNFix\incl\msnchk.exe
      c:\Documents and Settings\annesophie\Bureau\MSNFix\incl\Process.exe
      c:\Documents and Settings\annesophie\Bureau\MSNFix\incl\swreg.exe
      c:\Documents and Settings\annesophie\Bureau\MSNFix\incl\zip.exe
      c:\Documents and Settings\annesophie\Local Settings\Temp\ins1.tmp\LDMClient.exe
      c:\Documents and Settings\annesophie\Local Settings\Temp\ins2.tmp\LDMClient.exe
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\CDSTART.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\SYMSETUP.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\NAV\OMIGRATE.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\NAV\UPSWPLUG.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\NAV\EXTERNAL\COMMONFI\SYMSHARE\CFGWIZ.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\NAV\EXTERNAL\COMMONFI\SYMSHARE\DJSNETCN.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\NAV\EXTERNAL\COMMONFI\SYMSHARE\LRSEND.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\NAV\EXTERNAL\COMMONFI\SYMSHARE\SMNLNCH.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\NAV\EXTERNAL\COMMONFI\SYMSHARE\SSAUTORN.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\SETUP\ADBLCK\COMMON\SYMSHARE\ADBLCK\ADTRASH.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\SETUP\ASCORE\COMMON\SYMSHARE\ANTISPAM\ASOELNCH.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\SETUP\ASCORE\COMMON\SYMSHARE\ANTISPAM\RULEWIZ.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\SETUP\FIREWALL\APP\HNETWIZ.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\SETUP\ISCOMMON\APP\ALERTAST.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\SETUP\ISCOMMON\APP\ALESCAN.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\SETUP\ISCOMMON\APP\IAMSTATS.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\SETUP\ISCOMMON\APP\LOGEXPRT.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\SETUP\ISCOMMON\COMMON\SYMSHARE\ADBLCK\NSMDTR.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\SETUP\PCONTROL\APP\PCWIZ.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\SETUP\PCONTROL\APP\URLLSTCK.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\SETUP\PCONTROL\APP\URLUPDAT.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\SETUP\PRIVACY\APP\NISEMSVR.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\SETUP\SETUP\COMMON\SYMSHARE\ANTISPAM\EUDOHELP.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\SETUP\SYMLT\COMMON\SYMSHARE\CFGWIZ.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\SETUP\SYMLT\COMMON\SYMSHARE\SMNLNCH.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\SUPPORT\ALERULES\ALERULES.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\SUPPORT\CCCOMMON\CCCOMMON\COMMONFI\SYMSHARE\CCAPP.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\SUPPORT\CCCOMMON\CCCOMMON\COMMONFI\SYMSHARE\CCEVTMGR.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\SUPPORT\CCCOMMON\CCCOMMON\COMMONFI\SYMSHARE\CCLGVIEW.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\SUPPORT\CCCOMMON\CCCOMMON\COMMONFI\SYMSHARE\CCPWDSVC.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\SUPPORT\CCCOMMON\CCCOMMON\COMMONFI\SYMSHARE\CCSETMGR.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\SUPPORT\CCCOMMON\CCCOMMON\COMMONFI\SYMSHARE\NMAIN.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\SUPPORT\DCOM98\DCOM98.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\SUPPORT\FRE\FREMSI.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\SUPPORT\FRE\FREUPDT.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\SUPPORT\LIVEREG\LRSETUP.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\SUPPORT\LUPDATE\LUSETUP.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\SUPPORT\MEMSCAN\MEMSCAN.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\SUPPORT\MSI\INSTMSIA.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\SUPPORT\MSI\INSTMSIW.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\SUPPORT\NISTOOLS\ISRLRSTR.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\SUPPORT\PRESCAN\PRESCAN.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\SUPPORT\PROXY\CCPXYMSI\COMMON\SYMSHARE\CCPROXY.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\SUPPORT\SEVINST\SEVINST.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\SUPPORT\SYMLNCH\SYMLNCH.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\SUPPORT\SYMNET\SYMNET\COMMON\SYMSHARE\SNDINST.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\SUPPORT\SYMNET\SYMNET\COMMON\SYMSHARE\SNDSRVC.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\SUPPORT\SYMNET\SYMNET\COMMON\SYMSHARE\IDSDEFS\IDSCOLU.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temp\NIS\SUPPORT\SYMNET\SYMNET\COMMON\SYMSHARE\IDSDEFS\IDSLU.EXE
      c:\Documents and Settings\annesophie\Local Settings\Temporary Internet Files\Content.IE5\132WMIUS\pci_filerecovery[1].exe
      c:\Documents and Settings\annesophie\Local Settings\Temporary Internet Files\Content.IE5\2K0QWBX4\WinAntiSpyware2006FreeInstall_fr[1].exe
      c:\Documents and Settings\annesophie\Local Settings\Temporary Internet Files\Content.IE5\NICPLZKE\HJTInstall[1].exe
      c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
      c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
      c:\Documents and Settings\annesophie\Application Data\Adobe\Acrobat\Whapi\WHA Library.dll
      c:\Documents and Settings\annesophie\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
      c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

      ****** Fin du rapport DiagHelp
      0
  4. anneso
     
    j'ai fais la manip pour t'envoyer le fichier upload_me.zip, mais je ne sais pas si tu l' as reçu ?
    je passe à la suite de tes conseils avec DiagHelp.

    merci
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. !aur3n7
     
    Bonjour,

    Merci pour les fichiers, pas d'inquietude ils sont OK

    -- Télécharge SmitfraudFix http://siri.urz.free.fr/Fix/SmitfraudFix.exe de S!Ri, balltrap34 et moe31 -

    Double-clique sur SmitfraudFix.exe
    Selectionne l'option #1 - [b]Chercher[/b] en appuyant sur [b]1[/b] et press Entrée
    un texte va apparaitre, qui liste les fichiers infectés si présent.
    Sauvegarde ce rapport sur le bureau

    N'utilise pas les autres Options pour le moment.

    TéléchargeVundoFix.exe http://www.atribune.org/ccount/click.php?id=4 (Atribune) sur ton Bureau

    Double-clique VundoFix.exe afin de le lancer.
    Clique sur le bouton Scan for Vundo.
    Lorsque le scan est complété, clique sur le bouton Remove Vundo
    Une invite te demandera si tu veux supprimer les fichiers, clique YES
    Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
    Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK

    Redémarre l'ordinateur

    Poste le rapport situé dans C:\[b]vundofix.txt[/b] ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton "Scan for Vundo"

    Poste le rapport Vundofix, le rapport option 1 de Smitfraudfix dans ta prochaine réponse
    0
    1. anneso
       
      Alors voici tout d'abord le premier rapport de SmitFaudFix :

      SmitFraudFix v2.228

      Rapport fait à 22:29:06,42, 24/09/2007
      Executé à partir de C:\Documents and Settings\annesophie\Bureau\SmitfraudFix
      OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
      Le type du système de fichiers est NTFS
      Fix executé en mode normal

      »»»»»»»»»»»»»»»»»»»»»»»» Process

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
      C:\WINDOWS\NsUpdate.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe
      C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\WINDOWS\System32\cisvc.exe
      C:\Program Files\WinZip\WZQKPICK.EXE
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\cidaemon.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\cmd.exe

      »»»»»»»»»»»»»»»»»»»»»»»» hosts


      »»»»»»»»»»»»»»»»»»»»»»»» C:\


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\annesophie


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\annesophie\Application Data


      »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


      »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ANNESO~1\Favoris


      »»»»»»»»»»»»»»»»»»»»»»»» Bureau


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


      »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


      »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
      "Source"="About:Home"
      "SubscribedURL"="About:Home"
      "FriendlyName"="Ma page d'accueil"


      »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll


      »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      "AppInit_DLLs"=""


      »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "System"=""


      »»»»»»»»»»»»»»»»»»»»»»»» Rustock



      »»»»»»»»»»»»»»»»»»»»»»»» DNS

      Description: SAGEM Wi-Fi 11g USB adapter #2 - Miniport d'ordonnancement de paquets
      DNS Server Search Order: 192.168.1.1

      Description: SAGEM Wi-Fi 11g USB adapter #2 - Miniport d'ordonnancement de paquets
      DNS Server Search Order: 192.168.1.1

      HKLM\SYSTEM\CCS\Services\Tcpip\..\{5C06225B-693D-4F92-8AA8-50C8CCC5DB0D}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CCS\Services\Tcpip\..\{80125EF4-18B1-4283-9F1D-191513ACF19B}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{5C06225B-693D-4F92-8AA8-50C8CCC5DB0D}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{80125EF4-18B1-4283-9F1D-191513ACF19B}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{5C06225B-693D-4F92-8AA8-50C8CCC5DB0D}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{80125EF4-18B1-4283-9F1D-191513ACF19B}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


      »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


      »»»»»»»»»»»»»»»»»»»»»»»» Fin

      Puis voici le rapport de VundoFix :


      VundoFix V6.5.9

      Checking Java version...

      Java version is 1.5.0.2
      Old versions of java are exploitable and should be removed.

      Scan started at 22:35:13 24/09/2007

      Listing files found while scanning....

      C:\WINDOWS\system32\codlnihi.dll
      C:\windows\system32\ddcdedd.dll
      C:\WINDOWS\system32\ihinldoc.ini
      C:\windows\system32\jknmp.bak1
      C:\windows\system32\jknmp.bak2
      C:\windows\system32\jknmp.ini
      C:\windows\system32\jknmp.ini2
      C:\windows\system32\jknmp.tmp
      C:\windows\system32\pmnkj.dll
      C:\windows\system32\rqrrppn.dll

      Beginning removal...

      Attempting to delete C:\WINDOWS\system32\codlnihi.dll
      C:\WINDOWS\system32\codlnihi.dll Could not be deleted.

      Attempting to delete C:\windows\system32\ddcdedd.dll
      C:\windows\system32\ddcdedd.dll Has been deleted!

      Attempting to delete C:\WINDOWS\system32\ihinldoc.ini
      C:\WINDOWS\system32\ihinldoc.ini Has been deleted!

      Attempting to delete C:\windows\system32\jknmp.bak1
      C:\windows\system32\jknmp.bak1 Has been deleted!

      Attempting to delete C:\windows\system32\jknmp.bak2
      C:\windows\system32\jknmp.bak2 Has been deleted!

      Attempting to delete C:\windows\system32\jknmp.ini
      C:\windows\system32\jknmp.ini Has been deleted!

      Attempting to delete C:\windows\system32\jknmp.ini2
      C:\windows\system32\jknmp.ini2 Has been deleted!

      Attempting to delete C:\windows\system32\jknmp.tmp
      C:\windows\system32\jknmp.tmp Has been deleted!

      Attempting to delete C:\windows\system32\pmnkj.dll
      C:\windows\system32\pmnkj.dll Could not be deleted.

      Attempting to delete C:\windows\system32\rqrrppn.dll
      C:\windows\system32\rqrrppn.dll Could not be deleted.

      Performing Repairs to the registry.
      Done!

      Beginning removal...

      Attempting to delete C:\WINDOWS\system32\codlnihi.dll
      C:\WINDOWS\system32\codlnihi.dll Has been deleted!

      Attempting to delete C:\windows\system32\jknmp.ini
      C:\windows\system32\jknmp.ini Has been deleted!

      Attempting to delete C:\windows\system32\jknmp.ini2
      C:\windows\system32\jknmp.ini2 Has been deleted!

      Attempting to delete C:\windows\system32\pmnkj.dll
      C:\windows\system32\pmnkj.dll Could not be deleted.

      Attempting to delete C:\windows\system32\rqrrppn.dll
      C:\windows\system32\rqrrppn.dll Could not be deleted.

      Performing Repairs to the registry.
      Done!

      VundoFix V6.5.9

      Checking Java version...

      Java version is 1.5.0.2
      Old versions of java are exploitable and should be removed.

      Scan started at 22:52:06 24/09/2007

      Listing files found while scanning....

      C:\windows\system32\jknmp.ini
      C:\windows\system32\jknmp.tmp
      C:\windows\system32\pmnkj.dll
      C:\windows\system32\rqrrppn.dll

      Beginning removal...

      Attempting to delete C:\windows\system32\jknmp.ini
      C:\windows\system32\jknmp.ini Has been deleted!

      Attempting to delete C:\windows\system32\pmnkj.dll
      C:\windows\system32\pmnkj.dll Could not be deleted.

      Attempting to delete C:\windows\system32\rqrrppn.dll
      C:\windows\system32\rqrrppn.dll Could not be deleted.

      Performing Repairs to the registry.
      Done!

      Mais comme tu le vois deux fichiers n'ont pas été effacés, malgré 3 re démarrages.

      Je n'ai pas eu le temps de refaire un HiJackThis, car il faut que je retélécharge le programme qui ne fonctionnait la premiere fois que j'ai tenté de l'utiliser.

      Au fur et à mesure que j'utilise ces différents programmes, je peux les effacer ???

      Par contre, j'ai un soucis de temps en temps un message de Windows me disant qu'il y a un probleme avec la Runtime Library ???

      Encore merci de ton aide.

      Que dois-je faire maintenant ?

      AnneSo
      0
  7. anneso
     
    Ci-joint le rapport HiJackThis réalisé à l'instant :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:36:48, on 24/09/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\NsUpdate.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe
    C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\System32\cisvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.neuf.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL (file missing)
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    O4 - HKLM\..\Run: [NsUpdate] C:\WINDOWS\NsUpdate.exe UPDATE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
    O4 - HKCU\..\Run: [Configuration de la neuf Box] C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O9 - Extra button: Sites Perso - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
    O9 - Extra 'Tools' menuitem: Compaq France - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://asrabela.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
    O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - https://www.epson.eu/support/
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://asrabela.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
    O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://217.174.207.108/kits/direct/charmedirect.exe
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://support.norton.com/sp/en/us/home/current/info
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    0
  8. !
     
    Bonjour,

    Peux tu refaire ce log Hijackthis mais en le renommant avant

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe >> C:\Program Files\Trend Micro\HijackThis\anneso.exe

    Merci
    0
    1. anneso
       
      Voilà le nouveau log HiJackThis en ayant renommé le fichier avant :

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 13:01:46, on 25/09/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16512)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\System32\cisvc.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
      C:\WINDOWS\NsUpdate.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe
      C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Program Files\WinZip\WZQKPICK.EXE
      C:\WINDOWS\system32\cidaemon.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Trend Micro\HijackThis\anneso.exe
      C:\Program Files\Windows Live Toolbar\msn_sl.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/...
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.neuf.fr/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL (file missing)
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: (no name) - {9370EFDE-C0DA-42C9-B609-41C87B462011} - C:\WINDOWS\system32\rqrrppn.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O2 - BHO: (no name) - {D9955CF4-3C9F-44E7-86BA-64FB41E58BC3} - C:\WINDOWS\system32\pmnkj.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
      O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
      O4 - HKLM\..\Run: [NsUpdate] C:\WINDOWS\NsUpdate.exe UPDATE
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe"
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
      O4 - HKCU\..\Run: [Configuration de la neuf Box] C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
      O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O9 - Extra button: Sites Perso - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
      O9 - Extra 'Tools' menuitem: Compaq France - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://asrabela.spaces.live.com//PhotoUpload/MsnPUpld.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
      O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
      O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - https://www.epson.eu/support/
      O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://asrabela.spaces.live.com/PhotoUpload/MsnPUpld.cab
      O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
      O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://217.174.207.108/kits/direct/charmedirect.exe
      O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://support.norton.com/sp/en/us/home/current/info
      O20 - Winlogon Notify: rqrrppn - C:\WINDOWS\SYSTEM32\rqrrppn.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      0
  9. anneso
     
    Bonjour,
    je n'ai plus de nouvelle, plus d'aide et toujours autant de soucis.
    y a deux fichiers infectés que je ne parviens pas à éliminer.

    AU SECOURS !!!!

    anneso
    0
  10. clownface Messages postés 1490 Statut Membre 73
     
    Bonjour,

    as-tu finalement fait un scan antivirus ?? https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    postes le rapport
    0
    1. anneso
       
      Bonjour,

      voici le résultat du scan demandé :

      -------------------------------------------------------------------------------
      KASPERSKY ON-LINE SCANNER REPORT
      Thursday, September 27, 2007 5:40:06 PM
      Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
      Kaspersky On-line Scanner version : 5.0.83.0
      Dernière mise à jour de la base antivirus Kaspersky : 27/09/2007
      Enregistrements dans la base antivirus Kaspersky : 398323
      -------------------------------------------------------------------------------

      Paramètres d'analyse:
      Analyser avec la base antivirus suivante: standard
      Analyser les archives: vrai
      Analyser les bases de messagerie: vrai

      Cible de l'analyse - Poste de travail:
      A:\
      C:\
      D:\
      E:\

      Statistiques de l'analyse:
      Total d'objets analysés: 54559
      Nombre de virus trouvés: 1
      Nombre d'objets infectés: 1 / 0
      Nombre d'objets suspects: 0
      Durée de l'analyse: 02:27:31

      Nom de l'objet infecté / Nom du virus / Dernière action
      C:\check_LSA7.txt L'objet est verrouillé ignoré
      C:\Documents and Settings\annesophie\Cookies\index.dat L'objet est verrouillé ignoré
      C:\Documents and Settings\annesophie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
      C:\Documents and Settings\annesophie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
      C:\Documents and Settings\annesophie\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
      C:\Documents and Settings\annesophie\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré
      C:\Documents and Settings\annesophie\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
      C:\Documents and Settings\annesophie\NTUSER.DAT L'objet est verrouillé ignoré
      C:\Documents and Settings\annesophie\ntuser.dat.LOG L'objet est verrouillé ignoré
      C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
      C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
      C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
      C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
      C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
      C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
      C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
      C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
      C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
      C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
      C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
      C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré
      C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré
      C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int L'objet est verrouillé ignoré
      C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws L'objet est verrouillé ignoré
      C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log L'objet est verrouillé ignoré
      C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré
      C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt L'objet est verrouillé ignoré
      C:\System Volume Information\catalog.wci\00000002.ps1 L'objet est verrouillé ignoré
      C:\System Volume Information\catalog.wci\00000002.ps2 L'objet est verrouillé ignoré
      C:\System Volume Information\catalog.wci\00010007.ci L'objet est verrouillé ignoré
      C:\System Volume Information\catalog.wci\cicat.fid L'objet est verrouillé ignoré
      C:\System Volume Information\catalog.wci\cicat.hsh L'objet est verrouillé ignoré
      C:\System Volume Information\catalog.wci\CiCL0001.000 L'objet est verrouillé ignoré
      C:\System Volume Information\catalog.wci\CiP10000.000 L'objet est verrouillé ignoré
      C:\System Volume Information\catalog.wci\CiP20000.000 L'objet est verrouillé ignoré
      C:\System Volume Information\catalog.wci\CiPT0000.000 L'objet est verrouillé ignoré
      C:\System Volume Information\catalog.wci\CiSL0001.000 L'objet est verrouillé ignoré
      C:\System Volume Information\catalog.wci\CiSP0000.000 L'objet est verrouillé ignoré
      C:\System Volume Information\catalog.wci\CiST0000.000 L'objet est verrouillé ignoré
      C:\System Volume Information\catalog.wci\CiVP0000.000 L'objet est verrouillé ignoré
      C:\System Volume Information\catalog.wci\INDEX.000 L'objet est verrouillé ignoré
      C:\System Volume Information\catalog.wci\propstor.bk1 L'objet est verrouillé ignoré
      C:\System Volume Information\catalog.wci\propstor.bk2 L'objet est verrouillé ignoré
      C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
      C:\System Volume Information\_restore{F8DE3828-1C63-490C-9AE5-F33F8B193ED3}\RP415\A0216914.exe Infecté : Trojan-Spy.Win32.Agent.qj ignoré
      C:\System Volume Information\_restore{F8DE3828-1C63-490C-9AE5-F33F8B193ED3}\RP417\change.log L'objet est verrouillé ignoré
      C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
      C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
      C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
      C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
      C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
      C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
      C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré
      C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
      C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
      C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
      C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
      C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
      C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
      C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
      C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
      C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
      C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
      C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
      C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
      C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
      C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
      C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
      C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
      C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
      C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
      C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
      C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
      C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
      C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
      C:\WINDOWS\Temp\Perflib_Perfdata_6e0.dat L'objet est verrouillé ignoré
      C:\WINDOWS\Temp\_avast4_\Webshlock.txt L'objet est verrouillé ignoré
      C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
      C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
      C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré

      Analyse terminée.


      Et maintenant, je peux faire quoi ???

      merci d'avance

      anneso
      0
  11. clownface Messages postés 1490 Statut Membre 73
     
    fais un scan avec a squared
    supprimes tout ce qu'il trouve
    et refais un log hijack
    0
    1. anneso
       
      Ok, voili, voilou, j'ai fait tout ce que tu m'as dit et voici le résultat du dernier HiJackThis :

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 22:38:25, on 27/09/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16512)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\System32\cisvc.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\cidaemon.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
      C:\WINDOWS\NsUpdate.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe
      C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\WinZip\WZQKPICK.EXE
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
      C:\Program Files\a-squared Free\a2service.exe
      C:\Program Files\Trend Micro\HijackThis\anneso.exe

      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.neuf.fr/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL (file missing)
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: (no name) - {9370EFDE-C0DA-42C9-B609-41C87B462011} - C:\WINDOWS\system32\rqrrppn.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O2 - BHO: (no name) - {CA2A9509-05B7-499C-866B-FE83E7F7E4BA} - C:\WINDOWS\system32\pmnkj.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
      O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
      O4 - HKLM\..\Run: [NsUpdate] C:\WINDOWS\NsUpdate.exe UPDATE
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe"
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
      O4 - HKCU\..\Run: [Configuration de la neuf Box] C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
      O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O9 - Extra button: Sites Perso - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
      O9 - Extra 'Tools' menuitem: Compaq France - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://asrabela.spaces.live.com//PhotoUpload/MsnPUpld.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
      O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
      O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - https://www.epson.eu/support/
      O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://asrabela.spaces.live.com/PhotoUpload/MsnPUpld.cab
      O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
      O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://217.174.207.108/kits/direct/charmedirect.exe
      O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://support.norton.com/sp/en/us/home/current/info
      O20 - Winlogon Notify: rqrrppn - C:\WINDOWS\SYSTEM32\rqrrppn.dll
      O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      0
  12. clownface Messages postés 1490 Statut Membre 73
     
    ok,

    coches et fixes ces lignes avec hijack

    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/
    O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://217.174.207.108/kits/direct/charmedirect.exe

    et celle là si tu ne la connais pas :

    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://asrabela.spaces.live.com/PhotoUpload/MsnPUpld.cab

    ensuite fais ces manip : supprimer le trojan vundo virtumonde
    et postes les rapports
    0
    1. anneso
       
      Salut,

      bon alors j'ai fait tout ce que tu m'as indiqué et j'ai du éxécuter les trois programmes pour éradiquer le vundo ; je crois que tout est bon maintenant.

      je te poste à la suite les trois rapports de Vundofix, VirtuMundo et Combofix ainsi que le dernier log HiJackThis ; dis moi ce que tu penses de tout ça. et si il y a un ultime nettoyage à faire, avec quel programme ???

      merci encore par avance


      VundoFix V6.5.9

      Checking Java version...

      Java version is 1.5.0.2
      Old versions of java are exploitable and should be removed.

      Scan started at 22:35:13 24/09/2007

      Listing files found while scanning....

      C:\WINDOWS\system32\codlnihi.dll
      C:\windows\system32\ddcdedd.dll
      C:\WINDOWS\system32\ihinldoc.ini
      C:\windows\system32\jknmp.bak1
      C:\windows\system32\jknmp.bak2
      C:\windows\system32\jknmp.ini
      C:\windows\system32\jknmp.ini2
      C:\windows\system32\jknmp.tmp
      C:\windows\system32\pmnkj.dll
      C:\windows\system32\rqrrppn.dll

      Beginning removal...

      Attempting to delete C:\WINDOWS\system32\codlnihi.dll
      C:\WINDOWS\system32\codlnihi.dll Could not be deleted.

      Attempting to delete C:\windows\system32\ddcdedd.dll
      C:\windows\system32\ddcdedd.dll Has been deleted!

      Attempting to delete C:\WINDOWS\system32\ihinldoc.ini
      C:\WINDOWS\system32\ihinldoc.ini Has been deleted!

      Attempting to delete C:\windows\system32\jknmp.bak1
      C:\windows\system32\jknmp.bak1 Has been deleted!

      Attempting to delete C:\windows\system32\jknmp.bak2
      C:\windows\system32\jknmp.bak2 Has been deleted!

      Attempting to delete C:\windows\system32\jknmp.ini
      C:\windows\system32\jknmp.ini Has been deleted!

      Attempting to delete C:\windows\system32\jknmp.ini2
      C:\windows\system32\jknmp.ini2 Has been deleted!

      Attempting to delete C:\windows\system32\jknmp.tmp
      C:\windows\system32\jknmp.tmp Has been deleted!

      Attempting to delete C:\windows\system32\pmnkj.dll
      C:\windows\system32\pmnkj.dll Could not be deleted.

      Attempting to delete C:\windows\system32\rqrrppn.dll
      C:\windows\system32\rqrrppn.dll Could not be deleted.

      Performing Repairs to the registry.
      Done!

      Beginning removal...

      Attempting to delete C:\WINDOWS\system32\codlnihi.dll
      C:\WINDOWS\system32\codlnihi.dll Has been deleted!

      Attempting to delete C:\windows\system32\jknmp.ini
      C:\windows\system32\jknmp.ini Has been deleted!

      Attempting to delete C:\windows\system32\jknmp.ini2
      C:\windows\system32\jknmp.ini2 Has been deleted!

      Attempting to delete C:\windows\system32\pmnkj.dll
      C:\windows\system32\pmnkj.dll Could not be deleted.

      Attempting to delete C:\windows\system32\rqrrppn.dll
      C:\windows\system32\rqrrppn.dll Could not be deleted.

      Performing Repairs to the registry.
      Done!

      VundoFix V6.5.9

      Checking Java version...

      Java version is 1.5.0.2
      Old versions of java are exploitable and should be removed.

      Scan started at 22:52:06 24/09/2007

      Listing files found while scanning....

      C:\windows\system32\jknmp.ini
      C:\windows\system32\jknmp.tmp
      C:\windows\system32\pmnkj.dll
      C:\windows\system32\rqrrppn.dll

      Beginning removal...

      Attempting to delete C:\windows\system32\jknmp.ini
      C:\windows\system32\jknmp.ini Has been deleted!

      Attempting to delete C:\windows\system32\pmnkj.dll
      C:\windows\system32\pmnkj.dll Could not be deleted.

      Attempting to delete C:\windows\system32\rqrrppn.dll
      C:\windows\system32\rqrrppn.dll Could not be deleted.

      Performing Repairs to the registry.
      Done!

      Beginning removal...

      Attempting to delete C:\windows\system32\jknmp.ini
      C:\windows\system32\jknmp.ini Has been deleted!

      Attempting to delete C:\windows\system32\pmnkj.dll
      C:\windows\system32\pmnkj.dll Could not be deleted.

      Attempting to delete C:\windows\system32\rqrrppn.dll
      C:\windows\system32\rqrrppn.dll Could not be deleted.

      Performing Repairs to the registry.
      Done!

      VundoFix V6.5.9

      Checking Java version...

      Java version is 1.5.0.2
      Old versions of java are exploitable and should be removed.

      Scan started at 23:47:47 24/09/2007

      Listing files found while scanning....

      C:\windows\system32\jknmp.ini
      C:\windows\system32\jknmp.tmp
      C:\windows\system32\pmnkj.dll
      C:\windows\system32\rqrrppn.dll

      Beginning removal...

      Attempting to delete C:\windows\system32\jknmp.ini
      C:\windows\system32\jknmp.ini Has been deleted!

      Attempting to delete C:\windows\system32\pmnkj.dll
      C:\windows\system32\pmnkj.dll Could not be deleted.

      Attempting to delete C:\windows\system32\rqrrppn.dll
      C:\windows\system32\rqrrppn.dll Could not be deleted.

      Performing Repairs to the registry.
      Done!

      VundoFix V6.5.9

      Checking Java version...

      Java version is 1.5.0.2
      Old versions of java are exploitable and should be removed.

      Scan started at 22:32:26 25/09/2007

      Listing files found while scanning....

      C:\WINDOWS\system32\hgkalixn.dll
      C:\windows\system32\jknmp.bak2
      C:\windows\system32\jknmp.ini
      C:\windows\system32\jknmp.tmp
      C:\WINDOWS\system32\nxilakgh.ini
      C:\windows\system32\pmnkj.dll
      C:\windows\system32\rqrrppn.dll

      Beginning removal...

      Attempting to delete C:\WINDOWS\system32\hgkalixn.dll
      C:\WINDOWS\system32\hgkalixn.dll Could not be deleted.

      Attempting to delete C:\windows\system32\jknmp.bak2
      C:\windows\system32\jknmp.bak2 Has been deleted!

      Attempting to delete C:\windows\system32\jknmp.ini
      C:\windows\system32\jknmp.ini Has been deleted!

      Attempting to delete C:\WINDOWS\system32\nxilakgh.ini
      C:\WINDOWS\system32\nxilakgh.ini Has been deleted!

      Attempting to delete C:\windows\system32\pmnkj.dll
      C:\windows\system32\pmnkj.dll Could not be deleted.

      Attempting to delete C:\windows\system32\rqrrppn.dll
      C:\windows\system32\rqrrppn.dll Could not be deleted.

      Performing Repairs to the registry.
      Done!

      Beginning removal...

      Attempting to delete C:\WINDOWS\system32\hgkalixn.dll
      C:\WINDOWS\system32\hgkalixn.dll Has been deleted!

      Attempting to delete C:\windows\system32\jknmp.ini
      C:\windows\system32\jknmp.ini Has been deleted!

      Attempting to delete C:\windows\system32\pmnkj.dll
      C:\windows\system32\pmnkj.dll Could not be deleted.

      Attempting to delete C:\windows\system32\rqrrppn.dll
      C:\windows\system32\rqrrppn.dll Could not be deleted.

      Performing Repairs to the registry.
      Done!

      VundoFix V6.5.9

      Checking Java version...

      Java version is 1.5.0.2
      Old versions of java are exploitable and should be removed.

      Scan started at 11:50:49 27/09/2007

      Listing files found while scanning....

      C:\WINDOWS\system32\aacrabiu.dll
      C:\windows\system32\jknmp.bak2
      C:\windows\system32\jknmp.ini
      C:\windows\system32\pmnkj.dll
      C:\windows\system32\rqrrppn.dll
      C:\WINDOWS\system32\uibarcaa.ini

      Beginning removal...

      Attempting to delete C:\WINDOWS\system32\aacrabiu.dll
      C:\WINDOWS\system32\aacrabiu.dll Has been deleted!

      Attempting to delete C:\windows\system32\jknmp.bak2
      C:\windows\system32\jknmp.bak2 Has been deleted!

      Attempting to delete C:\windows\system32\jknmp.ini
      C:\windows\system32\jknmp.ini Has been deleted!

      Attempting to delete C:\windows\system32\pmnkj.dll
      C:\windows\system32\pmnkj.dll Could not be deleted.

      Attempting to delete C:\windows\system32\rqrrppn.dll
      C:\windows\system32\rqrrppn.dll Could not be deleted.

      Attempting to delete C:\WINDOWS\system32\uibarcaa.ini
      C:\WINDOWS\system32\uibarcaa.ini Has been deleted!

      Performing Repairs to the registry.
      Done!

      Beginning removal...

      Attempting to delete C:\windows\system32\jknmp.ini
      C:\windows\system32\jknmp.ini Has been deleted!

      Attempting to delete C:\windows\system32\pmnkj.dll
      C:\windows\system32\pmnkj.dll Could not be deleted.

      Attempting to delete C:\windows\system32\rqrrppn.dll
      C:\windows\system32\rqrrppn.dll Could not be deleted.

      Performing Repairs to the registry.
      Done!

      VundoFix V6.5.9

      Checking Java version...

      Java version is 1.5.0.2
      Old versions of java are exploitable and should be removed.

      Scan started at 12:17:55 27/09/2007

      Listing files found while scanning....

      C:\windows\system32\jknmp.ini
      C:\windows\system32\pmnkj.dll
      C:\windows\system32\rqrrppn.dll

      Beginning removal...

      Attempting to delete C:\windows\system32\jknmp.ini
      C:\windows\system32\jknmp.ini Has been deleted!

      Attempting to delete C:\windows\system32\pmnkj.dll
      C:\windows\system32\pmnkj.dll Could not be deleted.

      Attempting to delete C:\windows\system32\rqrrppn.dll
      C:\windows\system32\rqrrppn.dll Could not be deleted.

      Performing Repairs to the registry.
      Done!

      Beginning removal...

      Attempting to delete C:\windows\system32\jknmp.ini
      C:\windows\system32\jknmp.ini Has been deleted!

      Attempting to delete C:\windows\system32\pmnkj.dll
      C:\windows\system32\pmnkj.dll Could not be deleted.

      Attempting to delete C:\windows\system32\rqrrppn.dll
      C:\windows\system32\rqrrppn.dll Could not be deleted.

      Performing Repairs to the registry.
      Done!

      VundoFix V6.5.9

      Checking Java version...

      Java version is 1.5.0.2
      Old versions of java are exploitable and should be removed.

      Scan started at 14:27:49 27/09/2007

      Listing files found while scanning....

      C:\windows\system32\jknmp.ini
      C:\windows\system32\pmnkj.dll
      C:\windows\system32\rqrrppn.dll

      VundoFix V6.5.9

      Checking Java version...

      Java version is 1.5.0.2
      Old versions of java are exploitable and should be removed.

      Scan started at 23:15:22 27/09/2007

      Listing files found while scanning....

      C:\windows\system32\jknmp.ini
      C:\windows\system32\jknmp.ini2
      C:\windows\system32\jknmp.tmp
      C:\windows\system32\pmnkj.dll
      C:\windows\system32\rqrrppn.dll

      Beginning removal...

      Attempting to delete C:\windows\system32\jknmp.ini
      C:\windows\system32\jknmp.ini Has been deleted!

      Attempting to delete C:\windows\system32\jknmp.ini2
      C:\windows\system32\jknmp.ini2 Has been deleted!

      Attempting to delete C:\windows\system32\jknmp.tmp
      C:\windows\system32\jknmp.tmp Has been deleted!

      Attempting to delete C:\windows\system32\pmnkj.dll
      C:\windows\system32\pmnkj.dll Could not be deleted.

      Attempting to delete C:\windows\system32\rqrrppn.dll
      C:\windows\system32\rqrrppn.dll Could not be deleted.

      Performing Repairs to the registry.
      Done!

      VundoFix V6.5.9

      Checking Java version...

      Java version is 1.5.0.2
      Old versions of java are exploitable and should be removed.

      Scan started at 14:01:01 28/09/2007

      Listing files found while scanning....

      C:\WINDOWS\system32\akxjtwpc.ini
      C:\WINDOWS\system32\cpwtjxka.dll
      C:\windows\system32\jknmp.bak2
      C:\windows\system32\jknmp.ini
      C:\windows\system32\jknmp.ini2
      C:\windows\system32\pmnkj.dll
      C:\windows\system32\rqrrppn.dll

      Beginning removal...

      Attempting to delete C:\WINDOWS\system32\akxjtwpc.ini
      C:\WINDOWS\system32\akxjtwpc.ini Has been deleted!

      Attempting to delete C:\WINDOWS\system32\cpwtjxka.dll
      C:\WINDOWS\system32\cpwtjxka.dll Has been deleted!

      Attempting to delete C:\windows\system32\jknmp.bak2
      C:\windows\system32\jknmp.bak2 Has been deleted!

      Attempting to delete C:\windows\system32\jknmp.ini
      C:\windows\system32\jknmp.ini Has been deleted!

      Attempting to delete C:\windows\system32\jknmp.ini2
      C:\windows\system32\jknmp.ini2 Has been deleted!

      Attempting to delete C:\windows\system32\pmnkj.dll
      C:\windows\system32\pmnkj.dll Could not be deleted.

      Attempting to delete C:\windows\system32\rqrrppn.dll
      C:\windows\system32\rqrrppn.dll Could not be deleted.

      Performing Repairs to the registry.
      Done!

      Beginning removal...

      Attempting to delete C:\windows\system32\jknmp.ini
      C:\windows\system32\jknmp.ini Has been deleted!

      Attempting to delete C:\windows\system32\pmnkj.dll
      C:\windows\system32\pmnkj.dll Could not be deleted.

      Attempting to delete C:\windows\system32\rqrrppn.dll
      C:\windows\system32\rqrrppn.dll Could not be deleted.

      Performing Repairs to the registry.
      Done!


      [09/28/2007, 14:33:42] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\annesophie\Bureau\VirtumundoBeGone.exe" )
      [09/28/2007, 14:34:00] - Detected System Information:
      [09/28/2007, 14:34:00] - Windows Version: 5.1.2600, Service Pack 2
      [09/28/2007, 14:34:01] - Current Username: annesophie (Admin)
      [09/28/2007, 14:34:01] - Windows is in NORMAL mode.
      [09/28/2007, 14:34:01] - Searching for Browser Helper Objects:
      [09/28/2007, 14:34:01] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
      [09/28/2007, 14:34:01] - BHO 2: {7935DC4B-3407-468B-98A8-B0CCCF623740} ()
      [09/28/2007, 14:34:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [09/28/2007, 14:34:01] - Checking for HKLM\...\Winlogon\Notify\pmnkj
      [09/28/2007, 14:34:01] - Key not found: HKLM\...\Winlogon\Notify\pmnkj, continuing.
      [09/28/2007, 14:34:01] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
      [09/28/2007, 14:34:01] - BHO 4: {9370EFDE-C0DA-42C9-B609-41C87B462011} ()
      [09/28/2007, 14:34:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [09/28/2007, 14:34:01] - Checking for HKLM\...\Winlogon\Notify\rqrrppn
      [09/28/2007, 14:34:01] - Found: HKLM\...\Winlogon\Notify\rqrrppn - This is probably Virtumundo.
      [09/28/2007, 14:34:01] - Assigning {9370EFDE-C0DA-42C9-B609-41C87B462011} MSEvents Object
      [09/28/2007, 14:34:01] - BHO list has been changed! Starting over...
      [09/28/2007, 14:34:01] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
      [09/28/2007, 14:34:01] - BHO 2: {7935DC4B-3407-468B-98A8-B0CCCF623740} ()
      [09/28/2007, 14:34:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [09/28/2007, 14:34:01] - Checking for HKLM\...\Winlogon\Notify\pmnkj
      [09/28/2007, 14:34:01] - Key not found: HKLM\...\Winlogon\Notify\pmnkj, continuing.
      [09/28/2007, 14:34:02] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
      [09/28/2007, 14:34:02] - BHO 4: {9370EFDE-C0DA-42C9-B609-41C87B462011} (MSEvents Object)
      [09/28/2007, 14:34:02] - ALERT: Found MSEvents Object!
      [09/28/2007, 14:34:02] - BHO 5: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
      [09/28/2007, 14:34:02] - Finished Searching Browser Helper Objects
      [09/28/2007, 14:34:02] - *** Detected MSEvents Object
      [09/28/2007, 14:34:02] - Trying to remove MSEvents Object...
      [09/28/2007, 14:34:03] - Terminating Process: IEXPLORE.EXE
      [09/28/2007, 14:34:04] - Terminating Process: RUNDLL32.EXE
      [09/28/2007, 14:34:04] - Disabling Automatic Shell Restart
      [09/28/2007, 14:34:04] - Terminating Process: EXPLORER.EXE
      [09/28/2007, 14:34:05] - Suspending the NT Session Manager System Service
      [09/28/2007, 14:34:05] - Terminating Windows NT Logon/Logoff Manager
      [09/28/2007, 14:34:06] - Re-enabling Automatic Shell Restart
      [09/28/2007, 14:34:06] - File to disable: C:\WINDOWS\system32\rqrrppn.dll
      [09/28/2007, 14:34:06] - Renaming C:\WINDOWS\system32\rqrrppn.dll -> C:\WINDOWS\system32\rqrrppn.dll.vir
      [09/28/2007, 14:34:06] - File successfully renamed!
      [09/28/2007, 14:34:07] - Removing HKLM\...\Browser Helper Objects\{9370EFDE-C0DA-42C9-B609-41C87B462011}
      [09/28/2007, 14:34:07] - Removing HKCR\CLSID\{9370EFDE-C0DA-42C9-B609-41C87B462011}
      [09/28/2007, 14:34:07] - Adding Kill Bit for ActiveX for GUID: {9370EFDE-C0DA-42C9-B609-41C87B462011}
      [09/28/2007, 14:34:08] - Deleting ATLEvents/MSEvents Registry entries
      [09/28/2007, 14:34:08] - Removing HKLM\...\Winlogon\Notify\rqrrppn
      [09/28/2007, 14:34:08] - Searching for Browser Helper Objects:
      [09/28/2007, 14:34:08] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
      [09/28/2007, 14:34:08] - BHO 2: {7935DC4B-3407-468B-98A8-B0CCCF623740} ()
      [09/28/2007, 14:34:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [09/28/2007, 14:34:08] - Checking for HKLM\...\Winlogon\Notify\pmnkj
      [09/28/2007, 14:34:08] - Key not found: HKLM\...\Winlogon\Notify\pmnkj, continuing.
      [09/28/2007, 14:34:09] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
      [09/28/2007, 14:34:09] - BHO 4: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
      [09/28/2007, 14:34:09] - Finished Searching Browser Helper Objects
      [09/28/2007, 14:34:09] - Finishing up...
      [09/28/2007, 14:34:09] - A restart is needed.
      [09/28/2007, 14:34:28] - Attempting to Restart via STOP error (Blue Screen!)



      ComboFix 07-09-21.2 - "annesophie" 2007-09-28 14:47:55.1 - NTFSx86 MINIMAL
      Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.124 [GMT 2:00]
      .

      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\check_LSA7.txt
      C:\Program Files\autorun.inf
      C:\WINDOWS\cookies.ini
      C:\WINDOWS\system32\jknmp.ini
      C:\WINDOWS\system32\pmnkj.dll
      C:\WINDOWS\system32\rdneyddt.ini
      C:\WINDOWS\system32\tddyendr.dll

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


      -------\poof


      ((((((((((((((((((((((((( Files Created from 2007-08-28 to 2007-09-28 )))))))))))))))))))))))))))))))
      .

      2007-09-28 14:46 51,200 --a------ C:\WINDOWS\NirCmd.exe
      2007-09-27 19:42 <REP> d-------- C:\Program Files\a-squared Free
      2007-09-27 19:12 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
      2007-09-27 19:12 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
      2007-09-27 19:12 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
      2007-09-27 14:51 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
      2007-09-27 11:18 <REP> d-------- C:\Program Files\Navilog1
      2007-09-24 22:35 <REP> d----c--- C:\VundoFix Backups
      2007-09-24 22:30 2,840 --a------ C:\WINDOWS\system32\tmp.reg
      2007-09-24 21:53 85,056 --a------ C:\WINDOWS\system32\fkyitpfc.dll
      2007-09-24 21:38 85,056 --a------ C:\WINDOWS\system32\grdiinhw.dll
      2007-09-24 21:14 85,056 --a------ C:\WINDOWS\system32\vfarmoms.dll
      2007-09-24 18:10 85,056 --a------ C:\WINDOWS\system32\ofuomdfv.dll
      2007-09-24 17:46 85,056 --a------ C:\WINDOWS\system32\pmwjacbh.dll
      2007-09-24 17:07 85,056 --a------ C:\WINDOWS\system32\pnjxeqsq.dll
      2007-09-23 23:34 <REP> d-------- C:\WINDOWS\BDOSCAN8
      2007-09-23 23:20 <REP> d-------- C:\Program Files\Trend Micro
      2007-09-21 20:01 87,616 --a------ C:\WINDOWS\system32\dchnstoa.dll
      2007-09-21 19:50 87,616 --a------ C:\WINDOWS\system32\hoxenoaj.dll
      2007-09-18 08:40 44,054 --a------ C:\WINDOWS\system32\rqrrppn.dll.vir
      2007-09-05 22:50 <REP> d-------- C:\Program Files\EPSON

      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2007-09-27 23:13 --------- d-------- C:\Program Files\Virtools Web Player 3.5
      2007-09-24 16:57 --------- d-------- C:\Program Files\Fichiers communs\Logitech
      2007-09-24 12:53 --------- d-------- C:\Program Files\Logitech
      2007-09-06 12:05 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
      2007-09-06 12:05 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
      2007-09-06 12:03 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
      2007-09-06 12:02 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
      2007-09-06 12:00 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
      2003-09-09 13:35 19344 -ra------ C:\Program Files\LISEZMOI.TXT
      2003-09-08 05:07 26934 -ra------ C:\Program Files\GNULICNS.TXT
      2003-06-20 16:57 556057 --a--c--- C:\Program Files\flashplayer6installer.exe
      2003-03-22 11:52 2499584 --a--c--- C:\Program Files\MsnMsgs.Msi
      .

      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .

      *Note* empty entries & legit default entries are not shown

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2006-05-19 15:52]
      "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 15:51]
      "srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 23:34]
      "AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2005-11-04 23:45]
      "NsUpdate"="C:\WINDOWS\NsUpdate.exe" [2003-09-04 18:47]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-06-01 14:49]
      "%FP%Friendly fts.exe"="C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe" [2003-05-06 09:28]
      "Autoconfigurateur WiFi Neuf"="C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2007-02-14 13:06]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09]
      "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:55]
      "ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" []
      "Configuration de la neuf Box"="C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe" []

      C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\
      Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
      Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 11:15:56]
      WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2002-04-20 10:03:53]

      R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
      R1 pwd_2K;pwd_2K;C:\WINDOWS\system32\drivers\pwd_2K.sys
      R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
      R3 eaps2kbd;Compaq Easy Access Internet Keyboard (Win2K);C:\WINDOWS\system32\DRIVERS\eaps2kbd.sys
      R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
      R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys
      R3 PPPoEWin;PPPoEWin Miniport;C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS
      S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
      S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys
      S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys


      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{293e4840-a5c6-11d9-94f5-5050506f4531}]
      AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\Recycled\deskinf.pif

      .
      Contents of the 'Scheduled Tasks' folder
      "2007-09-28 12:28:09 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
      .
      **************************************************************************

      catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2007-09-28 15:03:56
      Windows 5.1.2600 Service Pack 2 NTFS

      scanning hidden processes ...

      scanning hidden autostart entries ...

      HKCU\Software\Microsoft\Windows\CurrentVersion\Run
      ALUAlert = C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************
      .
      Completion time: 2007-09-28 15:07:32 - machine was rebooted
      C:\ComboFix-quarantined-files.txt ... 2007-09-28 15:07
      .
      --- E O F ---



      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 15:09:11, on 28/09/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16512)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\a-squared Free\a2service.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
      C:\WINDOWS\NsUpdate.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe
      C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      C:\Program Files\WinZip\WZQKPICK.EXE
      C:\Program Files\Trend Micro\HijackThis\asj.exe

      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.neuf.fr/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL (file missing)
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
      O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
      O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
      O4 - HKLM\..\Run: [NsUpdate] C:\WINDOWS\NsUpdate.exe UPDATE
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe"
      O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
      O4 - HKCU\..\Run: [Configuration de la neuf Box] C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
      O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O9 - Extra button: Sites Perso - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
      O9 - Extra 'Tools' menuitem: Compaq France - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://asrabela.spaces.live.com//PhotoUpload/MsnPUpld.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
      O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
      O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - https://www.epson.eu/support/
      O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://asrabela.spaces.live.com/PhotoUpload/MsnPUpld.cab
      O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://support.norton.com/sp/en/us/home/current/info
      O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      0
  13. clownface Messages postés 1490 Statut Membre 73
     
    Bonsoir,

    coches et fixes ces lignes :

    C:\WINDOWS\NsUpdate.exe
    O4 - HKLM\..\Run: [NsUpdate] C:\WINDOWS\NsUpdate.exe UPDATE
    O9 - Extra button: Sites Perso - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
    O9 - Extra 'Tools' menuitem: Compaq France - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    redemarre en mode "sans echec "
    vas dans c:\windows et supprimes le fichier NsUpdate.exe

    redemarre en mode normal et re poste un hijack
    0
    1. anneso
       
      Bonsoir,

      voici mon dernier HiJackThis.

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 21:32:40, on 28/09/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16512)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe
      C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      C:\Program Files\WinZip\WZQKPICK.EXE
      C:\Program Files\a-squared Free\a2service.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\setup\avast.setup
      C:\Program Files\Trend Micro\HijackThis\asj.exe

      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.neuf.fr/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL (file missing)
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
      O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
      O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe"
      O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
      O4 - HKCU\..\Run: [Configuration de la neuf Box] C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
      O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://asrabela.spaces.live.com//PhotoUpload/MsnPUpld.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
      O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
      O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - https://www.epson.eu/support/
      O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://asrabela.spaces.live.com/PhotoUpload/MsnPUpld.cab
      O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://support.norton.com/sp/en/us/home/current/info
      O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      0
  14. clownface Messages postés 1490 Statut Membre 73
     
    as-tu supprimé le fichier NsUpdate.exe ?
    ça a l'air d'aller beaucoup mieux..
    refais un vundofix pour voir
    0
    1. anneso
       
      Oui j'ai effacé le fichier NsUpdate.exe.
      Le vundofix ne détecte plus aucun fichier infecté.
      Je pense que c'est bon alors ?
      Y-a-t-il encore quelque chose à faire ?

      en tout cas encore merci.
      ça fait du bien de retrouver son PC en pleine forme.

      je peux effacer tous les programmes installés (vundo, smitfraud, Asquared, ...) ???

      anneso
      0
  15. clownface Messages postés 1490 Statut Membre 73
     
    ça a l'air bon, si tu veux t'en assurer refais ces manips : virus methode preliminaire de desinfection version fr

    quelques conseils pour l'avenir : se premunir des virus et autres saletes pas si complique
    tu verras qu'il y a quelques programmes que tu peux conserver, pour les autres oui, tu peux les désinstaller.
    bonne soirée.
    0
    1. anneso
       
      Bonsoir,

      un dernier petit message (j'espère) pour la route ; j'ai fait toutes les manips demandées sur la page sauf l'AVG-Antispyware que je n'ai jamais pu télécharger à partir des liens.

      voici les rapports obtenus avec Bitdefander et le log HiJackThis :

      BitDefender Online Scanner



      Rapport d'analyse généré à: Sat, Sep 29, 2007 - 17:02:36





      Voie d'analyse: A:\;C:\;D:\;E:\;







      Statistiques

      Temps
      01:29:47

      Fichiers
      129124

      Directoires
      3451

      Secteurs de boot
      3

      Archives
      6718

      Paquets programmes
      7630




      Résultats

      Virus identifiés
      2

      Fichiers infectés
      6

      Fichiers suspects
      0

      Avertissements
      0

      Désinfectés
      0

      Fichiers effacés
      6




      Info sur les moteurs

      Définition virus
      824350

      Version des moteurs
      AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

      Analyse des plugins
      14

      Archive des plugins
      38

      Unpack des plugins
      7

      E-mail plugins
      6

      Système plugins
      1




      Paramètres d'analyse

      Première action
      Désinfecté

      Seconde Action
      Supprimé

      Heuristique
      Oui

      Acceptez les avertissements
      Oui

      Extensions analysées
      *;

      Excludez les extensions


      Analyse d'emails
      Oui

      Analyse des Archives
      Oui

      Analyser paquets programmes
      Oui

      Analyse des fichiers
      Oui

      Analyse de boot
      Oui




      Fichier analysé
      Statut

      C:\qoobox\Quarantine\catchme2007-09-28_150316.79.zip=>pmnkj.dll
      Infecté par: DeepScan:Generic.Virtumonde.1.DB9D3B83

      C:\qoobox\Quarantine\catchme2007-09-28_150316.79.zip=>pmnkj.dll
      Echec de la désinfection

      C:\qoobox\Quarantine\catchme2007-09-28_150316.79.zip=>pmnkj.dll
      Supprimé

      C:\qoobox\Quarantine\catchme2007-09-28_150316.79.zip
      Mis à jour

      C:\System Volume Information\_restore{F8DE3828-1C63-490C-9AE5-F33F8B193ED3}\RP418\A0223910.exe
      Détecté avec: Application.Dialer.Generic

      C:\System Volume Information\_restore{F8DE3828-1C63-490C-9AE5-F33F8B193ED3}\RP418\A0223910.exe
      Echec de la désinfection

      C:\System Volume Information\_restore{F8DE3828-1C63-490C-9AE5-F33F8B193ED3}\RP418\A0223910.exe
      Supprimé

      C:\System Volume Information\_restore{F8DE3828-1C63-490C-9AE5-F33F8B193ED3}\RP418\A0225012.dll
      Infecté par: DeepScan:Generic.Virtumonde.1.DB9D3B83

      C:\System Volume Information\_restore{F8DE3828-1C63-490C-9AE5-F33F8B193ED3}\RP418\A0225012.dll
      Echec de la désinfection

      C:\System Volume Information\_restore{F8DE3828-1C63-490C-9AE5-F33F8B193ED3}\RP418\A0225012.dll
      Supprimé

      C:\System Volume Information\_restore{F8DE3828-1C63-490C-9AE5-F33F8B193ED3}\RP418\A0225014.dll
      Infecté par: DeepScan:Generic.Virtumonde.1.DB9D3B83

      C:\System Volume Information\_restore{F8DE3828-1C63-490C-9AE5-F33F8B193ED3}\RP418\A0225014.dll
      Echec de la désinfection

      C:\System Volume Information\_restore{F8DE3828-1C63-490C-9AE5-F33F8B193ED3}\RP418\A0225014.dll
      Supprimé

      C:\System Volume Information\_restore{F8DE3828-1C63-490C-9AE5-F33F8B193ED3}\RP418\A0225017.dll
      Infecté par: DeepScan:Generic.Virtumonde.1.DB9D3B83

      C:\System Volume Information\_restore{F8DE3828-1C63-490C-9AE5-F33F8B193ED3}\RP418\A0225017.dll
      Echec de la désinfection

      C:\System Volume Information\_restore{F8DE3828-1C63-490C-9AE5-F33F8B193ED3}\RP418\A0225017.dll
      Supprimé

      C:\System Volume Information\_restore{F8DE3828-1C63-490C-9AE5-F33F8B193ED3}\RP418\A0225020.dll
      Infecté par: DeepScan:Generic.Virtumonde.1.DB9D3B83

      C:\System Volume Information\_restore{F8DE3828-1C63-490C-9AE5-F33F8B193ED3}\RP418\A0225020.dll
      Echec de la désinfection

      C:\System Volume Information\_restore{F8DE3828-1C63-490C-9AE5-F33F8B193ED3}\RP418\A0225020.dll
      Supprimé

      C:\WINDOWS\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi=>(Embedded CAB)
      Nettoyé

      C:\WINDOWS\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi=>(Embedded CAB)=>ErrorResponse
      Nettoyé

      C:\WINDOWS\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi=>(Embedded CAB)=>newalertwma
      Nettoyé

      C:\WINDOWS\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi=>(Embedded CAB)=>newemailwma
      Nettoyé

      C:\WINDOWS\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi=>(Embedded CAB)=>nudgewma
      Nettoyé

      C:\WINDOWS\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi=>(Embedded CAB)=>onlinewma
      Nettoyé

      C:\WINDOWS\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi=>(Embedded CAB)=>outgoingwma
      Nettoyé

      C:\WINDOWS\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi=>(Embedded CAB)=>phonewma
      Nettoyé

      C:\WINDOWS\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi=>(Embedded CAB)=>typewma
      Nettoyé

      C:\WINDOWS\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi=>(Embedded CAB)=>vimdonewma
      Nettoyé

      C:\WINDOWS\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi=>(Embedded CAB)=>licensertf
      Nettoyé

      C:\WINDOWS\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi=>(Embedded CAB)=>msnmsgrexe
      Nettoyé

      C:\WINDOWS\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi=>(Embedded CAB)=>msncoredll
      Nettoyé

      C:\WINDOWS\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi=>(Embedded CAB)=>ctxUXdll
      Nettoyé

      C:\WINDOWS\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi=>(Embedded CAB)=>logitechdll
      Nettoyé

      C:\WINDOWS\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi=>(Embedded CAB)=>msgscdll
      Nettoyé

      C:\WINDOWS\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi=>(Embedded CAB)=>msgsresdll
      Nettoyé

      C:\WINDOWS\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi=>(Embedded CAB)=>msgslangdll
      Nettoyé

      C:\WINDOWS\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi=>(Embedded CAB)=>highcontthm
      Nettoyé

      C:\WINDOWS\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi=>(Embedded CAB)=>wmv9vcm
      Nettoyé

      C:\WINDOWS\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi=>(Embedded CAB)=>msgrappdll
      Nettoyé

      C:\WINDOWS\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi=>(Embedded CAB)=>LCAPIDLL
      Nettoyé

      C:\WINDOWS\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi=>(Embedded CAB)=>LCRESDLL
      Nettoyé

      C:\WINDOWS\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi=>(Embedded CAB)=>RTMPLTFMDLL
      Nettoyé

      C:\WINDOWS\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi=>(Embedded CAB)=>abssmdll
      Nettoyé

      C:\WINDOWS\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi=>(Embedded CAB)=>lmcdatadll
      Nettoyé

      C:\WINDOWS\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi=>(Embedded CAB)=>contactdll
      Nettoyé

      C:\WINDOWS\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi=>(Embedded CAB)=>sirenacmdll
      Nettoyé

      C:\WINDOWS\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi=>(Embedded CAB)=>wmp8stubdll
      Nettoyé

      C:\WINDOWS\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi=>(Embedded CAB)=>custsatdll
      Nettoyé

      C:\WINDOWS\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi=>(Embedded CAB)=>psmsongdll
      Nettoyé

      C:\WINDOWS\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi=>(Embedded CAB)=>usnsvcdll
      Nettoyé

      C:\WINDOWS\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi=>(Embedded CAB)=>usnsvcpsdll
      Nettoyé

      C:\WINDOWS\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi=>(Embedded CAB)=>dfsrdll
      Nettoyé

      C:\WINDOWS\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi=>(Embedded CAB)=>fsshextdll
      Nettoyé

      C:\WINDOWS\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi=>(Embedded CAB)=>msnpcsexe
      Nettoyé

      C:\WINDOWS\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi=>(Embedded CAB)=>msnpcsdll
      Nettoyé

      C:\WINDOWS\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi=>(Embedded CAB)=>msnpcsresdll
      Nettoyé

      C:\WINDOWS\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi=>(Embedded CAB)=>MessengerClientDll
      Nettoyé

      C:\WINDOWS\Installer\MSN Messenger 8.0.0812\MsnMsgs.Msi=>(Embedded CAB)=>dwtrig20.exe.D0DF3458_A845_11D3_8D0A_0050046416B9
      Nettoyé



      Logfile of HijackThis v1.99.1
      Scan saved at 23:10:37, on 29/09/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16512)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe
      C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\WinZip\WZQKPICK.EXE
      C:\Program Files\a-squared Free\a2service.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.neuf.fr/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
      O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
      O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
      O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe"
      O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
      O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O11 - Options group: [INTERNATIONAL] International*
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://asrabela.spaces.live.com//PhotoUpload/MsnPUpld.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
      O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
      O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - https://www.epson.eu/support/
      O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://asrabela.spaces.live.com/PhotoUpload/MsnPUpld.cab
      O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://support.norton.com/sp/en/us/home/current/info
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)


      Dis moi si tu vois encore des choses à faire.
      merci d'avance

      anneso
      0
  16. clownface Messages postés 1490 Statut Membre 73
     
    Bonjour,

    cocher et fixer cette ligne : (qui fut mauvaise mais qui est devenue sans effet)
    O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

    faire un autre scan antivirus : https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan/fr/default.asp
    et faire un : avg anti spyware
    0
    1. anneso
       
      Bonjour,
      j'ai finalement réussi à télécharger AVG Anti Spyware et voici le rapport, ainsi qu'un nouveau log HiJackThis :

      ---------------------------------------------------------
      AVG Anti-Spyware - Rapport d'analyse
      ---------------------------------------------------------

      + Créé à: 14:55:24 01/10/2007

      + Résultat de l'analyse:



      HKLM\SOFTWARE\DIALPASS -> Dialer.Generic : Aucune action entreprise.
      HKLM\SOFTWARE\DIALPASS\SexLive -> Dialer.Generic : Aucune action entreprise.
      HKLM\SOFTWARE\SCom -> Dialer.Generic : Aucune action entreprise.
      HKLM\SOFTWARE\SCom\Dialers -> Dialer.Generic : Aucune action entreprise.
      HKU\S-1-5-21-4212676017-2704639424-2437969446-1006\Software\GlobalCS -> Dialer.Generic : Aucune action entreprise.
      HKU\S-1-5-21-4212676017-2704639424-2437969446-1006\Software\SCom -> Dialer.Generic : Aucune action entreprise.
      HKU\S-1-5-21-4212676017-2704639424-2437969446-1006\Software\SCom\Dialers -> Dialer.Generic : Aucune action entreprise.
      C:\Documents and Settings\annesophie\Cookies\annesophie@247realmedia[1].txt -> TrackingCookie.247realmedia : Aucune action entreprise.
      C:\Documents and Settings\annesophie\Cookies\annesophie@2o7[2].txt -> TrackingCookie.2o7 : Aucune action entreprise.
      C:\Documents and Settings\annesophie\Cookies\annesophie@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
      C:\Documents and Settings\annesophie\Cookies\annesophie@hertz.122.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
      C:\Documents and Settings\annesophie\Cookies\annesophie@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
      C:\Documents and Settings\annesophie\Cookies\annesophie@adtech[1].txt -> TrackingCookie.Adtech : Aucune action entreprise.
      C:\Documents and Settings\annesophie\Cookies\annesophie@advertising[1].txt -> TrackingCookie.Advertising : Aucune action entreprise.
      C:\Documents and Settings\annesophie\Cookies\annesophie@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
      C:\WINDOWS\system32\config\systemprofile\Cookies\system@bfast[2].txt -> TrackingCookie.Bfast : Aucune action entreprise.
      C:\Documents and Settings\annesophie\Cookies\annesophie@bluestreak[2].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
      C:\Documents and Settings\annesophie\Cookies\annesophie@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Aucune action entreprise.
      C:\Documents and Settings\annesophie\Cookies\annesophie@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
      C:\Documents and Settings\annesophie\Cookies\annesophie@estat[1].txt -> TrackingCookie.Estat : Aucune action entreprise.
      C:\Documents and Settings\annesophie\Cookies\annesophie@mediaplex[1].txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
      C:\Documents and Settings\annesophie\Cookies\annesophie@overture[1].txt -> TrackingCookie.Overture : Aucune action entreprise.
      C:\Documents and Settings\annesophie\Cookies\annesophie@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
      C:\Documents and Settings\annesophie\Cookies\annesophie@serving-sys[1].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
      C:\Documents and Settings\annesophie\Cookies\annesophie@smartadserver[1].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
      C:\Documents and Settings\annesophie\Cookies\annesophie@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
      C:\Documents and Settings\annesophie\Cookies\annesophie@weborama[1].txt -> TrackingCookie.Weborama : Aucune action entreprise.
      C:\Documents and Settings\annesophie\Cookies\annesophie@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Aucune action entreprise.
      C:\Documents and Settings\annesophie\Cookies\annesophie@zedo[1].txt -> TrackingCookie.Zedo : Aucune action entreprise.


      Fin du rapport

      Logfile of HijackThis v1.99.1
      Scan saved at 15:10:05, on 01/10/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16512)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe
      C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\system32\LVCOMSX.EXE
      C:\Program Files\Logitech\Video\CameraAssistant.exe
      C:\WINDOWS\system32\ElkCtrl.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\a-squared Free\a2service.exe
      C:\Program Files\WinZip\WZQKPICK.EXE
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Skype\Plugin Manager\skypePM.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.neuf.fr/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
      O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
      O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe"
      O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
      O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
      O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
      O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
      O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O11 - Options group: [INTERNATIONAL] International*
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://asrabela.spaces.live.com//PhotoUpload/MsnPUpld.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
      O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
      O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - https://www.epson.eu/support/
      O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://asrabela.spaces.live.com/PhotoUpload/MsnPUpld.cab
      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
      O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://support.norton.com/sp/en/us/home/current/info
      O18 - Protocol: bw+0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw+0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: bwg0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwg0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: offline-8876480 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe

      Dois-je fixer la ligne 020 ???

      Je pense que ce sera le dernier coup de main.
      Encore merci de toute cette aide.

      Anneso
      0
  17. clownface Messages postés 1490 Statut Membre 73
     
    non tu peux la aisser celle là :)
    vérifie si tu as un dossier qui s'appelle : dialpass dans c:\programme files, tu le supprimes (en mode sans echec si necessaire)
    fais un scan ad aware et spybot supprimes tout ce qu'ils trouvent
    puis ccleaner
    ensuite tu repostes un rapport avg.
    0
  18. anneso
     
    bonsoir,
    désolé mais je n'ai pas pu te faire passer l'AVG plus tôt.
    mais je crois que tout va bien maintenant.
    encore merci pour ton aide si précieuse.

    ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 21:12:27 04/10/2007

    + Résultat de l'analyse:

    C:\Documents and Settings\annesophie\Cookies\annesophie@advertising[2].txt -> TrackingCookie.Advertising : Aucune action entreprise.
    C:\Documents and Settings\annesophie\Cookies\annesophie@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
    C:\Documents and Settings\annesophie\Cookies\annesophie@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
    C:\Documents and Settings\annesophie\Cookies\annesophie@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Aucune action entreprise.
    C:\Documents and Settings\annesophie\Cookies\annesophie@weborama[1].txt -> TrackingCookie.Weborama : Aucune action entreprise.

    Fin du rapport
    0
  19. clownface Messages postés 1490 Statut Membre 73
     
    Bonsoir,

    y a-t-il encore toutes ces lignes O18 sur ton hijackthis ?
    0
  20. anneso
     
    oui, mais c'est depuis que j'ai réinstallé ma webcam. Pourquoi est-ce gênant ???

    Logfile of HijackThis v1.99.1
    Scan saved at 21:57:02, on 04/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe
    C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\CameraAssistant.exe
    C:\WINDOWS\system32\ElkCtrl.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.neuf.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe"
    O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
    O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
    O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://asrabela.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
    O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - https://www.epson.eu/support/
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://asrabela.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://support.norton.com/sp/en/us/home/current/info
    O18 - Protocol: bw+0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: offline-8876480 - {095BFBAE-918E-43F0-8C13-CC2DAD26765C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    0
  21. clownface Messages postés 1490 Statut Membre 73
     
    a priori non, mais je les cocherai et fixerai quand meme.
    0
  • 1
  • 2