Sujet Précédent Sujet Suivant

Nettoyage

Fermé
lna75 Messages postés 18 Date d'inscription lundi 15 octobre 2007 Statut Membre Dernière intervention 20 octobre 2007 - 15 oct. 2007 à 14:49
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 - 20 oct. 2007 à 20:26
Salut à tous

j'ai suivit les intructions, et voila les résultats :

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 13:29:13 15.10.2007

+ Résultat de l'analyse:



HKU\S-1-5-21-725345543-839522115-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB} -> Adware.Generic : Nettoyé.
C:\System Volume Information\_restore{D78324BD-D13B-409F-A592-6720BF27919B}\RP208\A0043973.exe -> Adware.WinFixer : Nettoyé.
C:\Documents and Settings\User\Cookies\user@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\User\Cookies\user@gourmondo.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\User\Cookies\user@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\User\Cookies\user@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\User\Cookies\user@adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\User\Cookies\user@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\User\Cookies\user@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Nettoyé.
C:\Documents and Settings\User\Cookies\user@ad.adition[2].txt -> TrackingCookie.Adition : Nettoyé.
C:\Documents and Settings\User\Cookies\user@www.adobe[2].txt -> TrackingCookie.Adobe : Nettoyé.
C:\Documents and Settings\User\Cookies\user@adrevolver[1].txt -> TrackingCookie.Adrevolver : Nettoyé.
C:\Documents and Settings\User\Cookies\user@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Nettoyé.
C:\Documents and Settings\User\Cookies\user@adtech[1].txt -> TrackingCookie.Adtech : Nettoyé.
C:\Documents and Settings\User\Cookies\user@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\User\Cookies\user@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\User\Cookies\user@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\User\Cookies\user@burstnet[1].txt -> TrackingCookie.Burstnet : Nettoyé.
C:\Documents and Settings\User\Cookies\user@www.burstnet[1].txt -> TrackingCookie.Burstnet : Nettoyé.
C:\Documents and Settings\User\Cookies\user@casalemedia[1].txt -> TrackingCookie.Casalemedia : Nettoyé.
C:\Documents and Settings\User\Cookies\user@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Nettoyé.
C:\Documents and Settings\User\Cookies\user@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\User\Cookies\user@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\User\Cookies\user@www.etracker[2].txt -> TrackingCookie.Etracker : Nettoyé.
C:\Documents and Settings\User\Cookies\user@fastclick[1].txt -> TrackingCookie.Fastclick : Nettoyé.
C:\Documents and Settings\User\Cookies\user@ehg-fifa.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\User\Cookies\user@ehg-swisscom.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\User\Cookies\user@ehg-telecomitalia.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\User\Cookies\user@ehg-upcchellomedia.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\User\Cookies\user@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\User\Cookies\user@counter.hitslink[1].txt -> TrackingCookie.Hitslink : Nettoyé.
C:\Documents and Settings\User\Cookies\user@searchportal.information[2].txt -> TrackingCookie.Information : Nettoyé.
C:\Documents and Settings\User\Cookies\user@search.live[2].txt -> TrackingCookie.Live : Nettoyé.
C:\Documents and Settings\User\Cookies\user@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\User\Cookies\user@overture[2].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\User\Cookies\user@ads.planetactive[2].txt -> TrackingCookie.Planetactive : Nettoyé.
C:\Documents and Settings\User\Cookies\user@revenue[1].txt -> TrackingCookie.Revenue : Nettoyé.
C:\Documents and Settings\User\Cookies\user@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\User\Cookies\user@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\User\Cookies\user@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\User\Cookies\user@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Documents and Settings\User\Cookies\user@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Nettoyé.
C:\Documents and Settings\User\Cookies\user@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\User\Cookies\user@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé.
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.
[3528] VM_006C0000 -> Trojan.Agent.ash : Nettoyé.
C:\System Volume Information\_restore{D78324BD-D13B-409F-A592-6720BF27919B}\RP208\A0040348.ocx -> Trojan.Agent.bnf : Nettoyé.


Fin du rapport



***************************************
BitDefender Online Scanner

Scan report generated at: Mon, Oct 15, 2007 - 14:17:08

Scan path: C:\;D:\;E:\;F:\;

Statistics

Time
02:21:31

Files
190188

Folders
4695

Boot Sectors
3

Archives
2149

Packed Files
9832




Results

Identified Viruses
1

Infected Files
1

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
1




Engines Info

Virus Definitions
826726

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
14

Archive plugins
38

Unpack plugins
7

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\System Volume Information\_restore{D78324BD-D13B-409F-A592-6720BF27919B}\RP208\A0040347.exe=>(NSIS o)=>lzma_solid_nsis0000
Infected with: Trojan.Downloader.Zlob.AAGR

C:\System Volume Information\_restore{D78324BD-D13B-409F-A592-6720BF27919B}\RP208\A0040347.exe=>(NSIS o)=>lzma_solid_nsis0000
Disinfection failed

C:\System Volume Information\_restore{D78324BD-D13B-409F-A592-6720BF27919B}\RP208\A0040347.exe=>(NSIS o)=>lzma_solid_nsis0000
Deleted

C:\System Volume Information\_restore{D78324BD-D13B-409F-A592-6720BF27919B}\RP208\A0040347.exe=>(NSIS o)
Update failed



*****************************************




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:46:38, on 15.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\windows\system32\chfbadaha.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe
C:\Program Files\DWL-G650M Super G MIMO Wireless Notebook Adapter\AIRPLUS.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [U.S. Robotics Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [mRouterConfig] "C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: D-Link REG Utility.lnk = C:\Program Files\DWL-G650M Super G MIMO Wireless Notebook Adapter\Reg.exe
O4 - Global Startup: DWL-G650M Super G MIMO Wireless Notebook Adapter Utility.lnk = ?
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.ch/NET/Import/ImageUploader4.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/be/fr/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{E09BC8DB-53D9-4160-A544-746CE7BF2AFB}: NameServer = 195.186.1.111,195.186.4.111
O18 - Protocol: bw+0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw+0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw-0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw-0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw00 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw00s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw10 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw10s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw20 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw20s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw30 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw30s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw40 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw40s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw50 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw50s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw60 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw60s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw70 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw70s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw80 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw80s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw90 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw90s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwa0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwa0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwb0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwb0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwc0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwc0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwd0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwd0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwe0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwe0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwf0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwf0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: bwg0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwg0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwh0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwh0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwi0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwi0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwj0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwj0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwk0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwk0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwl0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwl0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwm0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwm0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwn0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwn0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwo0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwo0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwp0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwp0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwq0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwq0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwr0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwr0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bws0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bws0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwt0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwt0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwu0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwu0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwv0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwv0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bww0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bww0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwx0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwx0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwy0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwy0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwz0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwz0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: offline-8876480 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Filter hijack: text/html - {C6F62B7A-5450-4A2F-8687-6CEEC3AEB055} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: U.S. Robotics Wireless LAN Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
A voir également:

11 réponses

Réponse 1 / 11
lna75 Messages postés 18 Date d'inscription lundi 15 octobre 2007 Statut Membre Dernière intervention 20 octobre 2007
15 oct. 2007 à 17:54
il y a quelqu'un pour m'aider.... svp j'ai besoin de mon ordi pr travailler !! soyez sympa avec une mega-débutante. lna
0
Réponse 2 / 11
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
16 oct. 2007 à 13:54
Salut

merci de poster ton rapport navilog ici ;-)

++
0
lna75 Messages postés 18 Date d'inscription lundi 15 octobre 2007 Statut Membre Dernière intervention 20 octobre 2007
16 oct. 2007 à 14:20
hello green day, merci de prendre le temps de jeter un oeil, c'est sympa.
alors voici le rapport :

Search Navipromo version 3.2.1 commencé le 16.10.2007 à 14:13:09.37

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 09.10.2007 a 18h00 by IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13


*** Recherche Programmes installes ***




*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***



*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\User\Application Data ***


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***


*** Recherche avec Catchme-rootkit/stealth malware detector by gmer ***
pour + d'infos : http://www.gmer.net

Fichier(s) caché(s) :

C:\WINDOWS\system32\chfbadaha.dat
C:\WINDOWS\system32\chfbadaha.exe
C:\WINDOWS\system32\chfbadaha_nav.dat
C:\WINDOWS\system32\chfbadaha_navps.dat

Processus caché(s) :

C:\WINDOWS\system32\chfbadaha.exe


*** Recherche avec GenericNaviSearch ***
!!! Tous Ces résultats peuvent révéler des fichiers légitimes !!!
!!! A verifier impérativement avant toute suppression manuelle !!!

* Scan C:\WINDOWS\system32 *

Fichiers trouvés :

chfbadaha.exe trouvé !

Fichiers suspects :

C:\WINDOWS\system32\AegisI2.exe trouvé !

* Scan C:\DOCUME~1\User\LOCALS~1\APPLIC~1 *



*** Recherche fichiers ***


C:\WINDOWS\pack.epk trouvé !
C:\WINDOWS\system32\nvs2.inf trouvé !


*** Recherche cles registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé !

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

2)Recherche Heuristique :

C:\WINDOWS\system32\chfbadaha.dat trouvé !


3)Recherche Certificats :

Certificat Egroup trouvé !


*** Analyse Terminé le 16.10.2007 à 14:16:05.16 ***
0
Réponse 3 / 11
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
16 oct. 2007 à 14:31
ok,

o Double-cliquer sur navilog1.bat
o Arriver au menu principal, choisir l'option 2 et valider.
o Indiquer le mode de nettoyage "automatique"
o Répondre aux questions éventuelles, le bureau disparaîtra, c'est normal !
o Patienter jusqu'au message : Nettoyage Termine le ...
o Sauvegarder le rapport de manière à le retrouver, puis fermer le blocnote, le bureau réapparaîtra
o Le rapport sera en outre sauvegardé à la racine du disque (cleannavi.txt), poste le stp


ensuite :

Télécharge SDFix sur ton bureau

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !


++



0
lna75 Messages postés 18 Date d'inscription lundi 15 octobre 2007 Statut Membre Dernière intervention 20 octobre 2007
16 oct. 2007 à 14:32
ok je fais ca tout de suite.

Merci beauocup et a +
0
lna75 Messages postés 18 Date d'inscription lundi 15 octobre 2007 Statut Membre Dernière intervention 20 octobre 2007
16 oct. 2007 à 15:46
salut green day alors voici les rapports :



SDFix: Version 1.109

Run by User on 16.10.2007 at 15:22

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\User\Bureau\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\Documents and Settings\User\Favoris\Error Cleaner.url - Deleted
C:\Documents and Settings\User\Favoris\Privacy Protector.url - Deleted
C:\Documents and Settings\User\Favoris\Spyware&Malware Protection.url - Deleted
C:\WINDOWS\privacy_danger\index.htm - Deleted
C:\WINDOWS\privacy_danger\images\capt.gif - Deleted
C:\WINDOWS\privacy_danger\images\danger.jpg - Deleted
C:\WINDOWS\privacy_danger\images\down.gif - Deleted
C:\WINDOWS\privacy_danger\images\spacer.gif - Deleted
C:\WINDOWS\dat.txt - Deleted
C:\WINDOWS\rs.txt - Deleted
C:\WINDOWS\search_res.txt - Deleted


Folder C:\WINDOWS\privacy_danger - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\PVSW\\Bin\\w3dbsmgr.exe"="C:\\PVSW\\Bin\\w3dbsmgr.exe:*:Enabled:Database Service Manager"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe"="C:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe:*:Enabled:mRouterRuntime"
"C:\\Program Files\\Sony Ericsson\\Update Service\\ma3platform.exe"="C:\\Program Files\\Sony Ericsson\\Update Service\\ma3platform.exe:*:Enabled:ma3platform"
"C:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"="C:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe:*:Enabled:mRouterRuntime Module"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Assistance … distance - Windows Messenger et voix"
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\FileZilla\\FileZilla.exe"="C:\\Program Files\\FileZilla\\FileZilla.exe:*:Enabled:FileZilla"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\User\Bureau\SDFix\backups\backups.zip

Files with Hidden Attributes:

Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Wed 10 Oct 2007 88 ..SHR --- "C:\WINDOWS\system32\388A19F7B1.sys"
Fri 7 Sep 2007 23 A.SH. --- "C:\WINDOWS\system32\ecddfdfbafac5_g.dll"
Wed 10 Oct 2007 2,828 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Thu 19 Aug 2004 60,416 A.SH. --- "C:\WINDOWS\BricoPacks\SysFiles\84_MSIMN.EXE"
Thu 20 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\778fd2fc3fe6b905e366b5ddbba384c8\BIT1.tmp"

Finished!





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:43:00, on 16.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\vVX1000.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
C:\Program Files\PerfectToolsXP2\VDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [U.S. Robotics Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [mRouterConfig] "C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"
O4 - HKCU\..\Run: [VDesktop] C:\Program Files\PerfectToolsXP2\VDesktop.exe -v
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: D-Link REG Utility.lnk = C:\Program Files\DWL-G650M Super G MIMO Wireless Notebook Adapter\Reg.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.serviceshub.microsoft.com/supportforbusiness/create
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.ch/NET/Import/ImageUploader4.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/be/fr/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{E09BC8DB-53D9-4160-A544-746CE7BF2AFB}: NameServer = 195.186.1.111,195.186.4.111
O18 - Protocol: bw+0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw+0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw-0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw-0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw00 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw00s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw10 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw10s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw20 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw20s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw30 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw30s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw40 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw40s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw50 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw50s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw60 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw60s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw70 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw70s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw80 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw80s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw90 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw90s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwa0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwa0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwb0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwb0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwc0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwc0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwd0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwd0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwe0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwe0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwf0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwf0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: bwg0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwg0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwh0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwh0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwi0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwi0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwj0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwj0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwk0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwk0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwl0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwl0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwm0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwm0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwn0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwn0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwo0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwo0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwp0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwp0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwq0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwq0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwr0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwr0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bws0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bws0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwt0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwt0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwu0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwu0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwv0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwv0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bww0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bww0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwx0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwx0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwy0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwy0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwz0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwz0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: offline-8876480 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Filter hijack: text/html - {C6F62B7A-5450-4A2F-8687-6CEEC3AEB055} - (no file)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: U.S. Robotics Wireless LAN Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
0
Réponse 4 / 11
lna75 Messages postés 18 Date d'inscription lundi 15 octobre 2007 Statut Membre Dernière intervention 20 octobre 2007
19 oct. 2007 à 15:37
salut a tous, alors apres avoir fait tout ca, mon probleme n'est toujours pas résolu. Alors je n'ai plus pleins de fenetres de n'importe koi qui s'ouvrent, par contre c'est toujours super lent, exemple, il me fat entre 4 et 5 minutes pour ouvrir une page internet !!!

est-ce que vous auriez une solution à me proposer !!??

merci a vous tous qui m'on aidé jusqu'à maintenant et à ceux ki vont m'aider encore.. merci
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 11
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
19 oct. 2007 à 15:42
Salut

oups ! tu t'es perdue dans mes contributions ! :)


Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp avec un nouveau hijack

@+
0
Réponse 6 / 11
lna75 Messages postés 18 Date d'inscription lundi 15 octobre 2007 Statut Membre Dernière intervention 20 octobre 2007
19 oct. 2007 à 15:50
salutgreen day

j'ai fit ca, il y a le rapport en haut NON?!?!
0
Réponse 7 / 11
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
19 oct. 2007 à 15:53
re salut

non, combo, on ne l'as pas encore utilisé !
++
0
lna75 Messages postés 18 Date d'inscription lundi 15 octobre 2007 Statut Membre Dernière intervention 20 octobre 2007
19 oct. 2007 à 15:55
excuses, alors on va essayer ca tout de suite, merci a toute
0
lna75 Messages postés 18 Date d'inscription lundi 15 octobre 2007 Statut Membre Dernière intervention 20 octobre 2007
19 oct. 2007 à 16:39
salut green day alors voici les rapports et merci beauoup

ComboFix 07-10-19.1 - User 2007-10-19 16:00:10.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.232 [GMT 2:00]
Running from: C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\[u]0[/u]DQ3G567\ComboFix[1].exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\User\Application Data\DriveCleaner Free

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_FOPF
-------\LEGACY_NPF


((((((((((((((((((((((((((((( Fichiers créés 2007-09-19 to 2007-10-19 ))))))))))))))))))))))))))))))))))))
.

2007-10-19 15:56 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-16 17:00 <REP> d-------- C:\Program Files\RocketDock
2007-10-16 15:21 <REP> d-------- C:\WINDOWS\ERUNT
2007-10-16 15:16 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2007-10-16 15:16 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-10-16 15:16 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2007-10-16 15:16 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2007-10-16 15:16 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2007-10-16 15:16 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2007-10-16 15:16 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2007-10-16 14:10 <REP> d-------- C:\Program Files\Navilog1
2007-10-16 12:59 <REP> d-------- C:\Program Files\Miranda IM
2007-10-16 12:59 <REP> d-------- C:\Documents and Settings\User\Application Data\Miranda
2007-10-16 12:58 51,611 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-10-16 12:49 <REP> d-------- C:\Program Files\PerfectToolsXP2
2007-10-16 12:49 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2007-10-16 12:49 89,600 --a------ C:\WINDOWS\system32\CMCTLFR.DLL
2007-10-16 12:49 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2007-10-16 12:49 20,992 --a------ C:\WINDOWS\system32\CMCT2FR.DLL
2007-10-16 12:44 <REP> d-------- C:\Program Files\Seagrand
2007-10-16 12:40 4,831 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-10-16 12:38 <REP> d-------- C:\WINDOWS\BricoPacks
2007-10-16 11:41 <REP> d-------- C:\Program Files\Nicolas MERLET
2007-10-15 19:07 <REP> d-------- C:\Program Files\IE7Pro
2007-10-15 19:07 <REP> d-------- C:\Documents and Settings\User\Application Data\IE7Pro
2007-10-15 18:08 <REP> d-------- C:\WINDOWS\system32\fr-fr
2007-10-15 17:46 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-15 17:46 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-10-15 17:46 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-15 17:46 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-15 17:46 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-15 17:46 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-15 17:46 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-15 17:46 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-15 17:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-10-15 16:48 290,816 --a------ C:\WINDOWS\system32\adsiis51.dll
2007-10-15 16:48 50,176 --a------ C:\WINDOWS\system32\adrot.dll
2007-10-15 16:48 43,520 --a--c--- C:\WINDOWS\system32\dllcache\admwprox.dll
2007-10-15 16:48 43,520 --a------ C:\WINDOWS\system32\admwprox.dll
2007-10-15 16:48 20,540 --a------ C:\WINDOWS\system32\admin.dll
2007-10-15 16:48 16,439 --a------ C:\WINDOWS\system32\admin.exe
2007-10-15 16:48 6,144 --a--c--- C:\WINDOWS\system32\dllcache\admxprox.dll
2007-10-15 16:48 6,144 --a------ C:\WINDOWS\system32\admxprox.dll
2007-10-15 13:35 <REP> d-------- C:\Program Files\Trend Micro
2007-10-15 11:53 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-10-15 10:35 <REP> d-------- C:\Documents and Settings\User\Application Data\Grisoft
2007-10-15 10:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-15 10:33 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-15 10:23 <REP> d-------- C:\Program Files\CCleaner
2007-10-11 13:08 <REP> d-------- C:\Program Files\eMule
2007-10-04 19:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-10-03 21:11 <REP> d-------- C:\WINDOWS\WLTB Custom Button Feeds
2007-10-02 21:59 <REP> d-------- C:\Documents and Settings\User\Application Data\HP
2007-10-02 21:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HP
2007-10-02 21:50 <REP> d-------- C:\Program Files\Fichiers communs\Sonic Shared
2007-10-02 21:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2007-10-02 21:43 <REP> d-------- C:\Program Files\Fichiers communs\HP
2007-10-02 21:28 128,334 --a------ C:\WINDOWS\hpoins11.dat
2007-10-02 21:03 77,824 -ra------ C:\WINDOWS\system32\HPZIDS01.dll
2007-10-02 21:03 38,400 --a------ C:\WINDOWS\system32\hpz3l054.dll
2007-10-02 20:58 <REP> d-------- C:\Program Files\HP
2007-09-28 19:49 <REP> d-------- C:\Documents and Settings\User\Application Data\Corel
2007-09-28 19:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Corel
2007-09-28 19:33 <REP> d-------- C:\Program Files\Fichiers communs\Corel
2007-09-28 19:30 2,828 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-09-28 19:30 88 -r-hs---- C:\WINDOWS\system32\388A19F7B1.sys
2007-09-28 15:32 <REP> d-------- C:\Program Files\Corel
2007-09-28 15:32 <REP> d-------- C:\Documents and Settings\User\Application Data\InstallShield
2007-09-28 00:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-09-27 19:08 212,480 --------- C:\WINDOWS\pcdlib32.dll
2007-09-27 19:07 <REP> d-------- C:\Program Files\Serif
2007-09-27 18:53 <REP> d-------- C:\Program Files\PhotoFiltre Studio
2007-09-27 18:53 45 ---h----- C:\WINDOWS\dsez4950.dat
2007-09-25 18:25 <REP> d-------- C:\Documents and Settings\User\Application Data\Aladdin Systems
2007-09-24 16:10 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared
2007-09-24 16:07 <REP> d-------- C:\Program Files\Intuwave
2007-09-24 16:06 <REP> d-------- C:\Program Files\Common Files

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-16 20:44 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-10-16 09:13 --------- d-----w C:\Program Files\Fichiers communs\Pervasive Software Shared
2007-10-15 16:27 --------- d-----w C:\Program Files\MSN Messenger
2007-10-15 16:23 --------- d-----w C:\Program Files\Windows Live
2007-09-28 16:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-28 15:39 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-09-24 15:16 --------- d-----w C:\Program Files\FileZilla
2007-09-24 14:10 --------- d-----w C:\Program Files\Fichiers communs\Vbox
2007-09-24 14:09 --------- d-----w C:\Program Files\Microsoft LifeCam
2007-09-24 14:08 --------- d-----w C:\Program Files\LimeWire
2007-09-24 14:08 --------- d-----w C:\Program Files\Google
2007-09-24 14:08 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2007-09-24 14:07 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2007-09-24 14:06 --------- d-----w C:\Program Files\Yahoo!
2007-09-24 14:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-09-24 14:05 --------- d-----w C:\Program Files\Ensemble clavier et souris sans fil Labtec
2007-09-24 14:04 --------- d-----w C:\Program Files\Tweak-XP Pro 4
2007-09-24 14:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion(3)
2007-09-24 13:57 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-09-14 12:35 --------- d-----w C:\Documents and Settings\User\Application Data\Uniblue
2007-09-13 10:46 --------- d-----w C:\Documents and Settings\User\Application Data\junkcurbaudio
2007-09-09 21:02 --------- d-----w C:\Program Files\fxc
2007-09-09 16:50 --------- d-----w C:\Documents and Settings\User\Application Data\Leadertech
2007-09-05 19:32 --------- d-----w C:\Documents and Settings\User\Application Data\Hewlett-Packard
2007-09-05 19:17 --------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard
2007-09-05 18:47 --------- d-----w C:\Documents and Settings\User\Application Data\Image Zone Express
2007-08-31 11:12 --------- d-----w C:\Documents and Settings\User\Application Data\LimeWire
2007-08-31 09:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-08-29 05:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Loud spam else tool
2007-08-24 18:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\chic about ping loud
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX1000"="C:\WINDOWS\vVX1000.exe" [2006-12-06 01:38]
"U.S. Robotics Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"PCTVOICE"="pctspk.exe" [2002-07-18 16:58 C:\WINDOWS\system32\pctspk.exe]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-01-13 03:48]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"CAVRID"="C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" [2007-04-27 15:48]
"CaAvTray"="C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe" [2007-04-27 15:48]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-12 21:10]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-10 14:08]
"mRouterConfig"="C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" [2006-03-02 11:54]
"VDesktop"="C:\Program Files\PerfectToolsXP2\VDesktop.exe" [2004-11-21 02:03]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:37]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DWL-G650M Super G MIMO Wireless Notebook Adapter Utility.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\DWL-G650M Super G MIMO Wireless Notebook Adapter Utility.lnk
backup=C:\WINDOWS\pss\DWL-G650M Super G MIMO Wireless Notebook Adapter Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\chfbadaha]
c:\windows\system32\chfbadaha.exe chfbadaha

S2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe"
S3 AR5513;DWL-G650M Super G MIMO Wireless Notebook Adapter;C:\WINDOWS\system32\DRIVERS\ar5513.sys
S3 FTLUND;Lundinova Filter Driver;C:\WINDOWS\system32\drivers\ftlund.sys
S3 LVPrcMon;Logitech LVPrcMon Driver;\??\C:\WINDOWS\system32\drivers\LVPrcMon.sys
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys
S3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-19 14:04:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
"2007-09-25 15:40:14 C:\WINDOWS\Tasks\WebReg 20070925174013.job"
"2007-09-27 11:08:16 C:\WINDOWS\Tasks\WebReg 20070927130813.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe
"2007-09-27 21:19:46 C:\WINDOWS\Tasks\WebReg 20070927231945.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-19 16:14:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-19 16:17:03 - machine was rebooted
.
--- E O F ---









Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:18:10, on 19.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://loredana99alvite.skyrock.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [U.S. Robotics Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [mRouterConfig] "C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"
O4 - HKCU\..\Run: [VDesktop] C:\Program Files\PerfectToolsXP2\VDesktop.exe -v
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: D-Link REG Utility.lnk = C:\Program Files\DWL-G650M Super G MIMO Wireless Notebook Adapter\Reg.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.serviceshub.microsoft.com/supportforbusiness/create
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.ch/NET/Import/ImageUploader4.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/be/fr/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{E09BC8DB-53D9-4160-A544-746CE7BF2AFB}: NameServer = 195.186.1.111,195.186.4.111
O18 - Protocol: bw+0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw+0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw-0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw-0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw00 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw00s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw10 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw10s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw20 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw20s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw30 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw30s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw40 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw40s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw50 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw50s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw60 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw60s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw70 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw70s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw80 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw80s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw90 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw90s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwa0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwa0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwb0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwb0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwc0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwc0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwd0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwd0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwe0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwe0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwf0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwf0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: bwg0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwg0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwh0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwh0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwi0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwi0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwj0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwj0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwk0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwk0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwl0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwl0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwm0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwm0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwn0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwn0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwo0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwo0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwp0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwp0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwq0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwq0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwr0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwr0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bws0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bws0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwt0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwt0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwu0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwu0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwv0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwv0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bww0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bww0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwx0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwx0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwy0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwy0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwz0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwz0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: offline-8876480 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: U.S. Robotics Wireless LAN Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
0
Réponse 8 / 11
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
19 oct. 2007 à 17:24
ok,

télécharge ceci : http://www.malekal.com/download/clean.zip

# Décompressez le fichier sur le bureau (clic droit / extraire tout), afin d’obtenir un dossier nommé clean.
# Ouvrez le dossier Clean qui se trouve sur ton bureau et faire un double-clic sur clean.cmd.
# Une fenêtre noire va apparaître, choisissez l'option 1, un rapport sera crée sous la racine : C:\rapport_clean.txt, poste le stp

++
0
lna75 Messages postés 18 Date d'inscription lundi 15 octobre 2007 Statut Membre Dernière intervention 20 octobre 2007
19 oct. 2007 à 17:33
19.10.2007 a 17:30:59.61

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32
"C:\WINDOWS\Downloaded Program Files\CONFLICT.1" FOUND

*** Recherche des fichiers dans C:\Program Files
C:\PROGRA~1\PERFEC~1\ FOUND
*** Fin du rapport !


alors le voici green day. merci
0
Réponse 9 / 11
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
19 oct. 2007 à 18:25
ok, redémarre en mode sans echec puis passe à l'option 2 et poste le rapport stp

++
0
lna75 Messages postés 18 Date d'inscription lundi 15 octobre 2007 Statut Membre Dernière intervention 20 octobre 2007
20 oct. 2007 à 08:32
bonjour green day

t'as passé un bon début de week-end ? je l'espère.

Alors voici la suite que tu as demandé. E encore une fois merci beucoup.

Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 20.10.2007 a 8:14:47.01

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:

*** Suppression des fichiers dans C:\WINDOWS\

*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de "C:\WINDOWS\Downloaded Program Files\CONFLICT.1"

*** Suppression des fichiers dans C:\Program Files
tentative de suppression de C:\PROGRA~1\PERFEC~1\

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !


a++ merci
0
Réponse 10 / 11
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
20 oct. 2007 à 16:25
Bonjour

Un WE studieux ! :))

poste un nouveau hijack, et précise l'évolution de la situation stp

Bon WE ;-)

++
0
lna75 Messages postés 18 Date d'inscription lundi 15 octobre 2007 Statut Membre Dernière intervention 20 octobre 2007
20 oct. 2007 à 16:38
salut green day !!! dsl je t'embetes....

alors voi-ci le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:33:55, on 20.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\vVX1000.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.skyrock.com/?connect=1&back_url=https%3A%2F%2Floredana99alvite.skyrock.com%2F
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\IE7Pro.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [U.S. Robotics Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [mRouterConfig] "C:\Program Files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"
O4 - HKCU\..\Run: [VDesktop] C:\Program Files\PerfectToolsXP2\VDesktop.exe -v
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O4 - Global Startup: D-Link REG Utility.lnk = C:\Program Files\DWL-G650M Super G MIMO Wireless Notebook Adapter\Reg.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.serviceshub.microsoft.com/supportforbusiness/create
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.ch/NET/Import/ImageUploader4.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/be/fr/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{E09BC8DB-53D9-4160-A544-746CE7BF2AFB}: NameServer = 195.186.1.111,195.186.4.111
O18 - Protocol: bw+0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw+0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw-0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw-0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw00 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw00s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw10 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw10s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw20 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw20s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw30 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw30s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw40 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw40s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw50 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw50s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw60 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw60s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw70 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw70s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw80 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw80s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw90 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw90s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwa0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwa0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwb0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwb0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwc0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwc0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwd0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwd0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwe0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwe0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwf0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwf0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: bwg0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwg0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwh0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwh0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwi0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwi0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwj0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwj0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwk0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwk0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwl0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwl0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwm0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwm0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwn0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwn0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwo0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwo0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwp0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwp0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwq0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwq0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwr0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwr0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bws0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bws0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwt0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwt0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwu0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwu0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwv0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwv0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bww0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bww0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwx0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwx0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwy0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwy0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwz0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwz0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: offline-8876480 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: U.S. Robotics Wireless LAN Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
0
Réponse 11 / 11
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
20 oct. 2007 à 20:26
No soucy ;-)

# Désactiver la Restauration du système
Cliquez sur le bouton Démarrer.
Faites un clic droit de la souris sur Poste de travail puis cliquez sur Propriétés.
Dans l'onglet Restauration du système : sélectionnez l'option Désactiver la Restauration du système ou Désactiver la Restauration du système sur tous les lecteurs. (Ne pas oublier de la réactiver à la fin de la manip.)



# Relance HijackThis : choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :

( toutes les 018 )

O18 - Protocol: bw+0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw+0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw-0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw-0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw00 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw00s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw10 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw10s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw20 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw20s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw30 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw30s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw40 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw40s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw50 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw50s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw60 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw60s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw70 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw70s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw80 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw80s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw90 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bw90s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwa0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwa0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwb0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwb0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwc0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwc0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwd0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwd0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwe0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwe0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwf0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwf0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: bwg0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwg0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwh0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwh0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwi0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwi0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwj0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwj0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwk0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwk0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwl0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwl0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwm0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwm0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwn0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwn0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwo0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwo0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwp0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwp0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwq0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwq0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwr0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwr0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bws0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bws0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwt0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwt0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwu0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwu0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwv0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwv0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bww0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bww0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwx0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwx0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwy0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwy0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwz0 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: bwz0s - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)
O18 - Protocol: offline-8876480 - {5B32A724-D909-4910-A685-252A44F327D3} - (no file)

ensuite repasse un coup de ccleaner et dis moi s'il y a eu des amélioration

++
0

Discussions similaires

Meilleure application pour nettoyer IPhone et photos
Berline -
Berline -

3 réponses
Nettoyer sa Ps4
QuentinPsg97424 -
Reskape -

5 réponses