Sujet Précédent Sujet Suivant

Fenetres did

Résolu
thierry54 Messages postés 38 Statut Membre -  
FillPCA Messages postés 2264 Statut Contributeur sécurité -
Bonjour,
apres plusieurs manipulations que l'on m'a conseiller pour supprimer les fenetres cid ou internet explorer qui viennent poluer mon ecran
et bien elles sont toujours la
pouvez vous m'aider a resoudre mon probleme
merci d'avance

22 réponses

  • 1
  • 2
Réponse 1 / 22
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Bonjour,

Peux-tu éditer un rapport Hijackthis ?

http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
Démo en image
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

Fais un scan et poste l'analyse.

FillPCA
0
Réponse 2 / 22
thierry54 Messages postés 38 Statut Membre 4
 
bonjour
merci de ton aide

voici mon rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:38:57, on 28/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\program files\fichiers communs\installshield\updateservice\issch.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\BitComet\tools\CometBrowser.exe
C:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\Main\Mediahub.exe
c:\Program Files\Sonic\MyDVD\MyDVD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 69.57.152.127 auto.search.msn.com
O1 - Hosts: 69.57.152.127 auto.search.msn.es
O1 - Hosts: 69.57.152.127 pagead2.googlesyndication.com
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MediaLifeService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [rkfree] "C:\Program Files\RKFree\rkfree.exe" /b
O4 - HKLM\..\Run: [ISUSScheduler] "c:\program files\fichiers communs\installshield\updateservice\issch.exe" -start
O4 - HKLM\..\RunOnce: [MessengerPlusLiveUninstall] "C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\MsgPlusUninstall.exe" /Cleanup
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [Copykeep] C:\DOCUME~1\HP_ADM~1\APPLIC~1\FOREXI~1\scrprocshow.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bw+0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
0
Réponse 3 / 22
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Re,

Merci à Lazzzy

* Télécharger lopxpMH : http://www.alt-shift-return.org/Info/Fichiers/lopxpMH2.zip
* Dézippe-le au moyen d'un clic droit et extrais-le sur le bureau.
* Edite le rapport généré.

FillPCA
0
Réponse 4 / 22
thierry54 Messages postés 38 Statut Membre 4
 
re

voici ce que ca m'a donner
est ce que c'est ca dont tu as besoin

Rapport lopxpMH2 version 2.0 fait à 16:26:42,70 le 28/10/2007
Rapport lopxpMH2 version 2.0 fait à 16:26:42,70 le 28/10/2007
C:\Documents and Settings\HP_Administrateur\Bureau\lopxpMH2

******************************************
## Répertoires Application Data
## Répertoires Application Data

Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 4484-CD23

Répertoire de C:\Documents and Settings\Administrateur\Application Data

06/04/2007 07:24 <REP> .
06/04/2007 07:24 <REP> ..
15/11/2005 03:22 <REP> Identities
15/11/2005 03:22 <REP> Microsoft
02/01/2006 08:46 <REP> Real
10/10/2005 14:24 62 desktop.ini
1 fichier(s) 62 octets
5 Rép(s) 230 998 962 176 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 4484-CD23

Répertoire de C:\Documents and Settings\Administrateur\Local Settings\Application Data

15/11/2005 03:22 <REP> .
15/11/2005 03:22 <REP> ..
02/01/2006 08:25 <REP> {3248F0A6-6813-11D6-A77B-00B0D0150060}
02/01/2006 08:18 <REP> ApplicationHistory
15/11/2005 03:22 <REP> Microsoft
02/01/2006 08:18 137 fusioncache.dat
02/01/2006 08:54 2 003 318 IconCache.db
2 fichier(s) 2 003 455 octets
5 Rép(s) 230 998 634 496 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 4484-CD23

Répertoire de C:\Documents and Settings\All Users\Application Data

06/04/2007 07:24 <REP> .
06/04/2007 07:24 <REP> ..
11/04/2007 17:38 <REP> Adobe
14/06/2007 21:07 <REP> Ahead
06/04/2007 16:23 <REP> browse peak mess bore
02/01/2006 08:49 <REP> CyberLink
25/05/2007 08:33 <REP> Elaborate Bytes
11/04/2007 13:25 <REP> Google
27/10/2007 11:58 <REP> Grisoft
02/01/2006 09:20 <REP> Hewlett-Packard
02/01/2006 08:48 <REP> InstallShield
06/04/2007 16:03 <REP> MediaLife
15/11/2005 03:23 <REP> Microsoft
06/04/2007 20:23 <REP> Microsoft Help
28/08/2007 20:24 <REP> Nero
07/04/2007 14:39 <REP> NFS Underground
14/09/2007 10:28 <REP> part dead amok eggs
06/04/2007 20:44 <REP> QuickTime
02/01/2006 08:23 <REP> SBSI
26/04/2007 10:12 <REP> ScanSoft
25/05/2007 08:21 <REP> SlySoft
02/01/2006 08:43 <REP> Sonic
27/06/2007 16:28 <REP> Spybot - Search & Destroy
08/04/2007 10:10 <REP> SSScanAppDataDir
08/04/2007 10:10 <REP> SSScanWizard
02/01/2006 09:12 <REP> Symantec
05/05/2007 11:50 <REP> TEMP
03/05/2007 16:26 <REP> TuneUp Software
06/04/2007 15:49 <REP> Windows Genuine Advantage
06/04/2007 17:25 <REP> Windows Live Toolbar
25/05/2007 08:21 125 .zreglib
10/10/2005 14:24 62 desktop.ini
02/01/2006 08:42 2 427 hpzinstall.log
3 fichier(s) 2 614 octets
30 Rép(s) 230 998 372 352 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 4484-CD23

Répertoire de C:\Documents and Settings\Default User\Application Data

06/04/2007 07:25 <REP> .
06/04/2007 07:25 <REP> ..
15/11/2005 03:23 <REP> Identities
15/11/2005 03:23 <REP> Microsoft
05/04/2007 23:40 <REP> Real
10/10/2005 14:24 62 desktop.ini
1 fichier(s) 62 octets
5 Rép(s) 230 997 979 136 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 4484-CD23

Répertoire de C:\Documents and Settings\Default User\Local Settings\Application Data

15/11/2005 03:23 <REP> .
15/11/2005 03:23 <REP> ..
05/04/2007 23:40 <REP> {3248F0A6-6813-11D6-A77B-00B0D0150060}
05/04/2007 23:40 <REP> ApplicationHistory
15/11/2005 03:23 <REP> Microsoft
05/04/2007 23:40 137 fusioncache.dat
05/04/2007 23:40 2 003 318 IconCache.db
2 fichier(s) 2 003 455 octets
5 Rép(s) 230 997 504 000 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 4484-CD23

Répertoire de C:\Documents and Settings\HP_Administrateur\Application Data

05/04/2007 23:41 <REP> .
05/04/2007 23:41 <REP> ..
29/08/2007 20:41 <REP> .BitTornado
11/04/2007 17:45 <REP> Adobe
11/04/2007 16:56 <REP> Ahead
15/09/2007 16:45 <REP> ArcSoft
31/05/2007 19:06 <REP> Azureus
17/10/2007 18:31 <REP> BitTorrent
20/09/2007 20:34 <REP> Camfrog
08/04/2007 10:37 <REP> Canon
13/06/2007 19:41 <REP> CyberLink
26/09/2007 08:16 <REP> DonationCoder
06/04/2007 16:22 <REP> For Exit List
11/04/2007 13:29 <REP> Google
06/07/2007 10:05 <REP> Help
06/04/2007 00:03 <REP> HP
06/04/2007 16:06 <REP> HPQ
05/04/2007 23:41 <REP> Identities
06/04/2007 20:42 <REP> Image Zone Express
05/08/2007 11:35 <REP> InstallShield
16/05/2007 13:21 <REP> kctmon
18/06/2007 22:08 <REP> Lavasoft
14/04/2007 14:45 <REP> Leadertech
06/04/2007 16:03 <REP> Logitech
06/04/2007 16:08 <REP> Macromedia
06/04/2007 19:25 <REP> MediaLife
05/04/2007 23:41 <REP> Microsoft
23/05/2007 21:43 <REP> Nero
06/04/2007 20:45 <REP> Nikon
05/08/2007 11:37 <REP> Panasonic
02/09/2007 20:07 <REP> Printer Info Cache
05/04/2007 23:41 <REP> Real
08/04/2007 10:10 <REP> ScanSoft
25/05/2007 08:22 <REP> SlySoft
14/04/2007 14:45 <REP> Sonic
11/04/2007 18:53 <REP> Sun
03/05/2007 16:27 <REP> TuneUp Software
10/08/2007 10:53 <REP> vlc
11/04/2007 14:08 <REP> Windows Desktop Search
10/07/2007 19:13 <REP> ???????sAppData
05/04/2007 23:42 62 desktop.ini
18/09/2007 19:36 187 G-Force Prefs (WindowsMediaPlayer).txt
2 fichier(s) 249 octets
40 Rép(s) 230 997 504 000 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 4484-CD23

Répertoire de C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data

05/04/2007 23:41 <REP> .
05/04/2007 23:41 <REP> ..
05/04/2007 23:41 <REP> {3248F0A6-6813-11D6-A77B-00B0D0150060}
11/04/2007 17:38 <REP> Adobe
11/04/2007 17:00 <REP> Ahead
05/04/2007 23:41 <REP> ApplicationHistory
13/06/2007 19:41 <REP> DVDPlay
11/04/2007 13:29 <REP> Google
06/07/2007 10:05 <REP> Help
06/04/2007 00:03 <REP> HP
11/04/2007 14:08 <REP> Identities
06/04/2007 00:03 <REP> IsolatedStorage
06/04/2007 16:03 <REP> MediaLife
05/04/2007 23:41 <REP> Microsoft
06/04/2007 20:23 <REP> Microsoft Help
23/05/2007 21:33 <REP> MicroVision Applications
12/04/2007 09:11 <REP> PCHealth
16/09/2007 09:11 <REP> Pixology
06/04/2007 00:01 33 792 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
26/09/2007 08:16 58 DonationCoder_ScreenshotCaptor_InstallInfo.dat
05/04/2007 23:42 140 fusioncache.dat
06/04/2007 00:03 112 464 GDIPFONTCACHEV1.DAT
05/04/2007 23:42 2 643 914 IconCache.db
5 fichier(s) 2 790 368 octets
18 Rép(s) 230 997 368 832 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 4484-CD23

Répertoire de C:\Documents and Settings\LocalService\Application Data

02/01/2006 08:13 <REP> .
02/01/2006 08:13 <REP> ..
02/01/2006 08:13 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 230 997 106 688 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 4484-CD23

Répertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data

02/01/2006 08:13 <REP> .
02/01/2006 08:13 <REP> ..
12/04/2007 20:11 <REP> Adobe
02/01/2006 08:13 <REP> Microsoft
0 fichier(s) 0 octets
4 Rép(s) 230 997 106 688 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 4484-CD23

Répertoire de C:\Documents and Settings\NetworkService\Application Data

02/01/2006 08:13 <REP> .
02/01/2006 08:13 <REP> ..
02/01/2006 08:13 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 230 996 910 080 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 4484-CD23

Répertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data

02/01/2006 08:13 <REP> .
02/01/2006 08:13 <REP> ..
02/01/2006 08:13 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 230 996 844 544 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 4484-CD23

Répertoire de C:\WINDOWS\system32\config\systemprofile\Application Data

06/04/2007 07:20 <REP> .
06/04/2007 07:20 <REP> ..
15/11/2005 03:59 <REP> Identities
15/11/2005 03:59 <REP> Microsoft
05/04/2007 23:40 <REP> Real
05/04/2007 23:40 <REP> Symantec
10/10/2005 14:24 62 desktop.ini
1 fichier(s) 62 octets
6 Rép(s) 230 996 713 472 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 4484-CD23

Répertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data

15/11/2005 03:59 <REP> .
15/11/2005 03:59 <REP> ..
05/04/2007 23:40 <REP> {3248F0A6-6813-11D6-A77B-00B0D0150060}
05/04/2007 23:40 <REP> ApplicationHistory
15/11/2005 03:59 <REP> Microsoft
05/04/2007 23:40 137 fusioncache.dat
05/04/2007 23:40 2 003 318 IconCache.db
2 fichier(s) 2 003 455 octets
5 Rép(s) 230 996 164 608 octets libres

******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks

C:\WINDOWS\Tasks\Maintenance
Maintenance inexploitable

C:\WINDOWS\Tasks\Vérifier
Vérifier inexploitable

******************************************
## Répertoires de C:\Program Files

Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 4484-CD23

Répertoire de C:\Program Files

28/10/2007 12:08 <REP> .
28/10/2007 12:08 <REP> ..
06/04/2007 21:06 <REP> 3Planesoft Screensaver Manager
25/04/2007 22:00 <REP> 7-Zip
12/08/2007 16:54 <REP> Activision Value
08/06/2007 08:54 <REP> Adobe
06/04/2007 20:43 <REP> ArcSoft
28/10/2007 12:10 <REP> BitComet
20/04/2007 19:47 <REP> Bright Bug Software
03/10/2007 13:31 <REP> Canon
12/08/2007 16:25 <REP> CENEGA
15/09/2007 21:38 <REP> Codemasters
06/04/2007 16:03 <REP> CyberLink
21/09/2007 19:04 <REP> Digital Photo Recovery
02/01/2006 08:53 <REP> DivX
10/04/2007 16:16 <REP> EA GAMES
22/06/2007 07:41 <REP> Elaborate Bytes
26/10/2007 09:28 <REP> ESET
15/09/2007 16:39 <REP> Fichiers communs
25/10/2007 19:43 <REP> GemMasterFrench
24/09/2007 09:50 <REP> Google
02/01/2006 09:06 <REP> Hewlett-Packard
11/04/2007 14:29 <REP> HP
02/01/2006 08:47 <REP> HP DigitalMedia Archive
06/04/2007 20:56 <REP> iColorFolder
12/08/2007 16:38 <REP> Interactive Vision
10/10/2007 02:13 <REP> Internet Explorer
12/05/2007 11:53 <REP> IrfanView
05/10/2007 16:34 <REP> Java
10/07/2007 20:04 <REP> Lavasoft
15/09/2007 16:37 <REP> Logitech
02/01/2006 08:39 <REP> MainConcept
06/04/2007 21:33 <REP> Messenger
02/10/2007 15:51 <REP> Mgutil
05/05/2007 11:50 <REP> Micro Application
10/05/2007 08:38 <REP> Microsoft CAPICOM 2.1.0.2
15/11/2005 03:24 <REP> microsoft frontpage
26/04/2007 21:09 <REP> Microsoft Office
26/04/2007 21:08 <REP> Microsoft Visual Studio
26/04/2007 21:09 <REP> Microsoft Works
26/04/2007 21:08 <REP> Microsoft.NET
11/10/2007 20:00 <REP> MotoGP2
25/10/2007 20:46 <REP> Movie Collection
15/11/2005 03:24 <REP> Movie Maker
26/04/2007 21:09 <REP> MSBuild
04/07/2007 19:43 <REP> MSN
15/11/2005 03:25 <REP> MSN Gaming Zone
28/10/2007 11:58 <REP> MSN Messenger
06/04/2007 00:12 <REP> MSXML 4.0
02/01/2006 08:52 <REP> muvee Technologies
11/04/2007 16:54 <REP> Nero
15/11/2005 03:25 <REP> NetMeeting
10/08/2007 10:49 <REP> Neuf
06/04/2007 20:45 <REP> Nikon
15/11/2005 03:25 <REP> Online Services
13/06/2007 18:08 <REP> Outlook Express
05/08/2007 11:36 <REP> Panasonic
10/10/2007 10:51 <REP> PC-Doctor 5 for Windows
15/09/2007 16:38 <REP> Philips
27/08/2007 21:40 <REP> Picasa2
12/04/2007 11:21 <REP> PowerpointImageExtractor_V1_2
10/04/2007 20:19 <REP> Prolific Publishing, Inc
06/04/2007 20:44 <REP> QuickTime
02/01/2006 08:46 <REP> Real
08/04/2007 10:10 <REP> ScanSoft
10/04/2007 20:23 <REP> SereneScreen
02/01/2006 09:08 <REP> Services en ligne
25/05/2007 08:18 <REP> SlySoft
02/01/2006 08:48 <REP> Sonic
27/08/2007 21:30 <REP> Spybot - Search & Destroy
06/04/2007 21:06 <REP> The Lost Watch 3D Screensaver
16/10/2007 19:44 <REP> TuneUp Utilities 2007
04/09/2007 14:33 <REP> Ubisoft
06/04/2007 20:57 <REP> VisualTaskTips
11/04/2007 14:05 <REP> Windows Desktop Search
01/06/2007 11:00 <REP> Windows Live Toolbar
19/04/2007 21:07 <REP> Windows Media Connect 2
18/09/2007 19:43 <REP> Windows Media Player
15/11/2005 03:25 <REP> Windows NT
15/11/2005 03:25 <REP> Windows Plus
11/07/2007 20:02 <REP> WinRAR
12/04/2007 18:52 <REP> WinZip
15/11/2005 03:26 <REP> xerox
22/09/2007 11:57 <REP> Yahoo!
0 fichier(s) 0 octets
84 Rép(s) 230 994 378 752 octets libres

******************************************
## Popups autorisées

* Internet Explorer

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow

* Mozilla Firefox (1 autorisé 2 interdit)

******************************************
## Registre

* [HKEY_CURRENT_USER\\Software\Microsoft\Internet Explorer\Main]
Search Bar REG_SZ https://actus.sfr.fr

* [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Copykeep REG_SZ C:\DOCUME~1\HP_ADM~1\APPLIC~1\FOREXI~1\scrprocshow.exe

******************************************
## Zones de sécurité

* HKCU Domains (4)

* P3P History (5)

******************************************
## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif"

Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 4484-CD23

Répertoire de C:\WINDOWS

16/11/2004 14:27 7 677 The Lost Watch 3D Screensaver.html
1 fichier(s) 7 677 octets
0 Rép(s) 230 986 592 256 octets libres

*************** Fin du rapport ****************
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 22
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Re,

1/
* Imprime ceci.
* Télécharge Brute Force Uninstaller (de Merijn) : http://www.merijn.org/files/bfu.zip
* Créé un nouveau dossier directement sur le C:\ et nomme-le BFU.
* Décompresse le fichier téléchargé dans ce nouveau dossier au moyen d'un clic droit (Extraire vers...C:\BFU).
* Ouvre le bloc-note de windows.
* Copie-colle ces lignes dans la fenêtre du bloc-note :

OptionUnloadShell

Processkill \scrprocshow.exe|1

RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Copykeep

FolderDelete %ALLUSERSAPPDATA%\browse peak mess bore
FolderDelete %ALLUSERSAPPDATA%\part dead amok eggs
FolderDelete %APPDATA%\For Exit List

SystemEmptyTempFolder
SystemEmptyInternetCache
SystemEmptyRecycleBin

* Enregistre le fichier sur le bureau en fix.txt
* Fais un clic droit sur ce fichier, choisis Renommer et dans la case, indique le nom fix.BFU.
* Déplace-le dans le même dossier que Brute Force Uninstaller soit dans c:\BFU
* Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : fix.bfu et BFU.exe (très important).
* Redémarre en mode Sans Échec : au redémarrage, tapote immédiatement la touche F8 (ou F5); tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.
* Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU).
* Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur : fix.bfu.
* Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\fix.bfu
* Clique sur Execute et laisse-le faire son travail.
* Attendre que Complete script execution apparaîsse et clique sur OK.
* Clique Exit pour fermer le programme BFU.
* Redémarre normalement ton PC.

2/ * Télécharge sur ton bureau RHosts (Merci à S!ri) disponible ici : http://siri.urz.free.fr/Softs/RHosts.exe
* Double-clique sur Rhosts.exe et clique sur "restaurer".

Edite aussi un nouveau rapport HIjackthis.

FillPCA
0
Réponse 6 / 22
thierry54 Messages postés 38 Statut Membre 4
 
re

je suis aller jusqu'au mode sans echec mais des que je valide mode sans echec j'ai un ecran noir et puis plus moyen d'aller plus loin
y a t'il une autre solution
merci
0
Réponse 7 / 22
thierry54 Messages postés 38 Statut Membre 4
 
voici un nouveau rapport mais je ne sais pas si ca a changer quelque chose

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51:48, on 28/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\program files\fichiers communs\installshield\updateservice\issch.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\BitComet\tools\CometBrowser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MediaLifeService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [rkfree] "C:\Program Files\RKFree\rkfree.exe" /b
O4 - HKLM\..\Run: [ISUSScheduler] "c:\program files\fichiers communs\installshield\updateservice\issch.exe" -start
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [Copykeep] C:\DOCUME~1\HP_ADM~1\APPLIC~1\FOREXI~1\scrprocshow.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bw+0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {8FE7E0A6-C4BA-43D0-8792-3D296C01D2C0} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
0
Réponse 8 / 22
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Bonsoir,

1/ Ouvre Hijackthis>"Do a scan only" et coche ceci :
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\program files\fichiers communs\installshield\updateservice\issch.exe" -start
O4 - HKLM\..\RunOnce: [MessengerPlusLiveUninstall] "C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\MsgPlusUninstall.exe" /Cleanup
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [Copykeep] C:\DOCUME~1\HP_ADM~1\APPLIC~1\FOREXI~1\scrprocshow.exe
Toutes les lignes 18

2/ * Télécharge OTMoveIt (de Old_Timer) sur ton bureau : http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
* Double-clique sur OTMoveIt.exe pour lancer le programme,
* Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste List Of Files/Folders to be moved" :

C:\Documents and Settings\All Users\Application Data\browse peak mess bore
C:\Documents and Settings\All Users\Application Data\part dead amok eggs
C:\Documents and Settings\HP_Administrateur\Application Data\For Exit List

* Clique sur MoveIt! pour lancer la suppression,
* Le résultat appraraîtra dans le cadre Results.
* Clique sur Exit pour fermer le programme.
* Poste le rapport qui est situé ici : C:\\\_OTMoveIt\MovedFiles
* Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

3: * Télécharge sur ton bureau RHosts (Merci à S!ri) disponible ici : http://siri.urz.free.fr/Softs/RHosts.exe
* Double-clique sur Rhosts.exe et clique sur "restaurer".

4/ Edite le rapport OTMOVeIt et un nouveau rapport Hijackthis.

FillPCA
0
Réponse 9 / 22
thierry54 Messages postés 38 Statut Membre 4
 
bonsoir
voici le 1er rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:38:05, on 28/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MediaLifeService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [rkfree] "C:\Program Files\RKFree\rkfree.exe" /b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
0
Réponse 10 / 22
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Re,

1/ * Ouvrir l'explorateur windows (Démarrer>programmes>Accessoires>Explorateur windows ou Démarrer>programmes>Explorateur windows).
* Cliquer sur outils>options des dossiers>affichage.
* Sélectionner :
o afficher les fichiers et dossiers cachés,
o décocher "masquer les extensions des fichiers dont le type est connu",
o décocher masquer les fichiers protégés du système d'exploitation (recommandé)".

* "appliquer" et "ok"

2/ * Peux-tu tester ceci : C:\Program Files\RKFree\rkfree.exe
* Clique sur ce lien : http://www.virustotal.com/en/indexf.html
* Clique sur parcourir et indique le chemin du fichier que j’ai désigné.
* Clique sur send. Au bout de quelques minutes, un rapport est généré. Poste-le dans ta prochaine réponse.

Edite ce rapport et dis-moi si tu as toujours des pubs.

FillPCA
0
Réponse 11 / 22
thierry54 Messages postés 38 Statut Membre 4
 
voici ce que ca m'a donner
je trouve que ca ete tres rapide et ce ca que tu attendait

0 bytes size received / Se ha recibido un archivo vacio
0
Réponse 12 / 22
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Re,

Peux-tu recommencer avec cette adresse : http://virusscan.jotti.org/fr/

FillPCA
0
Réponse 13 / 22
thierry54 Messages postés 38 Statut Membre 4
 
re

meme chose je pense

The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file

j'ai surfer un peut et pas de pubs pour le moment
je croise les doigts
0
Réponse 14 / 22
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Re,

Connais-tu ce programme nommé RKfree ?

1/ Télécharge Ccleaner Basic https://www.ccleaner.com/ccleaner/download

Ouvre Ccleaner, clique sur "lancer le nettoyage".

2/ Télécharge AVGantispyware : https://www.avg.com/en-ww/free-antivirus-download
Tu l'installes.
Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente.

Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas. Ensuite.
Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.

3/ * Fais un scan en ligne en cliquant ici : http://assiste.com.free.fr/...
* Choisis Kaspersky.
* Tu dois réaliser le scan en utilisant Internet explorer. Une information apparait en haut, près de la barre d'état. Tu dois accepter et installer l'activeX proposé. La mise à jour de l'antivirus se lance.
* Réalise un scan complet du système.
* Sauvegarde le rapport en mode texte à l'issue du scan.

4/ Edite le rapport AVGantispyware, le rapport Kaspersky et un nouveau rapport Hijackthis.

FillPCA
0
thierry54 Messages postés 38 Statut Membre 4
 
bonjour

pour la premiere question que tu me demande le programme a ete supprimer ca s'appelle revealver keylogger une surveillance clavier
pour le reste desoler de ne repondre que maintenant mais les analyses sont longues et je rentre a l'instant du boulot
voici mes deux rapports commme tu l'a demander


---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 05:14:13 29/10/2007

+ Résultat de l'analyse:



Rien à signaler.



Fin du rapport





-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, October 29, 2007 1:28:08 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/10/2007
Kaspersky Anti-Virus database records: 447912
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 216204
Number of viruses found: 5
Number of infected objects: 137
Number of suspicious objects: 0
Duration of the scan process: 05:01:40

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.19.Crwl Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.19.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.ci Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wsb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy21.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_9e8.dat Object is locked skipped
C:\Documents and Settings\All Users\Documents\TV enregistrée\TempRec\TempSBE\MSDVRMM_1149553955_3735552_87701 Object is locked skipped
C:\Documents and Settings\All Users\Documents\TV enregistrée\TempRec\TempSBE\MSDVRMM_1149553955_4849664_87704 Object is locked skipped
C:\Documents and Settings\All Users\Documents\TV enregistrée\TempRec\TempSBE\SBE3.tmp Object is locked skipped
C:\Documents and Settings\All Users\Documents\TV enregistrée\TempRec\TempSBE\SBE4.tmp Object is locked skipped
C:\Documents and Settings\All Users\Documents\TV enregistrée\TempRec\{0302AD6A-7B9D-4378-9398-7F4AFABEC71D}.TmpSBE Object is locked skipped
C:\Documents and Settings\All Users\Documents\TV enregistrée\TempRec\{51F95F2E-5A6B-4EB9-9544-643441E04ACA}.TmpSBE Object is locked skipped
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\HP_Administrateur\Application Data\Microsoft\Outlook\Outlook.NK2 Object is locked skipped
C:\Documents and Settings\HP_Administrateur\Application Data\Microsoft\Outlook\Outlook.srs Object is locked skipped
C:\Documents and Settings\HP_Administrateur\Application Data\Microsoft\Templates\NormalEmail.dotm Object is locked skipped
C:\Documents and Settings\HP_Administrateur\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Feeds\Flux RSS 01net~\01net - Nouveautés Téléchargerments~.feed-ms Object is locked skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Feeds\Flux RSS 01net~\01net~d Actualités produits~.feed-ms Object is locked skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Feeds\Flux RSS 01net~\01net~d Actualités~.feed-ms Object is locked skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Feeds\Flux RSS 01net~\01net~d Actus PodCast~.feed-ms Object is locked skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Feeds\Flux RSS 01net~\01net~d Entreprise~.feed-ms Object is locked skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Feeds\Flux RSS 01net~\01net~d Tests produits~.feed-ms Object is locked skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Feeds\Flux RSS 01net~\01net~d Top Téléchargements~.feed-ms Object is locked skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Outlook\archive.pst Object is locked skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Object is locked skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Outlook\~archive.pst.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Outlook\~Outlook.pst.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Historique\History.IE5\MSHist012007102820071029\index.dat Object is locked skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Historique\History.IE5\MSHist012007102920071030\index.dat Object is locked skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\Perflib_Perfdata_1f4.dat Object is locked skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\sta173B.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\sta2BF.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\sta415D.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\sta4160.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\sta7AF.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~DFB799.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~DFB7B5.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~DFB82B.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~DFB88A.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~DFB94D.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~DFB966.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~DFB9B1.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~DFB9C4.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~DFB9EC.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~DFBA49.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~DFBACB.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~DFBB15.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~DFBBAB.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~DFBBB8.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~DFC4C9.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~DFE0BE.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~DFE0CB.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.Word\~WRS{6903F0C3-E9CB-445B-AD7C-22595985E34B}.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.Word\~WRS{A33F550D-48B0-4096-9940-9D7B2F0E2E95}.tmp Object is locked skipped
C:\Documents and Settings\HP_Administrateur\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\HP_Administrateur\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Downloads\CSI Miami 5x21 [HDTV-DVB] [www.torrentspain.com].avi.bc! Object is locked skipped
C:\Downloads\Les experts Las Vegas S2 1ere partie\Les Experts 2x01 - Une Mort Étoufée.avi.avi.bc! Object is locked skipped
C:\Downloads\Les experts Las Vegas S2 1ere partie\Les Experts 2x02 - Victime Sans Coupable.avi.bc! Object is locked skipped
C:\Downloads\Les experts Las Vegas S2 1ere partie\Les Experts 2x03 - Regression Mortelle.avi.bc! Object is locked skipped
C:\Downloads\Les experts Las Vegas S2 1ere partie\Les Experts 2x04 - Un tyran dans les rangs.AVI.bc! Object is locked skipped
C:\Downloads\Les experts Las Vegas S2 1ere partie\Les Experts 2x05 - Permis de demolir.AVI.bc! Object is locked skipped
C:\Downloads\Les experts Las Vegas S2 1ere partie\Les Experts 2x06 - Faux coupable.AVI.bc! Object is locked skipped
C:\Downloads\Les experts Las Vegas S2 1ere partie\Les Experts 2x07 - A Livre Ouvert.avi.bc! Object is locked skipped
C:\Downloads\Les experts Las Vegas S2 1ere partie\Les Experts 2x08 - Le charme secret du fetichisme.AVI.bc! Object is locked skipped
C:\Downloads\Les experts Las Vegas S2 1ere partie\Les Experts 2x09 - Droles De Braqueuses.avi.bc! Object is locked skipped
C:\Downloads\Les experts Las Vegas S2 1ere partie\Les Experts 2x10 - Faux Semblants.avi.bc! Object is locked skipped
C:\Downloads\Les experts Las Vegas S2 1ere partie\Les Experts 2x11 - C'est Pas Moi, C'Est Elle.avi.bc! Object is locked skipped
C:\Downloads\Les experts Las Vegas S2 1ere partie\Les Experts 2x12 - Des fleurs mortes.AVI.bc! Object is locked skipped
C:\Downloads\Les experts Las Vegas S2 2eme partie\Les Experts 2x13 - Le juge etait presque parfait.avi.bc! Object is locked skipped
C:\Downloads\Les experts Las Vegas S2 2eme partie\Les Experts 2x14 - Un doigt de verite.avi.bc! Object is locked skipped
C:\Downloads\Les experts Las Vegas S2 2eme partie\Les Experts 2x15 - Ecran de fumee.avi.bc! Object is locked skipped
C:\Downloads\Les experts Las Vegas S2 2eme partie\Les Experts 2x17 - Le troisieme oeil.avi.bc! Object is locked skipped
C:\Downloads\Les experts Las Vegas S2 2eme partie\Les Experts 2x18 - La roue du destin.avi.bc! Object is locked skipped
C:\Downloads\Les experts Las Vegas S2 2eme partie\Les Experts 2x19 - Service a domicile.avi.bc! Object is locked skipped
C:\Downloads\Les experts Las Vegas S2 2eme partie\Les Experts 2x20 -De si jolis chatons.avi.bc! Object is locked skipped
C:\Downloads\Les experts Las Vegas S2 2eme partie\Les Experts 2x21 - La place du mort.avi.bc! Object is locked skipped
C:\Downloads\Les experts Las Vegas S2 2eme partie\Les Experts 2x22 - La mort dans tous ses etats.avi.bc! Object is locked skipped
C:\Downloads\Les experts Las Vegas S2 2eme partie\Les Experts 2x23 - Soeurs Ennemies.avi.bc! Object is locked skipped
C:\Downloads\Santana - The Ultimate Collection [Disc 1](FLAC)(EAC )(CUE)(LOG)(oan)\Santana\The Ultimate Collection [Disc 1]01 - Jin Go La Ba.flac.bc! Object is locked skipped
C:\Downloads\Santana - The Ultimate Collection [Disc 1](FLAC)(EAC )(CUE)(LOG)(oan)\Santana\The Ultimate Collection [Disc 1]02 - Evil Ways.flac.bc! Object is locked skipped
C:\Downloads\Santana - The Ultimate Collection [Disc 1](FLAC)(EAC )(CUE)(LOG)(oan)\Santana\The Ultimate Collection [Disc 1]03 - Soul Sacrifice.flac.bc! Object is locked skipped
C:\Downloads\Santana - The Ultimate Collection [Disc 1](FLAC)(EAC )(CUE)(LOG)(oan)\Santana\The Ultimate Collection [Disc 1]04 - Black Magic Woman.flac.bc! Object is locked skipped
C:\Downloads\Santana - The Ultimate Collection [Disc 1](FLAC)(EAC )(CUE)(LOG)(oan)\Santana\The Ultimate Collection [Disc 1]05 - Oye Como Va.flac.bc! Object is locked skipped
C:\Downloads\Santana - The Ultimate Collection [Disc 1](FLAC)(EAC )(CUE)(LOG)(oan)\Santana\The Ultimate Collection [Disc 1]06 - Se A Cabo.flac.bc! Object is locked skipped
C:\Downloads\Santana - The Ultimate Collection [Disc 1](FLAC)(EAC )(CUE)(LOG)(oan)\Santana\The Ultimate Collection [Disc 1]07 - Samba Pa Ti.flac.bc! Object is locked skipped
C:\Downloads\Santana - The Ultimate Collection [Disc 1](FLAC)(EAC )(CUE)(LOG)(oan)\Santana\The Ultimate Collection [Disc 1]08 - Everybody's Everything.flac.bc! Object is locked skipped
C:\Downloads\Santana - The Ultimate Collection [Disc 1](FLAC)(EAC )(CUE)(LOG)(oan)\Santana\The Ultimate Collection [Disc 1]09 - No One To Depend On.flac.bc! Object is locked skipped
C:\Downloads\Santana - The Ultimate Collection [Disc 1](FLAC)(EAC )(CUE)(LOG)(oan)\Santana\The Ultimate Collection [Disc 1]10 - Guajira.flac.bc! Object is locked skipped
C:\Downloads\Santana - The Ultimate Collection [Disc 1](FLAC)(EAC )(CUE)(LOG)(oan)\Santana\The Ultimate Collection [Disc 1]11 - Para Los Rumberos.flac.bc! Object is locked skipped
C:\Downloads\Santana - The Ultimate Collection [Disc 1](FLAC)(EAC )(CUE)(LOG)(oan)\Santana\The Ultimate Collection [Disc 1]12 - La Fuente Del Ritmo.flac.bc! Object is locked skipped
C:\Downloads\Santana - The Ultimate Collection [Disc 1](FLAC)(EAC )(CUE)(LOG)(oan)\Santana\The Ultimate Collection [Disc 1]13 - Song Of The Wind.flac.bc! Object is locked skipped
C:\Downloads\Santana - The Ultimate Collection [Disc 1](FLAC)(EAC )(CUE)(LOG)(oan)\Santana\The Ultimate Collection [Disc 1]14 - Love, Devotion & Surrender.flac.bc! Object is locked skipped
C:\Downloads\Santana - The Ultimate Collection [Disc 1](FLAC)(EAC )(CUE)(LOG)(oan)\Santana\The Ultimate Collection [Disc 1]15 - Mirage.flac.bc! Object is locked skipped
C:\Downloads\Santana - The Ultimate Collection [Disc 1](FLAC)(EAC )(CUE)(LOG)(oan)\Santana\The Ultimate Collection [Disc 1]16 - Europa.flac.bc! Object is locked skipped
C:\Downloads\Santana - The Ultimate Collection [Disc 1](FLAC)(EAC )(CUE)(LOG)(oan)\Santana\The Ultimate Collection [Disc 1]17 - Dance Sister Dance.flac.bc! Object is locked skipped
C:\Downloads\Santana - The Ultimate Collection [Disc 1](FLAC)(EAC )(CUE)(LOG)(oan)\Santana\The Ultimate Collection [Disc 1]18 - Carnaval.flac.bc! Object is locked skipped
C:\Downloads\Santana - The Ultimate Collection [Disc 1](FLAC)(EAC )(CUE)(LOG)(oan)\Santana\The Ultimate Collection [Disc 1]19 - Let The Children Play.flac.bc! Object is locked skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\Program Files\Fichiers communs\SPC500NC\Mionet\install.exe/cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
C:\Program Files\Fichiers communs\SPC500NC\Mionet\install.exe CreateInstall: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP149\A0040105.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP149\A0040106.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP149\A0040107.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP184\A0043901.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP184\A0043903.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP188\A0047134.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP203\A0050460.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP203\A0050461.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP203\A0050462.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP203\A0050463.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP203\A0050464.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP204\A0050475.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP204\A0050486.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP205\A0050507.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP205\A0050553.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP206\A0050562.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP206\A0050575.exe Infected: not-a-virus:Monitor.Win32.RevealerKeylogger.a skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP206\A0050590.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP206\A0050591.exe Infected: not-a-virus:Monitor.Win32.RevealerKeylogger.a skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP206\A0050593.exe Infected: not-a-virus:Monitor.Win32.RevealerKeylogger.a skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP207\A0050606.exe Infected: not-a-virus:Monitor.Win32.RevealerKeylogger.a skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP207\A0050738.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP207\A0050780.exe Infected: not-a-virus:Monitor.Win32.RevealerKeylogger.a skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP208\A0050783.exe Infected: not-a-virus:Monitor.Win32.RevealerKeylogger.a skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP208\A0050818.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP208\A0050819.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP208\A0050820.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP208\A0050821.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP208\A0050822.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP208\A0050823.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP209\A0050826.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP209\A0050827.exe Infected: not-a-virus:Monitor.Win32.RevealerKeylogger.a skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP210\A0050844.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP210\A0050862.exe Infected: not-a-virus:Monitor.Win32.RevealerKeylogger.a skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP210\A0050875.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP211\A0050892.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP211\A0051874.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP211\A0051887.exe Infected: not-a-virus:Monitor.Win32.RevealerKeylogger.a skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP212\A0052008.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP212\A0052009.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP212\A0052010.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP212\A0052011.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP212\A0052012.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP212\A0052016.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP212\A0052048.exe Infected: not-a-virus:Monitor.Win32.RevealerKeylogger.a skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP213\A0052077.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP213\A0052094.exe Infected: not-a-virus:Monitor.Win32.RevealerKeylogger.a skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP214\A0052113.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP215\A0052210.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP215\A0052216.exe Infected: not-a-virus:Monitor.Win32.RevealerKeylogger.a skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP215\A0052246.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP215\A0052257.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP215\A0052275.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP216\A0052280.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP216\A0052295.exe Infected: not-a-virus:Monitor.Win32.RevealerKeylogger.a skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP216\A0052357.exe/Ofb1.exe Infected: not-a-virus:AdWare.Win32.BHO.ee skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP216\A0052357.exe/OFoxInstaller_s.exe Infected: not-a-virus:AdWare.Win32.BHO.ee skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP216\A0052357.exe InstallCreator: infected - 2 skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP216\A0052357.exe UPX: infected - 2 skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP216\A0052358.exe/Ofb1.exe Infected: not-a-virus:AdWare.Win32.BHO.ee skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP216\A0052358.exe/OFoxInstaller_s.exe Infected: not-a-virus:AdWare.Win32.BHO.ee skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP216\A0052358.exe InstallCreator: infected - 2 skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP216\A0052358.exe UPX: infected - 2 skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP216\A0052359.exe/Ofb1.exe Infected: not-a-virus:AdWare.Win32.BHO.ee skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP216\A0052359.exe/OFoxInstaller_s.exe Infected: not-a-virus:AdWare.Win32.BHO.ee skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP216\A0052359.exe InstallCreator: infected - 2 skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP216\A0052359.exe UPX: infected - 2 skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP216\A0052396.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP217\A0052555.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP217\A0052559.exe Infected: not-a-virus:Monitor.Win32.RevealerKeylogger.a skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP218\A0052619.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP219\A0052623.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP219\A0052636.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP219\A0052672.exe Infected: not-a-virus:Monitor.Win32.RevealerKeylogger.a skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP220\A0052675.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP220\A0052693.exe Infected: not-a-virus:Monitor.Win32.RevealerKeylogger.a skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP221\A0052721.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP221\A0052731.exe Infected: not-a-virus:Monitor.Win32.RevealerKeylogger.a skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP221\A0052743.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP221\A0052786.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP221\A0052791.exe Infected: not-a-virus:Monitor.Win32.RevealerKeylogger.a skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP221\A0052820.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP222\A0052841.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP222\A0052903.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP222\A0052947.exe Infected: not-a-virus:Monitor.Win32.RevealerKeylogger.a skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP223\A0052958.exe Infected: not-a-virus:Monitor.Win32.RevealerKeylogger.a skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP223\A0052961.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP223\A0052999.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP224\A0053005.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP225\A0053057.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP226\A0053106.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP226\A0053119.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP227\A0053125.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP227\A0053137.exe Infected: not-a-virus:Monitor.Win32.RevealerKeylogger.a skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP227\A0053149.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP227\A0053162.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP227\A0053165.exe Infected: not-a-virus:Monitor.Win32.RevealerKeylogger.a skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP228\A0053245.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP228\A0053247.exe Infected: not-a-virus:Monitor.Win32.RevealerKeylogger.a skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP229\A0053259.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP229\A0053277.exe Infected: not-a-virus:Monitor.Win32.RevealerKeylogger.a skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP229\A0053299.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP229\A0053305.exe Infected: not-a-virus:Monitor.Win32.RevealerKeylogger.a skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP230\A0053429.exe Infected: not-a-virus:Monitor.Win32.RevealerKeylogger.a skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP230\A0053458.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP230\A0053466.exe Infected: not-a-virus:Monitor.Win32.RevealerKeylogger.a skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP231\A0053514.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP231\A0053543.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP232\A0053598.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP232\A0053611.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP232\A0053674.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP232\A0053691.exe Infected: not-a-virus:Monitor.Win32.RevealerKeylogger.a skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP232\A0053729.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP232\A0053889.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP233\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{3AC9399F-1C14-41B2-8C62-8C30A4CA0547}.crmlog Object is locked skipped
C:\WINDOWS\SCE7596E5.tmp Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{401BB23A-E471-4C1B-9232-4ACB52282B6B}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\The Lost Watch.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_934.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\Documents and Settings\All Users\Application Data\browse peak mess bore\GramBore.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\_OTMoveIt\MovedFiles\Documents and Settings\All Users\Application Data\browse peak mess bore\option01.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\_OTMoveIt\MovedFiles\Documents and Settings\All Users\Application Data\part dead amok eggs\gram start.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\_OTMoveIt\MovedFiles\Documents and Settings\All Users\Application Data\part dead amok eggs\mfcd new.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\_OTMoveIt\MovedFiles\Documents and Settings\HP_Administrateur\Application Data\For Exit List\19615.del Infected: Trojan.Win32.Obfuscated.en skipped
C:\_OTMoveIt\MovedFiles\Documents and Settings\HP_Administrateur\Application Data\For Exit List\ckmksgxm.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\_OTMoveIt\MovedFiles\Documents and Settings\HP_Administrateur\Application Data\For Exit List\cliawzjf.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\_OTMoveIt\MovedFiles\Documents and Settings\HP_Administrateur\Application Data\For Exit List\Extra seek readme.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\_OTMoveIt\MovedFiles\Documents and Settings\HP_Administrateur\Application Data\For Exit List\osxbcjdc.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\_OTMoveIt\MovedFiles\Documents and Settings\HP_Administrateur\Application Data\For Exit List\Platform dash new inside.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\_OTMoveIt\MovedFiles\Documents and Settings\HP_Administrateur\Application Data\For Exit List\plvlrwqq.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\_OTMoveIt\MovedFiles\Documents and Settings\HP_Administrateur\Application Data\For Exit List\pxbijpbr.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\_OTMoveIt\MovedFiles\Documents and Settings\HP_Administrateur\Application Data\For Exit List\scrprocshow.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\_OTMoveIt\MovedFiles\Documents and Settings\HP_Administrateur\Application Data\For Exit List\wnwftglt.exe Infected: Trojan.Win32.Obfuscated.en skipped
D:\A CLASSER\Nero-7.8.5.0 eng\Nero-7.8.5.0 eng.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
D:\A CLASSER\Nero-7.8.5.0 eng\Nero-7.8.5.0 eng.exe RAR: infected - 1 skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
0
Réponse 15 / 22
thierry54 Messages postés 38 Statut Membre 4
 
et voici le rapport Hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:39:52, on 29/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MediaLifeService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [rkfree] "C:\Program Files\RKFree\rkfree.exe" /b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebscan_unicode.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
0
Réponse 16 / 22
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Bonjour,

Je ne saurais trop de conseiller de virer ce genre de soft. Tu joues avec le feu...

1/ * Double-clique sur OTMoveIt.exe pour lancer le programme,
* Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste List Of Files/Folders to be moved" :

C:\Program Files\Fichiers communs\SPC500NC\Mionet\install.exe
D:\A CLASSER\Nero-7.8.5.0 eng\Nero-7.8.5.0 eng.exe

* Clique sur MoveIt! pour lancer la suppression,
* Le résultat appraraîtra dans le cadre Results.
* Clique sur Exit pour fermer le programme.
* Poste le rapport qui est situé ici : C:\\\_OTMoveIt\MovedFiles
* Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

2/ Tu dois désactiver puis réactiver la restauration système. Pour cela, fais un clic droit sur « poste de travail ». Dans l’onglet « restauration du système », coche la case « désactiver la restauration système ». Clique sur appliquer>OK.
Décoche cette case, clique sur appliquer>OK et redémarre le PC.

3/ As-tu toujours des soucis ? Sinon, on passe à la dernière étape.

FillPCA
0
Réponse 17 / 22
thierry54 Messages postés 38 Statut Membre 4
 
voici le rapport

C:\Program Files\Fichiers communs\SPC500NC\Mionet\install.exe moved successfully.
D:\A CLASSER\Nero-7.8.5.0 eng\Nero-7.8.5.0 eng.exe moved successfully.

Created on 10/29/2007 14:24:44

je redemare et je reviens
plus de soucis jusqu'a present
0
Réponse 18 / 22
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Re,

* Lance OTmoveIT.
* Clique sur CleanUp! (le programme va télécharger un fichier texte qui servira a nettoyer les programmes que l'on a téléchargés).

NOTE : Normalement, ton firewall (parefeu) devrait te demander si OTmoveIT peut accéder à internet, Autorise le.

* Une liste apparaît dans la partie gauche d'OTmoveIT.
* Un message apparaît pour confirmer le nettoyage. Confirme.
* Les fichiers infectés qui se trouvent dans les quarantaines seront supprimés aussi.

Vide ta corbeille.

Je te conseille de renforcer la protection de ta machine en installant en particulier un pare-feu. Voir ici :
http://perso.orange.fr/Le-site-de-Fill/S%E9curit%E9/Logiciels%20de%20protection.html

Si tu n'as plus de souci, tu peux marquer ton sujet comme résolu.

FillPCA
0
Réponse 19 / 22
thierry54 Messages postés 38 Statut Membre 4
 
re
j'ai redemarre est plus de soucis

tous les petits logiciels utilises je les garde ou je jette

et pour tous ce qui est fichiers caches et ou je peut remettre comme c'etait

merci
0
Réponse 20 / 22
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Re,

Tu gardes Ccleaner et AVGantispyware. Les autres sont à supprimer.

Tu peux recacher les fichiers.

FillPCA
0

Discussions similaires

Gmail Message d'erreur sur envoi multiple
Utilisateur anonyme -
jeannets -

13 réponses
Afficher deux fenêtres côte à côte
ptitchinoise -
pistouri -

11 réponses
Problème de clavier, des fenêtre s'ouvrent !!
Lyon691D -
tanteelise -

5 réponses
Exim4 en UTF8
Fred -
mamiemando -

5 réponses
Mon ordinateur ouvre des pages du bureau tout seul
Tanguy -
Tanguy -

9 réponses