Virus
Fermé
titish02
-
16 janv. 2008 à 19:46
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 - 25 janv. 2008 à 18:22
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 - 25 janv. 2008 à 18:22
A voir également:
- Virus
- Youtu.be virus - Accueil - Guide virus
- Svchost.exe virus - Guide
- Faux message virus ordinateur - Accueil - Arnaque
- Softonic virus ✓ - Forum Virus
- Faux message virus iphone - Forum iPhone
37 réponses
green day
Messages postés
26371
Date d'inscription
vendredi 30 septembre 2005
Statut
Modérateur, Contributeur sécurité
Dernière intervention
27 décembre 2019
2 162
16 janv. 2008 à 19:52
16 janv. 2008 à 19:52
Salut
Télécharge ceci :
Lien : http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
Démo : http://pageperso.aol.fr/balltrap34/demohijack.htm
Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum.
++
Télécharge ceci :
Lien : http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
Démo : http://pageperso.aol.fr/balltrap34/demohijack.htm
Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum.
++
hugnix
Messages postés
119
Date d'inscription
samedi 9 juin 2007
Statut
Membre
Dernière intervention
27 avril 2009
16 janv. 2008 à 19:54
16 janv. 2008 à 19:54
la première solution serait d'utiliser un antivirus quand tu vas sur le net :) si tu en as un fait un scan avec et détruit se qu'il a trouvé ensuite va sur www.secuser.com il va surement t'en trouver des autres, ensuite utilise ceci http://www.commentcamarche.net/telecharger/telecharger 83 ad aware 2007 free et pis ça http://www.commentcamarche.net/telecharger/telecharger 122 spybot .
Si tu sa toujours des problèmes fait un scan avec hijackthis et poste le log ici, les plus connaisseurs pourront t'aider!
Si tu sa toujours des problèmes fait un scan avec hijackthis et poste le log ici, les plus connaisseurs pourront t'aider!
voila le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:00:50, on 16/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb124\Dealio.dll
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb124\Dealio.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [1 mags 16 more] C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags\audio ace.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Browse wma] C:\DOCUME~1\COMPAQ~1\APPLIC~1\LIESIT~1\EQ 01 TRANS.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Compaq_Propriétaire\Application Data\Dealio\kb124\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Casino Del Rio - {45FD16E0-0BC3-4774-AD53-228976E8C19F} - C:\Casino\Casino Del Rio\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Casino Del Rio - {45FD16E0-0BC3-4774-AD53-228976E8C19F} - C:\Casino\Casino Del Rio\casino.exe (file missing)
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.google.com/?gws_rd=ssl
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLHelper/version7/DLHelper.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://casinoclassic.microgaming.com/casinoclassic/FlashAX.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:00:50, on 16/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb124\Dealio.dll
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb124\Dealio.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [1 mags 16 more] C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags\audio ace.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Browse wma] C:\DOCUME~1\COMPAQ~1\APPLIC~1\LIESIT~1\EQ 01 TRANS.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Compaq_Propriétaire\Application Data\Dealio\kb124\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Casino Del Rio - {45FD16E0-0BC3-4774-AD53-228976E8C19F} - C:\Casino\Casino Del Rio\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Casino Del Rio - {45FD16E0-0BC3-4774-AD53-228976E8C19F} - C:\Casino\Casino Del Rio\casino.exe (file missing)
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.google.com/?gws_rd=ssl
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLHelper/version7/DLHelper.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://casinoclassic.microgaming.com/casinoclassic/FlashAX.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
green day
Messages postés
26371
Date d'inscription
vendredi 30 septembre 2005
Statut
Modérateur, Contributeur sécurité
Dernière intervention
27 décembre 2019
2 162
16 janv. 2008 à 21:07
16 janv. 2008 à 21:07
ok,
Télécharge ceci: (by Moe) :
http://sosvirus.changelog.fr/Green_day/Lopxpsetup.exe
Double clic sur Lopxpsetup.exe pour lancer l'installation
Au menu, choisir l'option 1
Patienter jusqu'à que l'on demande d'appuyer sur une touche, appuyer !
Une rapport sera alors crée, à copie/colle en entier sur le forum.
++
Télécharge ceci: (by Moe) :
http://sosvirus.changelog.fr/Green_day/Lopxpsetup.exe
Double clic sur Lopxpsetup.exe pour lancer l'installation
Au menu, choisir l'option 1
Patienter jusqu'à que l'on demande d'appuyer sur une touche, appuyer !
Une rapport sera alors crée, à copie/colle en entier sur le forum.
++
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
le voila
Rapport Lopxp fait le 16/01/2008 à 21:35:54
Exécuté dans : C:\Program Files\Lopxp
- Fin du rapport -
Rapport Lopxp fait le 16/01/2008 à 21:35:54
Exécuté dans : C:\Program Files\Lopxp
Killing 'iexplore.exe'
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" (1876)
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" (2528)
"C:\Program Files\Internet Explorer\iexplore.exe" (5972)
___________________________________________________________________________
=> Tâches planifiées
C:\WINDOWS\tasks\8B2C8CAD93872489.job
Crée le : 15/01/2008 à 17:36
Fichier exécuté => c:\docume~1\kylie\applic~1\liesit~1\byte stupid intra.exe
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
Crée le : 12/10/2007 à 19:43
Fichier exécuté => C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task
C:\WINDOWS\tasks\EasyShare Registration Task.job
Crée le : 25/12/2007 à 17:20
Fichier exécuté => C:\WINDOWS\system32\rundll32.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.5.30.2.sxt _RegistrationOffer@16
C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job
Fichier exécuté => C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
___________________________________________________________________________
=> Listing des dossiers Application Data
+- C:\Documents and Settings\All Users\Application Data
09/01/2008 07:03:06 ... ADMINI~1 --= Admin Inter 1 Mags
01/08/2006 01:18:06 ... Adobe -----= Adobe
03/11/2007 11:58:44 ... Ahead -----= Ahead
12/10/2007 19:42:43 ... Apple -----= Apple
12/10/2007 19:43:29 ... APPLEC~1 --= Apple Computer
01/08/2006 01:16:50 ... CYBERL~1 --= CyberLink
12/10/2007 10:38:33 ... F-Secure --= F-Secure
12/10/2007 10:27:54 ... fssg ------= fssg
14/12/2007 13:00:59 ... GamesBar --= GamesBar
11/10/2007 10:33:10 ... Google ----= Google
16/01/2008 19:52:36 ... Grisoft ---= Grisoft
01/08/2006 01:47:22 ... HEWLET~1 --= Hewlett-Packard
01/08/2006 01:14:53 ... INSTAL~1 --= InstallShield
25/12/2007 17:19:02 ... Kodak -----= Kodak
14/12/2007 09:27:38 ... Logishrd --= Logishrd
12/10/2007 19:00:47 ... Logitech --= Logitech
21/10/2007 21:26:05 ... MESSEN~1 --= Messenger Plus!
13/10/2007 09:18:51 ... MGS -------= MGS
26/10/2005 23:34:12 ... MICROS~1 --= Microsoft
01/08/2006 00:51:05 ... SBSI ------= SBSI
01/08/2006 01:10:35 ... Sonic -----= Sonic
01/08/2006 01:36:51 ... Symantec --= Symantec
14/12/2007 13:01:57 ... TEMP ------= TEMP
13/10/2007 14:59:50 ... UDL -------= UDL
11/10/2007 11:42:58 ... WINDOW~1 --= Windows Genuine Advantage
12/10/2007 19:56:34 ... WINDOW~2 --= Windows Live Toolbar
10/01/2008 19:51:26 ... WLINST~1 --= WLInstaller
+- C:\Documents and Settings\Default User\Application Data
26/10/2005 23:34:38 ... IDENTI~1 --= Identities
26/10/2005 23:34:40 ... MICROS~1 --= Microsoft
11/10/2007 10:27:31 ... Real ------= Real
+- C:\Documents and Settings\Default User\Local Settings\Application Data
11/10/2007 10:27:31 ... APPLIC~1 --= ApplicationHistory
26/10/2005 23:34:44 ... MICROS~1 --= Microsoft
11/10/2007 10:27:31 ... POWERC~1 --= PowerCinema
11/10/2007 10:27:31 ... {3248F~1 --= {3248F0A6-6813-11D6-A77B-00B0D0150050}
+- C:\Documents and Settings\kylie\Application Data
15/10/2007 11:40:23 ... Adobe -----= Adobe
09/12/2007 17:17:41 ... AdobeUM ---= AdobeUM
28/10/2007 16:37:00 ... APPLEC~1 --= Apple Computer
18/10/2007 21:45:02 ... Dealio ----= Dealio
19/10/2007 16:39:43 ... DivX ------= DivX
13/11/2007 19:55:26 ... F-Secure --= F-Secure
12/10/2007 20:06:28 ... Google ----= Google
13/10/2007 12:30:04 ... HP --------= HP
15/12/2007 21:03:11 ... HPQ -------= HPQ
12/10/2007 20:02:23 ... IDENTI~1 --= Identities
18/12/2007 21:23:30 ... LIESIT~1 --= Lies Itch Roam
12/10/2007 20:09:25 ... MACROM~1 --= Macromedia
12/10/2007 20:02:23 ... MICROS~1 --= Microsoft
12/10/2007 20:02:23 ... Real ------= Real
11/11/2007 11:04:15 ... Sonic -----= Sonic
09/12/2007 20:55:51 ... Sun -------= Sun
+- C:\Documents and Settings\kylie\Local Settings\Application Data
15/10/2007 11:40:23 ... Adobe -----= Adobe
11/11/2007 10:59:15 ... Ahead -----= Ahead
16/10/2007 14:19:09 ... Apple -----= Apple
12/10/2007 20:03:35 ... APPLEC~1 --= Apple Computer
12/10/2007 20:02:22 ... APPLIC~1 --= ApplicationHistory
12/10/2007 20:06:28 ... Google ----= Google
09/11/2007 14:09:14 ... IDENTI~1 --= Identities
13/10/2007 12:30:02 ... ISOLAT~1 --= IsolatedStorage
26/12/2007 11:52:07 ... KODAKG~1 --= KodakGallery
12/10/2007 20:02:22 ... MICROS~1 --= Microsoft
12/10/2007 20:02:22 ... POWERC~1 --= PowerCinema
12/10/2007 20:02:22 ... {3248F~1 --= {3248F0A6-6813-11D6-A77B-00B0D0150050}
+- C:\Documents and Settings\sabrina\Application Data
13/10/2007 20:21:09 ... Adobe -----= Adobe
20/10/2007 12:15:24 ... Dealio ----= Dealio
13/10/2007 16:24:38 ... Google ----= Google
23/11/2007 21:24:48 ... HP --------= HP
13/10/2007 16:19:41 ... IDENTI~1 --= Identities
13/10/2007 16:25:57 ... MACROM~1 --= Macromedia
13/10/2007 16:19:41 ... MICROS~1 --= Microsoft
13/10/2007 16:19:41 ... Real ------= Real
18/10/2007 11:32:51 ... Template --= Template
+- C:\Documents and Settings\sabrina\Local Settings\Application Data
13/10/2007 20:21:09 ... Adobe -----= Adobe
30/10/2007 15:19:04 ... Apple -----= Apple
13/10/2007 16:20:29 ... APPLEC~1 --= Apple Computer
13/10/2007 16:19:41 ... APPLIC~1 --= ApplicationHistory
13/10/2007 16:24:38 ... Google ----= Google
23/11/2007 21:24:35 ... HP --------= HP
23/11/2007 21:24:46 ... ISOLAT~1 --= IsolatedStorage
13/10/2007 16:19:41 ... MICROS~1 --= Microsoft
13/10/2007 16:19:41 ... POWERC~1 --= PowerCinema
13/10/2007 16:19:41 ... {3248F~1 --= {3248F0A6-6813-11D6-A77B-00B0D0150050}
___________________________________________________________________________
=> Listing du dossier ProgramFiles
+- C:\Program Files
01/08/2006 01:17:55 ... Adobe -----= Adobe
21/10/2007 19:30:03 ... Adverts ---= Adverts
21/10/2007 15:45:19 ... Ahead -----= Ahead
16/01/2008 17:44:46 ... ALWILS~1 --= Alwil Software
12/10/2007 19:43:08 ... APPLES~1 --= Apple Software Update
01/08/2006 01:05:49 ... ATITEC~1 --= ATI Technologies
03/12/2007 12:46:28 ... AVANTG~1 --= AvantGo Connect
25/12/2007 17:45:09 ... Bonjour ---= Bonjour
18/12/2007 21:22:33 ... CIRCLE~1 --= Circle Developement
03/12/2007 12:46:20 ... COMMON~1 --= Common Files
20/10/2005 20:06:30 ... COMPLU~1 --= ComPlus Applications
28/12/2007 16:19:02 ... CRAZYV~1 --= Crazy Vegas Flash Casino
01/08/2006 01:17:05 ... CYBERL~1 --= CyberLink
18/10/2007 20:31:18 ... Dealio ----= Dealio
16/10/2007 09:47:38 ... DivX ------= DivX
22/12/2007 20:14:57 ... EASYGI~1 --= Easy GIF Animator
22/12/2007 20:16:00 ... EASYGI~2 --= Easy Gif Animator Extension
13/10/2007 16:54:41 ... eMule -----= eMule
13/10/2007 14:50:36 ... epson -----= epson
26/10/2005 23:35:50 ... FICHIE~1 --= Fichiers communs
14/12/2007 12:59:45 ... Gamenext --= Gamenext
14/12/2007 13:00:06 ... GamesBar --= GamesBar
05/01/2008 15:30:45 ... GOLDVI~1 --= Gold VIP Club Casino
01/08/2006 01:33:41 ... Google ----= Google
16/01/2008 19:52:31 ... Grisoft ---= Grisoft
01/08/2006 01:16:16 ... HEWLET~1 --= Hewlett-Packard
01/08/2006 01:09:39 ... HP --------= HP
18/10/2007 19:16:56 ... INCOMP~1 --= Incomplete
20/10/2007 06:27:45 ... INFRAR~1 --= InfraRecorder
01/08/2006 01:05:49 ... INSTAL~1 --= InstallShield Installation Information
26/10/2005 23:36:12 ... INTERN~1 --= Internet Explorer
01/01/2008 19:23:26 ... INTERN~2 --= InternetGameBox
12/10/2007 19:44:16 ... iPod ------= iPod
12/10/2007 19:44:10 ... iTunes ----= iTunes
01/08/2006 00:53:14 ... Java ------= Java
25/12/2007 17:21:15 ... Kodak -----= Kodak
15/01/2008 17:35:04 ... LIESIT~1 --= Lies Itch Roam
18/10/2007 12:16:17 ... LimeWire --= LimeWire
12/10/2007 19:00:47 ... Logitech --= Logitech
16/01/2008 21:33:57 ... Lopxp -----= Lopxp
03/12/2007 12:53:50 ... MARCOP~1 --= Marco Polo Mobile Navigator 2
26/10/2005 23:36:14 ... MESSEN~1 --= Messenger
03/12/2007 12:44:15 ... MICROS~4 --= Microsoft ActiveSync
13/10/2007 23:14:34 ... MICROS~1.2 --= Microsoft CAPICOM 2.1.0.2
26/10/2005 23:36:16 ... MICROS~1 --= microsoft frontpage
01/08/2006 01:19:43 ... MICROS~3 --= Microsoft Office
10/01/2008 20:20:23 ... MI29AE~1 --= Microsoft SQL Server Compact Edition
01/08/2006 01:19:28 ... MICROS~2 --= Microsoft Works
26/10/2005 23:36:22 ... MOVIEM~1 --= Movie Maker
26/10/2005 23:36:22 ... MSN -------= MSN
26/10/2005 23:36:32 ... MSNGAM~1 --= MSN Gaming Zone
12/10/2007 19:55:32 ... MSNMES~1 --= MSN Messenger
12/10/2007 11:07:27 ... MSXML4~1.0 --= MSXML 4.0
26/10/2005 23:36:44 ... NETMEE~1 --= NetMeeting
02/11/2007 12:44:48 ... Neuf ------= Neuf
11/10/2007 10:34:24 ... NORTON~2 --= Norton Security Scan
26/10/2005 23:36:44 ... ONLINE~1 --= Online Services
26/10/2005 23:36:48 ... OUTLOO~1 --= Outlook Express
12/10/2007 10:38:37 ... PACKSE~1 --= Pack Securite
01/08/2006 01:28:32 ... PC-DOC~1 --= PC-Doctor 5 for Windows
12/10/2007 19:43:30 ... QUICKT~1 --= QuickTime
01/08/2006 01:13:35 ... Real ------= Real
26/10/2005 23:36:48 ... SERVIC~1 --= Services en ligne
01/08/2006 01:14:17 ... Sonic -----= Sonic
29/10/2007 12:47:22 ... Sony ------= Sony
01/08/2006 01:36:56 ... Symantec --= Symantec
16/01/2008 19:58:36 ... TRENDM~1 --= Trend Micro
20/10/2005 20:06:02 ... UNINST~1 --= Uninstall Information
21/10/2007 19:30:00 ... WI1F86~1 --= Windows Live
01/12/2007 00:44:24 ... WI48FA~1 --= Windows Live Favorites
12/10/2007 19:56:23 ... WINDOW~4 --= Windows Live Toolbar
16/10/2007 09:39:38 ... WI4DF6~1 --= Windows Media Connect 2
26/10/2005 23:36:52 ... WINDOW~1 --= Windows Media Player
26/10/2005 23:36:54 ... WINDOW~2 --= Windows NT
20/10/2005 20:05:52 ... WINDOW~3 --= WindowsUpdate
26/10/2005 23:37:08 ... xerox -----= xerox
___________________________________________________________________________
=> Clés registre
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"1 mags 16 more"="C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags\audio ace.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Browse wma"="C:\DOCUME~1\COMPAQ~1\APPLIC~1\LIESIT~1\EQ 01 TRANS.exe"
___________________________________________________________________________
=> Bloqueur popups Internet Explorer
+- Liste des popups autorisés :
www.infos-du-net.com
216.93.188.81
www.kaledonie.com
fr.unibet.com
adoption-dogo.niceboard.com
www.commentcamarche.net
___________________________________________________________________________
/!\ Suggestion (Nécessite une interprétation.)
+- Dossiers suspects :
C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Lies Itch Roam
C:\Documents and Settings\kylie\Application Data\Lies Itch Roam
C:\Program Files\Lies Itch Roam
C:\Program Files\Adverts
C:\Program Files\Circle Developement
+- Tâches planifiées suspectes :
C:\WINDOWS\tasks\8B2C8CAD93872489.job
+- Registre:
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"1 mags 16 more"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Browse wma"=-
- Fin du rapport -
green day
Messages postés
26371
Date d'inscription
vendredi 30 septembre 2005
Statut
Modérateur, Contributeur sécurité
Dernière intervention
27 décembre 2019
2 162
16 janv. 2008 à 22:00
16 janv. 2008 à 22:00
très bien :
va dans : Démarrer > Exécuter puis copier/coller :
"%programfiles%\Lopxp\Lopxp.bat" /Fixme <= Guillemets y compris
puis valide, et poste le rapport stp, avec un nouveau hijack
@+
va dans : Démarrer > Exécuter puis copier/coller :
"%programfiles%\Lopxp\Lopxp.bat" /Fixme <= Guillemets y compris
puis valide, et poste le rapport stp, avec un nouveau hijack
@+
salut voila le rapport mais j'ai pas compris le nouveau hijack c'est koi je dois refaire un rapport avec hijack ?
Rapport Lopxp fait le 17/01/2008 à 17:21:20
Exécuté dans : C:\Program Files\Lopxp
- Fin du rapport -
Rapport Lopxp fait le 17/01/2008 à 17:21:20
Exécuté dans : C:\Program Files\Lopxp
___________________________________________________________________________
=> Fixme :
+- Tâches planifiées :
Supprimé : C:\WINDOWS\tasks\8B2C8CAD93872489.job
+- Dossiers :
Supprimé : C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags
Supprimé : C:\Documents and Settings\Compaq_Propriétaire\Application Data\Lies Itch Roam
Supprimé : C:\Documents and Settings\kylie\Application Data\Lies Itch Roam
Supprimé : C:\Program Files\Lies Itch Roam
Supprimé : C:\Program Files\Adverts
Supprimé : C:\Program Files\Circle Developement
+- Registre :
Nettoyage effectué.
+- Fichiers temporaires :
Nettoyage effectué.
___________________________________________________________________________
=> Tâches planifiées
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
Crée le : 12/10/2007 à 19:43
Fichier exécuté => C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task
C:\WINDOWS\tasks\EasyShare Registration Task.job
Crée le : 25/12/2007 à 17:20
Fichier exécuté => C:\WINDOWS\system32\rundll32.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.5.30.2.sxt _RegistrationOffer@16
C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job
Fichier exécuté => C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
___________________________________________________________________________
=> Listing des dossiers Application Data
+- C:\Documents and Settings\All Users\Application Data
01/08/2006 01:18:06 ... Adobe -----= Adobe
03/11/2007 11:58:44 ... Ahead -----= Ahead
12/10/2007 19:42:43 ... Apple -----= Apple
12/10/2007 19:43:29 ... APPLEC~1 --= Apple Computer
01/08/2006 01:16:50 ... CYBERL~1 --= CyberLink
12/10/2007 10:38:33 ... F-Secure --= F-Secure
12/10/2007 10:27:54 ... fssg ------= fssg
14/12/2007 13:00:59 ... GamesBar --= GamesBar
11/10/2007 10:33:10 ... Google ----= Google
16/01/2008 19:52:36 ... Grisoft ---= Grisoft
01/08/2006 01:47:22 ... HEWLET~1 --= Hewlett-Packard
01/08/2006 01:14:53 ... INSTAL~1 --= InstallShield
25/12/2007 17:19:02 ... Kodak -----= Kodak
14/12/2007 09:27:38 ... Logishrd --= Logishrd
12/10/2007 19:00:47 ... Logitech --= Logitech
21/10/2007 21:26:05 ... MESSEN~1 --= Messenger Plus!
13/10/2007 09:18:51 ... MGS -------= MGS
26/10/2005 23:34:12 ... MICROS~1 --= Microsoft
01/08/2006 00:51:05 ... SBSI ------= SBSI
01/08/2006 01:10:35 ... Sonic -----= Sonic
01/08/2006 01:36:51 ... Symantec --= Symantec
14/12/2007 13:01:57 ... TEMP ------= TEMP
13/10/2007 14:59:50 ... UDL -------= UDL
11/10/2007 11:42:58 ... WINDOW~1 --= Windows Genuine Advantage
12/10/2007 19:56:34 ... WINDOW~2 --= Windows Live Toolbar
10/01/2008 19:51:26 ... WLINST~1 --= WLInstaller
+- C:\Documents and Settings\Default User\Application Data
26/10/2005 23:34:38 ... IDENTI~1 --= Identities
26/10/2005 23:34:40 ... MICROS~1 --= Microsoft
11/10/2007 10:27:31 ... Real ------= Real
+- C:\Documents and Settings\Default User\Local Settings\Application Data
11/10/2007 10:27:31 ... APPLIC~1 --= ApplicationHistory
26/10/2005 23:34:44 ... MICROS~1 --= Microsoft
11/10/2007 10:27:31 ... POWERC~1 --= PowerCinema
11/10/2007 10:27:31 ... {3248F~1 --= {3248F0A6-6813-11D6-A77B-00B0D0150050}
+- C:\Documents and Settings\kylie\Application Data
15/10/2007 11:40:23 ... Adobe -----= Adobe
09/12/2007 17:17:41 ... AdobeUM ---= AdobeUM
28/10/2007 16:37:00 ... APPLEC~1 --= Apple Computer
18/10/2007 21:45:02 ... Dealio ----= Dealio
19/10/2007 16:39:43 ... DivX ------= DivX
13/11/2007 19:55:26 ... F-Secure --= F-Secure
12/10/2007 20:06:28 ... Google ----= Google
17/01/2008 16:52:56 ... Grisoft ---= Grisoft
13/10/2007 12:30:04 ... HP --------= HP
15/12/2007 21:03:11 ... HPQ -------= HPQ
12/10/2007 20:02:23 ... IDENTI~1 --= Identities
12/10/2007 20:09:25 ... MACROM~1 --= Macromedia
12/10/2007 20:02:23 ... MICROS~1 --= Microsoft
12/10/2007 20:02:23 ... Real ------= Real
11/11/2007 11:04:15 ... Sonic -----= Sonic
09/12/2007 20:55:51 ... Sun -------= Sun
+- C:\Documents and Settings\kylie\Local Settings\Application Data
15/10/2007 11:40:23 ... Adobe -----= Adobe
11/11/2007 10:59:15 ... Ahead -----= Ahead
16/10/2007 14:19:09 ... Apple -----= Apple
12/10/2007 20:03:35 ... APPLEC~1 --= Apple Computer
12/10/2007 20:02:22 ... APPLIC~1 --= ApplicationHistory
12/10/2007 20:06:28 ... Google ----= Google
09/11/2007 14:09:14 ... IDENTI~1 --= Identities
13/10/2007 12:30:02 ... ISOLAT~1 --= IsolatedStorage
26/12/2007 11:52:07 ... KODAKG~1 --= KodakGallery
12/10/2007 20:02:22 ... MICROS~1 --= Microsoft
12/10/2007 20:02:22 ... POWERC~1 --= PowerCinema
12/10/2007 20:02:22 ... {3248F~1 --= {3248F0A6-6813-11D6-A77B-00B0D0150050}
+- C:\Documents and Settings\sabrina\Application Data
13/10/2007 20:21:09 ... Adobe -----= Adobe
20/10/2007 12:15:24 ... Dealio ----= Dealio
13/10/2007 16:24:38 ... Google ----= Google
17/01/2008 16:45:59 ... Grisoft ---= Grisoft
23/11/2007 21:24:48 ... HP --------= HP
13/10/2007 16:19:41 ... IDENTI~1 --= Identities
13/10/2007 16:25:57 ... MACROM~1 --= Macromedia
13/10/2007 16:19:41 ... MICROS~1 --= Microsoft
13/10/2007 16:19:41 ... Real ------= Real
18/10/2007 11:32:51 ... Template --= Template
+- C:\Documents and Settings\sabrina\Local Settings\Application Data
13/10/2007 20:21:09 ... Adobe -----= Adobe
30/10/2007 15:19:04 ... Apple -----= Apple
13/10/2007 16:20:29 ... APPLEC~1 --= Apple Computer
13/10/2007 16:19:41 ... APPLIC~1 --= ApplicationHistory
13/10/2007 16:24:38 ... Google ----= Google
23/11/2007 21:24:35 ... HP --------= HP
23/11/2007 21:24:46 ... ISOLAT~1 --= IsolatedStorage
13/10/2007 16:19:41 ... MICROS~1 --= Microsoft
13/10/2007 16:19:41 ... POWERC~1 --= PowerCinema
13/10/2007 16:19:41 ... {3248F~1 --= {3248F0A6-6813-11D6-A77B-00B0D0150050}
___________________________________________________________________________
=> Listing du dossier ProgramFiles
+- C:\Program Files
01/08/2006 01:17:55 ... Adobe -----= Adobe
21/10/2007 15:45:19 ... Ahead -----= Ahead
16/01/2008 17:44:46 ... ALWILS~1 --= Alwil Software
12/10/2007 19:43:08 ... APPLES~1 --= Apple Software Update
01/08/2006 01:05:49 ... ATITEC~1 --= ATI Technologies
03/12/2007 12:46:28 ... AVANTG~1 --= AvantGo Connect
25/12/2007 17:45:09 ... Bonjour ---= Bonjour
03/12/2007 12:46:20 ... COMMON~1 --= Common Files
20/10/2005 20:06:30 ... COMPLU~1 --= ComPlus Applications
28/12/2007 16:19:02 ... CRAZYV~1 --= Crazy Vegas Flash Casino
01/08/2006 01:17:05 ... CYBERL~1 --= CyberLink
18/10/2007 20:31:18 ... Dealio ----= Dealio
16/10/2007 09:47:38 ... DivX ------= DivX
22/12/2007 20:14:57 ... EASYGI~1 --= Easy GIF Animator
22/12/2007 20:16:00 ... EASYGI~2 --= Easy Gif Animator Extension
13/10/2007 16:54:41 ... eMule -----= eMule
13/10/2007 14:50:36 ... epson -----= epson
26/10/2005 23:35:50 ... FICHIE~1 --= Fichiers communs
14/12/2007 12:59:45 ... Gamenext --= Gamenext
14/12/2007 13:00:06 ... GamesBar --= GamesBar
05/01/2008 15:30:45 ... GOLDVI~1 --= Gold VIP Club Casino
01/08/2006 01:33:41 ... Google ----= Google
16/01/2008 19:52:31 ... Grisoft ---= Grisoft
01/08/2006 01:16:16 ... HEWLET~1 --= Hewlett-Packard
01/08/2006 01:09:39 ... HP --------= HP
18/10/2007 19:16:56 ... INCOMP~1 --= Incomplete
20/10/2007 06:27:45 ... INFRAR~1 --= InfraRecorder
01/08/2006 01:05:49 ... INSTAL~1 --= InstallShield Installation Information
26/10/2005 23:36:12 ... INTERN~1 --= Internet Explorer
01/01/2008 19:23:26 ... INTERN~2 --= InternetGameBox
12/10/2007 19:44:16 ... iPod ------= iPod
12/10/2007 19:44:10 ... iTunes ----= iTunes
01/08/2006 00:53:14 ... Java ------= Java
25/12/2007 17:21:15 ... Kodak -----= Kodak
18/10/2007 12:16:17 ... LimeWire --= LimeWire
12/10/2007 19:00:47 ... Logitech --= Logitech
16/01/2008 21:33:57 ... Lopxp -----= Lopxp
03/12/2007 12:53:50 ... MARCOP~1 --= Marco Polo Mobile Navigator 2
26/10/2005 23:36:14 ... MESSEN~1 --= Messenger
03/12/2007 12:44:15 ... MICROS~4 --= Microsoft ActiveSync
13/10/2007 23:14:34 ... MICROS~1.2 --= Microsoft CAPICOM 2.1.0.2
26/10/2005 23:36:16 ... MICROS~1 --= microsoft frontpage
01/08/2006 01:19:43 ... MICROS~3 --= Microsoft Office
10/01/2008 20:20:23 ... MI29AE~1 --= Microsoft SQL Server Compact Edition
01/08/2006 01:19:28 ... MICROS~2 --= Microsoft Works
26/10/2005 23:36:22 ... MOVIEM~1 --= Movie Maker
26/10/2005 23:36:22 ... MSN -------= MSN
26/10/2005 23:36:32 ... MSNGAM~1 --= MSN Gaming Zone
12/10/2007 19:55:32 ... MSNMES~1 --= MSN Messenger
12/10/2007 11:07:27 ... MSXML4~1.0 --= MSXML 4.0
26/10/2005 23:36:44 ... NETMEE~1 --= NetMeeting
02/11/2007 12:44:48 ... Neuf ------= Neuf
11/10/2007 10:34:24 ... NORTON~2 --= Norton Security Scan
26/10/2005 23:36:44 ... ONLINE~1 --= Online Services
26/10/2005 23:36:48 ... OUTLOO~1 --= Outlook Express
12/10/2007 10:38:37 ... PACKSE~1 --= Pack Securite
01/08/2006 01:28:32 ... PC-DOC~1 --= PC-Doctor 5 for Windows
12/10/2007 19:43:30 ... QUICKT~1 --= QuickTime
01/08/2006 01:13:35 ... Real ------= Real
26/10/2005 23:36:48 ... SERVIC~1 --= Services en ligne
01/08/2006 01:14:17 ... Sonic -----= Sonic
29/10/2007 12:47:22 ... Sony ------= Sony
01/08/2006 01:36:56 ... Symantec --= Symantec
16/01/2008 19:58:36 ... TRENDM~1 --= Trend Micro
20/10/2005 20:06:02 ... UNINST~1 --= Uninstall Information
21/10/2007 19:30:00 ... WI1F86~1 --= Windows Live
01/12/2007 00:44:24 ... WI48FA~1 --= Windows Live Favorites
12/10/2007 19:56:23 ... WINDOW~4 --= Windows Live Toolbar
16/10/2007 09:39:38 ... WI4DF6~1 --= Windows Media Connect 2
26/10/2005 23:36:52 ... WINDOW~1 --= Windows Media Player
26/10/2005 23:36:54 ... WINDOW~2 --= Windows NT
20/10/2005 20:05:52 ... WINDOW~3 --= WindowsUpdate
26/10/2005 23:37:08 ... xerox -----= xerox
___________________________________________________________________________
=> Clés registre
___________________________________________________________________________
=> Bloqueur popups Internet Explorer
+- Liste des popups autorisés :
www.infos-du-net.com
216.93.188.81
www.kaledonie.com
fr.unibet.com
adoption-dogo.niceboard.com
www.commentcamarche.net
___________________________________________________________________________
/!\ Suggestion (Nécessite une interprétation.)
+- Dossiers suspects :
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Lies Itch Roam
- Fin du rapport -
voila au cas ou il fallait un autre rapport hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:36:26, on 17/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb124\Dealio.dll
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb124\Dealio.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-3752759594-2965898356-3032709857-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'kylie')
O4 - HKUS\S-1-5-21-3752759594-2965898356-3032709857-1009\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'kylie')
O4 - HKUS\S-1-5-21-3752759594-2965898356-3032709857-1009\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'kylie')
O4 - HKUS\S-1-5-21-3752759594-2965898356-3032709857-1009\..\Run: [Browse wma] C:\DOCUME~1\kylie\APPLIC~1\LIESIT~1\EQ 01 TRANS.exe (User 'kylie')
O4 - S-1-5-21-3752759594-2965898356-3032709857-1009 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'kylie')
O4 - S-1-5-21-3752759594-2965898356-3032709857-1009 User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'kylie')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Compaq_Propriétaire\Application Data\Dealio\kb124\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Casino Del Rio - {45FD16E0-0BC3-4774-AD53-228976E8C19F} - C:\Casino\Casino Del Rio\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Casino Del Rio - {45FD16E0-0BC3-4774-AD53-228976E8C19F} - C:\Casino\Casino Del Rio\casino.exe (file missing)
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.google.com/?gws_rd=ssl
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLHelper/version7/DLHelper.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://casinoclassic.microgaming.com/casinoclassic/FlashAX.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:36:26, on 17/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb124\Dealio.dll
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb124\Dealio.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-3752759594-2965898356-3032709857-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'kylie')
O4 - HKUS\S-1-5-21-3752759594-2965898356-3032709857-1009\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'kylie')
O4 - HKUS\S-1-5-21-3752759594-2965898356-3032709857-1009\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'kylie')
O4 - HKUS\S-1-5-21-3752759594-2965898356-3032709857-1009\..\Run: [Browse wma] C:\DOCUME~1\kylie\APPLIC~1\LIESIT~1\EQ 01 TRANS.exe (User 'kylie')
O4 - S-1-5-21-3752759594-2965898356-3032709857-1009 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'kylie')
O4 - S-1-5-21-3752759594-2965898356-3032709857-1009 User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'kylie')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Compaq_Propriétaire\Application Data\Dealio\kb124\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Casino Del Rio - {45FD16E0-0BC3-4774-AD53-228976E8C19F} - C:\Casino\Casino Del Rio\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Casino Del Rio - {45FD16E0-0BC3-4774-AD53-228976E8C19F} - C:\Casino\Casino Del Rio\casino.exe (file missing)
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.google.com/?gws_rd=ssl
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLHelper/version7/DLHelper.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://casinoclassic.microgaming.com/casinoclassic/FlashAX.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
green day
Messages postés
26371
Date d'inscription
vendredi 30 septembre 2005
Statut
Modérateur, Contributeur sécurité
Dernière intervention
27 décembre 2019
2 162
17 janv. 2008 à 19:13
17 janv. 2008 à 19:13
Salut
oui, ce bien un nouveau rapport hijack !
refais ceci stp :
va dans : Démarrer > Exécuter puis copier/coller :
"%programfiles%\Lopxp\Lopxp.bat" /Fixme <= Guillemets y compris
puis valide, et poste le rapport stp,
++
oui, ce bien un nouveau rapport hijack !
refais ceci stp :
va dans : Démarrer > Exécuter puis copier/coller :
"%programfiles%\Lopxp\Lopxp.bat" /Fixme <= Guillemets y compris
puis valide, et poste le rapport stp,
++
green day
Messages postés
26371
Date d'inscription
vendredi 30 septembre 2005
Statut
Modérateur, Contributeur sécurité
Dernière intervention
27 décembre 2019
2 162
18 janv. 2008 à 17:15
18 janv. 2008 à 17:15
Salut
non sauf ce signe "=>" ! :)
++
non sauf ce signe "=>" ! :)
++
Rapport Lopxp fait le 18/01/2008 à 19:36:34
Exécuté dans : C:\Program Files\Lopxp
- Fin du rapport -
Exécuté dans : C:\Program Files\Lopxp
___________________________________________________________________________
=> Fixme :
+- Dossiers :
Supprimé : C:\Documents and Settings\Compaq_Propriétaire\Application Data\Lies Itch Roam
+- Fichiers temporaires :
Nettoyage effectué.
___________________________________________________________________________
=> Tâches planifiées
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
Crée le : 12/10/2007 à 19:43
Fichier exécuté => C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task
C:\WINDOWS\tasks\EasyShare Registration Task.job
Crée le : 25/12/2007 à 17:20
Fichier exécuté => C:\WINDOWS\system32\rundll32.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.5.30.2.sxt _RegistrationOffer@16
C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job
Fichier exécuté => C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
___________________________________________________________________________
=> Listing des dossiers Application Data
+- C:\Documents and Settings\All Users\Application Data
01/08/2006 01:18:06 ... Adobe -----= Adobe
03/11/2007 11:58:44 ... Ahead -----= Ahead
12/10/2007 19:42:43 ... Apple -----= Apple
12/10/2007 19:43:29 ... APPLEC~1 --= Apple Computer
01/08/2006 01:16:50 ... CYBERL~1 --= CyberLink
12/10/2007 10:38:33 ... F-Secure --= F-Secure
12/10/2007 10:27:54 ... fssg ------= fssg
14/12/2007 13:00:59 ... GamesBar --= GamesBar
11/10/2007 10:33:10 ... Google ----= Google
16/01/2008 19:52:36 ... Grisoft ---= Grisoft
01/08/2006 01:47:22 ... HEWLET~1 --= Hewlett-Packard
01/08/2006 01:14:53 ... INSTAL~1 --= InstallShield
25/12/2007 17:19:02 ... Kodak -----= Kodak
14/12/2007 09:27:38 ... Logishrd --= Logishrd
12/10/2007 19:00:47 ... Logitech --= Logitech
21/10/2007 21:26:05 ... MESSEN~1 --= Messenger Plus!
13/10/2007 09:18:51 ... MGS -------= MGS
26/10/2005 23:34:12 ... MICROS~1 --= Microsoft
01/08/2006 00:51:05 ... SBSI ------= SBSI
01/08/2006 01:10:35 ... Sonic -----= Sonic
01/08/2006 01:36:51 ... Symantec --= Symantec
14/12/2007 13:01:57 ... TEMP ------= TEMP
13/10/2007 14:59:50 ... UDL -------= UDL
11/10/2007 11:42:58 ... WINDOW~1 --= Windows Genuine Advantage
12/10/2007 19:56:34 ... WINDOW~2 --= Windows Live Toolbar
10/01/2008 19:51:26 ... WLINST~1 --= WLInstaller
+- C:\Documents and Settings\Default User\Application Data
26/10/2005 23:34:38 ... IDENTI~1 --= Identities
26/10/2005 23:34:40 ... MICROS~1 --= Microsoft
11/10/2007 10:27:31 ... Real ------= Real
+- C:\Documents and Settings\Default User\Local Settings\Application Data
11/10/2007 10:27:31 ... APPLIC~1 --= ApplicationHistory
26/10/2005 23:34:44 ... MICROS~1 --= Microsoft
11/10/2007 10:27:31 ... POWERC~1 --= PowerCinema
11/10/2007 10:27:31 ... {3248F~1 --= {3248F0A6-6813-11D6-A77B-00B0D0150050}
+- C:\Documents and Settings\kylie\Application Data
15/10/2007 11:40:23 ... Adobe -----= Adobe
09/12/2007 17:17:41 ... AdobeUM ---= AdobeUM
28/10/2007 16:37:00 ... APPLEC~1 --= Apple Computer
18/10/2007 21:45:02 ... Dealio ----= Dealio
19/10/2007 16:39:43 ... DivX ------= DivX
13/11/2007 19:55:26 ... F-Secure --= F-Secure
12/10/2007 20:06:28 ... Google ----= Google
17/01/2008 16:52:56 ... Grisoft ---= Grisoft
13/10/2007 12:30:04 ... HP --------= HP
15/12/2007 21:03:11 ... HPQ -------= HPQ
12/10/2007 20:02:23 ... IDENTI~1 --= Identities
12/10/2007 20:09:25 ... MACROM~1 --= Macromedia
12/10/2007 20:02:23 ... MICROS~1 --= Microsoft
12/10/2007 20:02:23 ... Real ------= Real
11/11/2007 11:04:15 ... Sonic -----= Sonic
09/12/2007 20:55:51 ... Sun -------= Sun
+- C:\Documents and Settings\kylie\Local Settings\Application Data
15/10/2007 11:40:23 ... Adobe -----= Adobe
11/11/2007 10:59:15 ... Ahead -----= Ahead
16/10/2007 14:19:09 ... Apple -----= Apple
12/10/2007 20:03:35 ... APPLEC~1 --= Apple Computer
12/10/2007 20:02:22 ... APPLIC~1 --= ApplicationHistory
12/10/2007 20:06:28 ... Google ----= Google
09/11/2007 14:09:14 ... IDENTI~1 --= Identities
13/10/2007 12:30:02 ... ISOLAT~1 --= IsolatedStorage
26/12/2007 11:52:07 ... KODAKG~1 --= KodakGallery
12/10/2007 20:02:22 ... MICROS~1 --= Microsoft
12/10/2007 20:02:22 ... POWERC~1 --= PowerCinema
12/10/2007 20:02:22 ... {3248F~1 --= {3248F0A6-6813-11D6-A77B-00B0D0150050}
+- C:\Documents and Settings\sabrina\Application Data
13/10/2007 20:21:09 ... Adobe -----= Adobe
20/10/2007 12:15:24 ... Dealio ----= Dealio
13/10/2007 16:24:38 ... Google ----= Google
17/01/2008 16:45:59 ... Grisoft ---= Grisoft
23/11/2007 21:24:48 ... HP --------= HP
13/10/2007 16:19:41 ... IDENTI~1 --= Identities
13/10/2007 16:25:57 ... MACROM~1 --= Macromedia
13/10/2007 16:19:41 ... MICROS~1 --= Microsoft
13/10/2007 16:19:41 ... Real ------= Real
18/10/2007 11:32:51 ... Template --= Template
+- C:\Documents and Settings\sabrina\Local Settings\Application Data
13/10/2007 20:21:09 ... Adobe -----= Adobe
30/10/2007 15:19:04 ... Apple -----= Apple
13/10/2007 16:20:29 ... APPLEC~1 --= Apple Computer
13/10/2007 16:19:41 ... APPLIC~1 --= ApplicationHistory
13/10/2007 16:24:38 ... Google ----= Google
23/11/2007 21:24:35 ... HP --------= HP
23/11/2007 21:24:46 ... ISOLAT~1 --= IsolatedStorage
13/10/2007 16:19:41 ... MICROS~1 --= Microsoft
13/10/2007 16:19:41 ... POWERC~1 --= PowerCinema
13/10/2007 16:19:41 ... {3248F~1 --= {3248F0A6-6813-11D6-A77B-00B0D0150050}
___________________________________________________________________________
=> Listing du dossier ProgramFiles
+- C:\Program Files
01/08/2006 01:17:55 ... Adobe -----= Adobe
21/10/2007 15:45:19 ... Ahead -----= Ahead
16/01/2008 17:44:46 ... ALWILS~1 --= Alwil Software
12/10/2007 19:43:08 ... APPLES~1 --= Apple Software Update
01/08/2006 01:05:49 ... ATITEC~1 --= ATI Technologies
03/12/2007 12:46:28 ... AVANTG~1 --= AvantGo Connect
25/12/2007 17:45:09 ... Bonjour ---= Bonjour
03/12/2007 12:46:20 ... COMMON~1 --= Common Files
20/10/2005 20:06:30 ... COMPLU~1 --= ComPlus Applications
28/12/2007 16:19:02 ... CRAZYV~1 --= Crazy Vegas Flash Casino
01/08/2006 01:17:05 ... CYBERL~1 --= CyberLink
18/10/2007 20:31:18 ... Dealio ----= Dealio
16/10/2007 09:47:38 ... DivX ------= DivX
22/12/2007 20:14:57 ... EASYGI~1 --= Easy GIF Animator
22/12/2007 20:16:00 ... EASYGI~2 --= Easy Gif Animator Extension
13/10/2007 16:54:41 ... eMule -----= eMule
13/10/2007 14:50:36 ... epson -----= epson
26/10/2005 23:35:50 ... FICHIE~1 --= Fichiers communs
14/12/2007 12:59:45 ... Gamenext --= Gamenext
14/12/2007 13:00:06 ... GamesBar --= GamesBar
05/01/2008 15:30:45 ... GOLDVI~1 --= Gold VIP Club Casino
01/08/2006 01:33:41 ... Google ----= Google
16/01/2008 19:52:31 ... Grisoft ---= Grisoft
01/08/2006 01:16:16 ... HEWLET~1 --= Hewlett-Packard
01/08/2006 01:09:39 ... HP --------= HP
18/10/2007 19:16:56 ... INCOMP~1 --= Incomplete
20/10/2007 06:27:45 ... INFRAR~1 --= InfraRecorder
01/08/2006 01:05:49 ... INSTAL~1 --= InstallShield Installation Information
26/10/2005 23:36:12 ... INTERN~1 --= Internet Explorer
01/01/2008 19:23:26 ... INTERN~2 --= InternetGameBox
12/10/2007 19:44:16 ... iPod ------= iPod
12/10/2007 19:44:10 ... iTunes ----= iTunes
01/08/2006 00:53:14 ... Java ------= Java
25/12/2007 17:21:15 ... Kodak -----= Kodak
18/10/2007 12:16:17 ... LimeWire --= LimeWire
12/10/2007 19:00:47 ... Logitech --= Logitech
16/01/2008 21:33:57 ... Lopxp -----= Lopxp
03/12/2007 12:53:50 ... MARCOP~1 --= Marco Polo Mobile Navigator 2
26/10/2005 23:36:14 ... MESSEN~1 --= Messenger
03/12/2007 12:44:15 ... MICROS~4 --= Microsoft ActiveSync
13/10/2007 23:14:34 ... MICROS~1.2 --= Microsoft CAPICOM 2.1.0.2
26/10/2005 23:36:16 ... MICROS~1 --= microsoft frontpage
01/08/2006 01:19:43 ... MICROS~3 --= Microsoft Office
10/01/2008 20:20:23 ... MI29AE~1 --= Microsoft SQL Server Compact Edition
01/08/2006 01:19:28 ... MICROS~2 --= Microsoft Works
26/10/2005 23:36:22 ... MOVIEM~1 --= Movie Maker
26/10/2005 23:36:22 ... MSN -------= MSN
26/10/2005 23:36:32 ... MSNGAM~1 --= MSN Gaming Zone
12/10/2007 19:55:32 ... MSNMES~1 --= MSN Messenger
12/10/2007 11:07:27 ... MSXML4~1.0 --= MSXML 4.0
26/10/2005 23:36:44 ... NETMEE~1 --= NetMeeting
02/11/2007 12:44:48 ... Neuf ------= Neuf
11/10/2007 10:34:24 ... NORTON~2 --= Norton Security Scan
26/10/2005 23:36:44 ... ONLINE~1 --= Online Services
26/10/2005 23:36:48 ... OUTLOO~1 --= Outlook Express
12/10/2007 10:38:37 ... PACKSE~1 --= Pack Securite
01/08/2006 01:28:32 ... PC-DOC~1 --= PC-Doctor 5 for Windows
12/10/2007 19:43:30 ... QUICKT~1 --= QuickTime
01/08/2006 01:13:35 ... Real ------= Real
26/10/2005 23:36:48 ... SERVIC~1 --= Services en ligne
01/08/2006 01:14:17 ... Sonic -----= Sonic
29/10/2007 12:47:22 ... Sony ------= Sony
01/08/2006 01:36:56 ... Symantec --= Symantec
16/01/2008 19:58:36 ... TRENDM~1 --= Trend Micro
20/10/2005 20:06:02 ... UNINST~1 --= Uninstall Information
21/10/2007 19:30:00 ... WI1F86~1 --= Windows Live
01/12/2007 00:44:24 ... WI48FA~1 --= Windows Live Favorites
12/10/2007 19:56:23 ... WINDOW~4 --= Windows Live Toolbar
16/10/2007 09:39:38 ... WI4DF6~1 --= Windows Media Connect 2
26/10/2005 23:36:52 ... WINDOW~1 --= Windows Media Player
26/10/2005 23:36:54 ... WINDOW~2 --= Windows NT
20/10/2005 20:05:52 ... WINDOW~3 --= WindowsUpdate
26/10/2005 23:37:08 ... xerox -----= xerox
___________________________________________________________________________
=> Clés registre
___________________________________________________________________________
=> Bloqueur popups Internet Explorer
+- Liste des popups autorisés :
www.infos-du-net.com
216.93.188.81
www.kaledonie.com
fr.unibet.com
adoption-dogo.niceboard.com
www.commentcamarche.net
www.skyrock.com
x3-ciity-world.skyrock.com
___________________________________________________________________________
/!\ Suggestion (Nécessite une interprétation.)
+- Dossiers suspects :
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Lies Itch Roam
- Fin du rapport -
green day
Messages postés
26371
Date d'inscription
vendredi 30 septembre 2005
Statut
Modérateur, Contributeur sécurité
Dernière intervention
27 décembre 2019
2 162
18 janv. 2008 à 20:02
18 janv. 2008 à 20:02
ok, tu connais ce programme : Crazy Vegas Flash Casino ??
refais la manip avec la ligne de commande et poste le rapport stp
++
refais la manip avec la ligne de commande et poste le rapport stp
++
je connais pas ce programme mes mon frere telecharge souvent des jeux de casino sur internet c'est peut etre ca , pourkoi
sinon pour le reste j'ai rien compris c koi la ligne de commande
sinon pour le reste j'ai rien compris c koi la ligne de commande
green day
Messages postés
26371
Date d'inscription
vendredi 30 septembre 2005
Statut
Modérateur, Contributeur sécurité
Dernière intervention
27 décembre 2019
2 162
18 janv. 2008 à 21:04
18 janv. 2008 à 21:04
refais ceci stp :
va dans : Démarrer > Exécuter puis copier/coller :
"%programfiles%\Lopxp\Lopxp.bat" /Fixme <= Guillemets y compris
puis valide, et poste le rapport stp,
++
va dans : Démarrer > Exécuter puis copier/coller :
"%programfiles%\Lopxp\Lopxp.bat" /Fixme <= Guillemets y compris
puis valide, et poste le rapport stp,
++
Rapport Lopxp fait le 19/01/2008 à 12:37:24
Exécuté dans : C:\Program Files\Lopxp
- Fin du rapport -
Exécuté dans : C:\Program Files\Lopxp
___________________________________________________________________________
=> Fixme :
+- Dossiers :
Supprimé : C:\Documents and Settings\Compaq_Propriétaire\Application Data\Lies Itch Roam
+- Fichiers temporaires :
Nettoyage effectué.
___________________________________________________________________________
=> Tâches planifiées
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
Crée le : 12/10/2007 à 19:43
Fichier exécuté => C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task
C:\WINDOWS\tasks\EasyShare Registration Task.job
Crée le : 25/12/2007 à 17:20
Fichier exécuté => C:\WINDOWS\system32\rundll32.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.5.30.2.sxt _RegistrationOffer@16
C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job
Fichier exécuté => C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
___________________________________________________________________________
=> Listing des dossiers Application Data
+- C:\Documents and Settings\All Users\Application Data
01/08/2006 01:18:06 ... Adobe -----= Adobe
03/11/2007 11:58:44 ... Ahead -----= Ahead
12/10/2007 19:42:43 ... Apple -----= Apple
12/10/2007 19:43:29 ... APPLEC~1 --= Apple Computer
01/08/2006 01:16:50 ... CYBERL~1 --= CyberLink
12/10/2007 10:38:33 ... F-Secure --= F-Secure
12/10/2007 10:27:54 ... fssg ------= fssg
14/12/2007 13:00:59 ... GamesBar --= GamesBar
11/10/2007 10:33:10 ... Google ----= Google
16/01/2008 19:52:36 ... Grisoft ---= Grisoft
01/08/2006 01:47:22 ... HEWLET~1 --= Hewlett-Packard
01/08/2006 01:14:53 ... INSTAL~1 --= InstallShield
25/12/2007 17:19:02 ... Kodak -----= Kodak
14/12/2007 09:27:38 ... Logishrd --= Logishrd
12/10/2007 19:00:47 ... Logitech --= Logitech
21/10/2007 21:26:05 ... MESSEN~1 --= Messenger Plus!
13/10/2007 09:18:51 ... MGS -------= MGS
26/10/2005 23:34:12 ... MICROS~1 --= Microsoft
01/08/2006 00:51:05 ... SBSI ------= SBSI
01/08/2006 01:10:35 ... Sonic -----= Sonic
01/08/2006 01:36:51 ... Symantec --= Symantec
14/12/2007 13:01:57 ... TEMP ------= TEMP
13/10/2007 14:59:50 ... UDL -------= UDL
11/10/2007 11:42:58 ... WINDOW~1 --= Windows Genuine Advantage
12/10/2007 19:56:34 ... WINDOW~2 --= Windows Live Toolbar
10/01/2008 19:51:26 ... WLINST~1 --= WLInstaller
+- C:\Documents and Settings\Default User\Application Data
26/10/2005 23:34:38 ... IDENTI~1 --= Identities
26/10/2005 23:34:40 ... MICROS~1 --= Microsoft
11/10/2007 10:27:31 ... Real ------= Real
+- C:\Documents and Settings\Default User\Local Settings\Application Data
11/10/2007 10:27:31 ... APPLIC~1 --= ApplicationHistory
26/10/2005 23:34:44 ... MICROS~1 --= Microsoft
11/10/2007 10:27:31 ... POWERC~1 --= PowerCinema
11/10/2007 10:27:31 ... {3248F~1 --= {3248F0A6-6813-11D6-A77B-00B0D0150050}
+- C:\Documents and Settings\kylie\Application Data
15/10/2007 11:40:23 ... Adobe -----= Adobe
09/12/2007 17:17:41 ... AdobeUM ---= AdobeUM
28/10/2007 16:37:00 ... APPLEC~1 --= Apple Computer
18/10/2007 21:45:02 ... Dealio ----= Dealio
19/10/2007 16:39:43 ... DivX ------= DivX
13/11/2007 19:55:26 ... F-Secure --= F-Secure
12/10/2007 20:06:28 ... Google ----= Google
17/01/2008 16:52:56 ... Grisoft ---= Grisoft
13/10/2007 12:30:04 ... HP --------= HP
15/12/2007 21:03:11 ... HPQ -------= HPQ
12/10/2007 20:02:23 ... IDENTI~1 --= Identities
12/10/2007 20:09:25 ... MACROM~1 --= Macromedia
12/10/2007 20:02:23 ... MICROS~1 --= Microsoft
12/10/2007 20:02:23 ... Real ------= Real
11/11/2007 11:04:15 ... Sonic -----= Sonic
09/12/2007 20:55:51 ... Sun -------= Sun
+- C:\Documents and Settings\kylie\Local Settings\Application Data
15/10/2007 11:40:23 ... Adobe -----= Adobe
11/11/2007 10:59:15 ... Ahead -----= Ahead
16/10/2007 14:19:09 ... Apple -----= Apple
12/10/2007 20:03:35 ... APPLEC~1 --= Apple Computer
12/10/2007 20:02:22 ... APPLIC~1 --= ApplicationHistory
12/10/2007 20:06:28 ... Google ----= Google
09/11/2007 14:09:14 ... IDENTI~1 --= Identities
13/10/2007 12:30:02 ... ISOLAT~1 --= IsolatedStorage
26/12/2007 11:52:07 ... KODAKG~1 --= KodakGallery
12/10/2007 20:02:22 ... MICROS~1 --= Microsoft
12/10/2007 20:02:22 ... POWERC~1 --= PowerCinema
12/10/2007 20:02:22 ... {3248F~1 --= {3248F0A6-6813-11D6-A77B-00B0D0150050}
+- C:\Documents and Settings\sabrina\Application Data
13/10/2007 20:21:09 ... Adobe -----= Adobe
20/10/2007 12:15:24 ... Dealio ----= Dealio
13/10/2007 16:24:38 ... Google ----= Google
17/01/2008 16:45:59 ... Grisoft ---= Grisoft
23/11/2007 21:24:48 ... HP --------= HP
13/10/2007 16:19:41 ... IDENTI~1 --= Identities
13/10/2007 16:25:57 ... MACROM~1 --= Macromedia
13/10/2007 16:19:41 ... MICROS~1 --= Microsoft
13/10/2007 16:19:41 ... Real ------= Real
18/10/2007 11:32:51 ... Template --= Template
+- C:\Documents and Settings\sabrina\Local Settings\Application Data
13/10/2007 20:21:09 ... Adobe -----= Adobe
30/10/2007 15:19:04 ... Apple -----= Apple
13/10/2007 16:20:29 ... APPLEC~1 --= Apple Computer
13/10/2007 16:19:41 ... APPLIC~1 --= ApplicationHistory
13/10/2007 16:24:38 ... Google ----= Google
23/11/2007 21:24:35 ... HP --------= HP
23/11/2007 21:24:46 ... ISOLAT~1 --= IsolatedStorage
13/10/2007 16:19:41 ... MICROS~1 --= Microsoft
13/10/2007 16:19:41 ... POWERC~1 --= PowerCinema
13/10/2007 16:19:41 ... {3248F~1 --= {3248F0A6-6813-11D6-A77B-00B0D0150050}
___________________________________________________________________________
=> Listing du dossier ProgramFiles
+- C:\Program Files
01/08/2006 01:17:55 ... Adobe -----= Adobe
21/10/2007 15:45:19 ... Ahead -----= Ahead
16/01/2008 17:44:46 ... ALWILS~1 --= Alwil Software
12/10/2007 19:43:08 ... APPLES~1 --= Apple Software Update
01/08/2006 01:05:49 ... ATITEC~1 --= ATI Technologies
03/12/2007 12:46:28 ... AVANTG~1 --= AvantGo Connect
25/12/2007 17:45:09 ... Bonjour ---= Bonjour
03/12/2007 12:46:20 ... COMMON~1 --= Common Files
20/10/2005 20:06:30 ... COMPLU~1 --= ComPlus Applications
28/12/2007 16:19:02 ... CRAZYV~1 --= Crazy Vegas Flash Casino
01/08/2006 01:17:05 ... CYBERL~1 --= CyberLink
18/10/2007 20:31:18 ... Dealio ----= Dealio
16/10/2007 09:47:38 ... DivX ------= DivX
22/12/2007 20:14:57 ... EASYGI~1 --= Easy GIF Animator
22/12/2007 20:16:00 ... EASYGI~2 --= Easy Gif Animator Extension
13/10/2007 16:54:41 ... eMule -----= eMule
13/10/2007 14:50:36 ... epson -----= epson
26/10/2005 23:35:50 ... FICHIE~1 --= Fichiers communs
14/12/2007 12:59:45 ... Gamenext --= Gamenext
14/12/2007 13:00:06 ... GamesBar --= GamesBar
05/01/2008 15:30:45 ... GOLDVI~1 --= Gold VIP Club Casino
01/08/2006 01:33:41 ... Google ----= Google
16/01/2008 19:52:31 ... Grisoft ---= Grisoft
01/08/2006 01:16:16 ... HEWLET~1 --= Hewlett-Packard
01/08/2006 01:09:39 ... HP --------= HP
18/10/2007 19:16:56 ... INCOMP~1 --= Incomplete
20/10/2007 06:27:45 ... INFRAR~1 --= InfraRecorder
01/08/2006 01:05:49 ... INSTAL~1 --= InstallShield Installation Information
26/10/2005 23:36:12 ... INTERN~1 --= Internet Explorer
01/01/2008 19:23:26 ... INTERN~2 --= InternetGameBox
12/10/2007 19:44:16 ... iPod ------= iPod
12/10/2007 19:44:10 ... iTunes ----= iTunes
01/08/2006 00:53:14 ... Java ------= Java
25/12/2007 17:21:15 ... Kodak -----= Kodak
18/10/2007 12:16:17 ... LimeWire --= LimeWire
12/10/2007 19:00:47 ... Logitech --= Logitech
16/01/2008 21:33:57 ... Lopxp -----= Lopxp
03/12/2007 12:53:50 ... MARCOP~1 --= Marco Polo Mobile Navigator 2
26/10/2005 23:36:14 ... MESSEN~1 --= Messenger
03/12/2007 12:44:15 ... MICROS~4 --= Microsoft ActiveSync
13/10/2007 23:14:34 ... MICROS~1.2 --= Microsoft CAPICOM 2.1.0.2
26/10/2005 23:36:16 ... MICROS~1 --= microsoft frontpage
01/08/2006 01:19:43 ... MICROS~3 --= Microsoft Office
10/01/2008 20:20:23 ... MI29AE~1 --= Microsoft SQL Server Compact Edition
01/08/2006 01:19:28 ... MICROS~2 --= Microsoft Works
26/10/2005 23:36:22 ... MOVIEM~1 --= Movie Maker
26/10/2005 23:36:22 ... MSN -------= MSN
26/10/2005 23:36:32 ... MSNGAM~1 --= MSN Gaming Zone
12/10/2007 19:55:32 ... MSNMES~1 --= MSN Messenger
12/10/2007 11:07:27 ... MSXML4~1.0 --= MSXML 4.0
26/10/2005 23:36:44 ... NETMEE~1 --= NetMeeting
02/11/2007 12:44:48 ... Neuf ------= Neuf
11/10/2007 10:34:24 ... NORTON~2 --= Norton Security Scan
26/10/2005 23:36:44 ... ONLINE~1 --= Online Services
26/10/2005 23:36:48 ... OUTLOO~1 --= Outlook Express
12/10/2007 10:38:37 ... PACKSE~1 --= Pack Securite
01/08/2006 01:28:32 ... PC-DOC~1 --= PC-Doctor 5 for Windows
12/10/2007 19:43:30 ... QUICKT~1 --= QuickTime
01/08/2006 01:13:35 ... Real ------= Real
26/10/2005 23:36:48 ... SERVIC~1 --= Services en ligne
01/08/2006 01:14:17 ... Sonic -----= Sonic
29/10/2007 12:47:22 ... Sony ------= Sony
01/08/2006 01:36:56 ... Symantec --= Symantec
16/01/2008 19:58:36 ... TRENDM~1 --= Trend Micro
20/10/2005 20:06:02 ... UNINST~1 --= Uninstall Information
21/10/2007 19:30:00 ... WI1F86~1 --= Windows Live
01/12/2007 00:44:24 ... WI48FA~1 --= Windows Live Favorites
12/10/2007 19:56:23 ... WINDOW~4 --= Windows Live Toolbar
16/10/2007 09:39:38 ... WI4DF6~1 --= Windows Media Connect 2
26/10/2005 23:36:52 ... WINDOW~1 --= Windows Media Player
26/10/2005 23:36:54 ... WINDOW~2 --= Windows NT
20/10/2005 20:05:52 ... WINDOW~3 --= WindowsUpdate
26/10/2005 23:37:08 ... xerox -----= xerox
___________________________________________________________________________
=> Clés registre
___________________________________________________________________________
=> Bloqueur popups Internet Explorer
+- Liste des popups autorisés :
www.infos-du-net.com
216.93.188.81
www.kaledonie.com
fr.unibet.com
adoption-dogo.niceboard.com
www.commentcamarche.net
www.skyrock.com
x3-ciity-world.skyrock.com
___________________________________________________________________________
/!\ Suggestion (Nécessite une interprétation.)
+- Dossiers suspects :
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Lies Itch Roam
- Fin du rapport -
green day
Messages postés
26371
Date d'inscription
vendredi 30 septembre 2005
Statut
Modérateur, Contributeur sécurité
Dernière intervention
27 décembre 2019
2 162
19 janv. 2008 à 13:07
19 janv. 2008 à 13:07
Salut
ok,
cherche et supprime le fichier en gras :
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Lies Itch Roam
ensuite, poste un nouveau hijack stp
++
ok,
cherche et supprime le fichier en gras :
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Lies Itch Roam
ensuite, poste un nouveau hijack stp
++
salut
le fichier est supprimer voila le nouveau rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:28:50, on 19/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\windows\system32\qmmzmpum.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb124\Dealio.dll
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb124\Dealio.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [qmmzmpum] c:\windows\system32\qmmzmpum.exe qmmzmpum
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Compaq_Propriétaire\Application Data\Dealio\kb124\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Casino Del Rio - {45FD16E0-0BC3-4774-AD53-228976E8C19F} - C:\Casino\Casino Del Rio\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Casino Del Rio - {45FD16E0-0BC3-4774-AD53-228976E8C19F} - C:\Casino\Casino Del Rio\casino.exe (file missing)
O9 - Extra button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe
O9 - Extra 'Tools' menuitem: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.google.com/?gws_rd=ssl
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLHelper/version7/DLHelper.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://casinoclassic.microgaming.com/casinoclassic/FlashAX.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
le fichier est supprimer voila le nouveau rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:28:50, on 19/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\windows\system32\qmmzmpum.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb124\Dealio.dll
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb124\Dealio.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [qmmzmpum] c:\windows\system32\qmmzmpum.exe qmmzmpum
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Compaq_Propriétaire\Application Data\Dealio\kb124\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Casino Del Rio - {45FD16E0-0BC3-4774-AD53-228976E8C19F} - C:\Casino\Casino Del Rio\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Casino Del Rio - {45FD16E0-0BC3-4774-AD53-228976E8C19F} - C:\Casino\Casino Del Rio\casino.exe (file missing)
O9 - Extra button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe
O9 - Extra 'Tools' menuitem: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.google.com/?gws_rd=ssl
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLHelper/version7/DLHelper.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://casinoclassic.microgaming.com/casinoclassic/FlashAX.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
green day
Messages postés
26371
Date d'inscription
vendredi 30 septembre 2005
Statut
Modérateur, Contributeur sécurité
Dernière intervention
27 décembre 2019
2 162
19 janv. 2008 à 13:34
19 janv. 2008 à 13:34
ok,
Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp
++
Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp
++
ComboFix 08-01-18.5 - Compaq_Propriétaire 2008-01-19 14:47:04.3 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.752 [GMT 1:00]
Running from: C:\Documents and Settings\Compaq_Propriétaire\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-19 to 2008-01-19 ))))))))))))))))))))))))))))))))))))
.
2008-01-19 14:48 . 2008-01-19 14:48 3,220 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2008-01-19 13:45 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-18 21:10 . 2008-01-18 21:10 1,409 --a------ C:\WINDOWS\system32\tmpE1089.FOT
2008-01-18 21:10 . 2008-01-18 21:10 1,409 --a------ C:\WINDOWS\system32\tmp8B389.FOT
2008-01-18 21:10 . 2008-01-18 21:10 1,409 --a------ C:\WINDOWS\system32\tmp75189.FOT
2008-01-18 21:10 . 2008-01-18 21:10 1,409 --a------ C:\WINDOWS\system32\tmp4F689.FOT
2008-01-18 21:10 . 2008-01-18 21:10 1,409 --a------ C:\WINDOWS\system32\tmp48C79.FOT
2008-01-18 21:10 . 2008-01-18 21:10 1,409 --a------ C:\WINDOWS\system32\tmp01589.FOT
2008-01-18 21:07 . 2008-01-18 21:07 <REP> d-------- C:\Program Files\Fichiers communs\Oberon Media
2008-01-17 16:52 . 2008-01-17 16:52 <REP> d-------- C:\Documents and Settings\kylie\Application Data\Grisoft
2008-01-17 16:45 . 2008-01-17 16:45 <REP> d-------- C:\Documents and Settings\sabrina\Application Data\Grisoft
2008-01-16 21:33 . 2008-01-19 12:46 <REP> d-------- C:\Program Files\Lopxp
2008-01-16 19:58 . 2008-01-16 19:58 <REP> d-------- C:\Program Files\Trend Micro
2008-01-16 19:53 . 2008-01-16 19:53 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Grisoft
2008-01-16 19:52 . 2008-01-16 19:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-16 19:52 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-16 17:44 . 2008-01-16 17:44 <REP> d-------- C:\Program Files\Alwil Software
2008-01-16 09:47 . 2008-01-16 09:49 <REP> d-------- C:\Casino Riva
2008-01-15 08:48 . 2008-01-18 09:08 <REP> d-------- C:\Casino
2008-01-13 18:54 . 2008-01-13 18:54 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Saved Games
2008-01-13 18:54 . 2008-01-13 18:54 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Saved Games
2008-01-10 20:24 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-01-10 20:20 . 2008-01-10 20:20 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-01-10 19:52 . 2008-01-10 19:55 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-10 19:51 . 2008-01-10 20:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-09 17:56 . 2008-01-09 17:56 <REP> d-------- C:\WINDOWS\system32\FlashAX
2008-01-06 10:00 . 2008-01-19 14:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-06 10:00 . 2008-01-06 10:00 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-05 15:30 . 2008-01-14 10:45 <REP> d-------- C:\Program Files\Gold VIP Club Casino
2007-12-28 16:19 . 2007-12-28 16:19 <REP> d-------- C:\Program Files\Crazy Vegas Flash Casino
2007-12-28 15:18 . 2007-12-28 15:18 17 --a------ C:\WINDOWS\pp.enc
2007-12-28 15:13 . 2008-01-18 08:55 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microgaming
2007-12-25 17:45 . 2007-12-25 17:45 <REP> d-------- C:\Program Files\Bonjour
2007-12-25 17:44 . 2007-12-25 17:44 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-12-25 17:27 . 2008-01-19 14:32 23,763 --a------ C:\logfile
2007-12-25 17:25 . 2007-12-25 17:25 <REP> d-------- C:\WINDOWS\system32\BWKDLogs
2007-12-25 17:23 . 2007-12-25 17:23 <REP> d-------- C:\Program Files\Fichiers communs\Kodak
2007-12-25 17:23 . 2004-08-04 00:54 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-12-25 17:23 . 2001-08-23 17:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-12-25 17:21 . 2007-12-26 10:36 <REP> d-------- C:\Program Files\Kodak
2007-12-25 17:19 . 2007-12-25 17:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2007-12-22 20:16 . 2007-12-22 20:16 <REP> d-------- C:\Program Files\Easy Gif Animator Extension
2007-12-22 20:16 . 2007-12-22 20:16 231,872 --a------ C:\WINDOWS\EasyGifAnimator_Toolbar_Uninstaller_2156.exe
2007-12-22 20:14 . 2007-12-22 20:15 <REP> d-------- C:\Program Files\Easy GIF Animator
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-19 13:00 --------- d-----w C:\Program Files\GamesBar
2008-01-19 12:22 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\LimeWire
2008-01-19 07:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\GamesBar
2008-01-18 20:10 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-18 20:07 --------- d-----w C:\Program Files\Gamenext
2008-01-17 15:22 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\AdobeUM
2008-01-17 12:56 --------- d-----w C:\Program Files\Incomplete
2008-01-17 12:20 --------- d-----w C:\Program Files\LimeWire
2008-01-13 15:50 --------- d-----w C:\Program Files\eMule
2008-01-11 09:20 --------- d-----w C:\Program Files\MSN Messenger
2008-01-10 19:25 --------- d-----w C:\Program Files\Windows Live
2007-12-15 20:03 --------- d-----w C:\Documents and Settings\kylie\Application Data\HPQ
2007-12-14 08:33 --------- d-----w C:\Program Files\Fichiers communs\LogiShrd
2007-12-14 08:27 --------- d-----w C:\Program Files\Logitech
2007-12-14 08:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2007-12-09 16:17 --------- d-----w C:\Documents and Settings\kylie\Application Data\AdobeUM
2007-12-09 08:28 --------- d-----w C:\Program Files\Java
2007-12-03 13:53 482 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\wklnhst.dat
2007-12-03 11:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-03 11:58 --------- d-----w C:\Program Files\Marco Polo Mobile Navigator 2
2007-12-03 11:54 --------- d-----w C:\Program Files\Fichiers communs\Mapserv
2007-12-03 11:54 --------- d-----w C:\Program Files\Fichiers communs\GIS
2007-12-03 11:50 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-12-03 11:46 --------- d-----w C:\Program Files\Common Files
2007-12-03 11:46 --------- d-----w C:\Program Files\AvantGo Connect
2007-11-30 23:44 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-30 23:44 --------- d-----w C:\Program Files\Windows Live Favorites
2007-11-23 20:24 --------- d-----w C:\Documents and Settings\sabrina\Application Data\HP
2007-11-22 16:42 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Image Zone Express
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-11-06 05:54 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-11-02 19:15 464 ----a-w C:\Documents and Settings\sabrina\Application Data\wklnhst.dat
2007-10-30 23:23 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2006-02-19 08:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.
((((((((((((((((((((((((((((( snapshot@2008-01-19_14.01.53,68 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-12 12:23:33 56,556 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-19 13:48:58 56,536 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-12-12 12:23:33 67,708 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-01-19 13:48:58 67,616 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2007-12-12 12:23:33 388,518 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-19 13:48:58 388,690 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-12-12 12:23:33 453,674 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-01-19 13:48:58 453,634 ----a-w C:\WINDOWS\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-12 18:58 68856]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-11-06 09:56 67128]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 09:20 401491]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 16:49 307200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 12:54 16010240 C:\WINDOWS\RTHDCPL.EXE]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 01:46 147456]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14 237568]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 21:34 249856]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 05:11 49152]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
"F-Secure Manager"="C:\Program Files\Pack Securite\Common\FSM32.exe" [2007-04-26 18:12 183208]
"F-Secure TNB"="C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" [2007-04-26 18:10 740208]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"au"="C:\Program Files\Dealio\DealioAU.exe" [2007-10-09 11:47 492896]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-01 01:13 180269]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12 488984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13 774168]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
C:\Documents and Settings\kylie\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-08-01 00:43:29]
C:\Documents and Settings\sabrina\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-08-01 00:43:29]
C:\Documents and Settings\Compaq_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
Outil de d‚tection de support de Cyber-shot Viewer.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-10-29 12:47:36]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logiciel Kodak EasyShare.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 04:33:46]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-06 09:56:43]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]
R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2007-04-26 18:09]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 05:08]
S1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Pack Securite\HIPS\fshs.sys [2007-04-26 18:11]
S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 16:29]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Pack Securite\Anti-Virus\minifilter\fsgk.sys [2007-04-26 18:07]
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2005-06-13 05:57]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Pack Securite\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 18:08]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Pack Securite\Anti-Virus\Win2K\FSrec.sys [2007-04-26 18:08]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-15 14:19:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-26 09:26:26 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.5.30.2.sxt _RegistrationOffer@16
"2008-01-19 12:44:06 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 14:55:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-19 14:57:42
ComboFix-quarantined-files.txt 2008-01-19 13:57:09
ComboFix2.txt 2008-01-19 13:03:03
.
2008-01-17 15:25:45 --- E O F ---
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.752 [GMT 1:00]
Running from: C:\Documents and Settings\Compaq_Propriétaire\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-19 to 2008-01-19 ))))))))))))))))))))))))))))))))))))
.
2008-01-19 14:48 . 2008-01-19 14:48 3,220 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2008-01-19 13:45 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-18 21:10 . 2008-01-18 21:10 1,409 --a------ C:\WINDOWS\system32\tmpE1089.FOT
2008-01-18 21:10 . 2008-01-18 21:10 1,409 --a------ C:\WINDOWS\system32\tmp8B389.FOT
2008-01-18 21:10 . 2008-01-18 21:10 1,409 --a------ C:\WINDOWS\system32\tmp75189.FOT
2008-01-18 21:10 . 2008-01-18 21:10 1,409 --a------ C:\WINDOWS\system32\tmp4F689.FOT
2008-01-18 21:10 . 2008-01-18 21:10 1,409 --a------ C:\WINDOWS\system32\tmp48C79.FOT
2008-01-18 21:10 . 2008-01-18 21:10 1,409 --a------ C:\WINDOWS\system32\tmp01589.FOT
2008-01-18 21:07 . 2008-01-18 21:07 <REP> d-------- C:\Program Files\Fichiers communs\Oberon Media
2008-01-17 16:52 . 2008-01-17 16:52 <REP> d-------- C:\Documents and Settings\kylie\Application Data\Grisoft
2008-01-17 16:45 . 2008-01-17 16:45 <REP> d-------- C:\Documents and Settings\sabrina\Application Data\Grisoft
2008-01-16 21:33 . 2008-01-19 12:46 <REP> d-------- C:\Program Files\Lopxp
2008-01-16 19:58 . 2008-01-16 19:58 <REP> d-------- C:\Program Files\Trend Micro
2008-01-16 19:53 . 2008-01-16 19:53 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Grisoft
2008-01-16 19:52 . 2008-01-16 19:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-16 19:52 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-16 17:44 . 2008-01-16 17:44 <REP> d-------- C:\Program Files\Alwil Software
2008-01-16 09:47 . 2008-01-16 09:49 <REP> d-------- C:\Casino Riva
2008-01-15 08:48 . 2008-01-18 09:08 <REP> d-------- C:\Casino
2008-01-13 18:54 . 2008-01-13 18:54 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Saved Games
2008-01-13 18:54 . 2008-01-13 18:54 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Saved Games
2008-01-10 20:24 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-01-10 20:20 . 2008-01-10 20:20 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-01-10 19:52 . 2008-01-10 19:55 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-10 19:51 . 2008-01-10 20:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-09 17:56 . 2008-01-09 17:56 <REP> d-------- C:\WINDOWS\system32\FlashAX
2008-01-06 10:00 . 2008-01-19 14:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-06 10:00 . 2008-01-06 10:00 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-05 15:30 . 2008-01-14 10:45 <REP> d-------- C:\Program Files\Gold VIP Club Casino
2007-12-28 16:19 . 2007-12-28 16:19 <REP> d-------- C:\Program Files\Crazy Vegas Flash Casino
2007-12-28 15:18 . 2007-12-28 15:18 17 --a------ C:\WINDOWS\pp.enc
2007-12-28 15:13 . 2008-01-18 08:55 <REP> d-------- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microgaming
2007-12-25 17:45 . 2007-12-25 17:45 <REP> d-------- C:\Program Files\Bonjour
2007-12-25 17:44 . 2007-12-25 17:44 <REP> d-------- C:\WINDOWS\Downloaded Installations
2007-12-25 17:27 . 2008-01-19 14:32 23,763 --a------ C:\logfile
2007-12-25 17:25 . 2007-12-25 17:25 <REP> d-------- C:\WINDOWS\system32\BWKDLogs
2007-12-25 17:23 . 2007-12-25 17:23 <REP> d-------- C:\Program Files\Fichiers communs\Kodak
2007-12-25 17:23 . 2004-08-04 00:54 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-12-25 17:23 . 2001-08-23 17:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-12-25 17:21 . 2007-12-26 10:36 <REP> d-------- C:\Program Files\Kodak
2007-12-25 17:19 . 2007-12-25 17:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2007-12-22 20:16 . 2007-12-22 20:16 <REP> d-------- C:\Program Files\Easy Gif Animator Extension
2007-12-22 20:16 . 2007-12-22 20:16 231,872 --a------ C:\WINDOWS\EasyGifAnimator_Toolbar_Uninstaller_2156.exe
2007-12-22 20:14 . 2007-12-22 20:15 <REP> d-------- C:\Program Files\Easy GIF Animator
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-19 13:00 --------- d-----w C:\Program Files\GamesBar
2008-01-19 12:22 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\LimeWire
2008-01-19 07:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\GamesBar
2008-01-18 20:10 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-18 20:07 --------- d-----w C:\Program Files\Gamenext
2008-01-17 15:22 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\AdobeUM
2008-01-17 12:56 --------- d-----w C:\Program Files\Incomplete
2008-01-17 12:20 --------- d-----w C:\Program Files\LimeWire
2008-01-13 15:50 --------- d-----w C:\Program Files\eMule
2008-01-11 09:20 --------- d-----w C:\Program Files\MSN Messenger
2008-01-10 19:25 --------- d-----w C:\Program Files\Windows Live
2007-12-15 20:03 --------- d-----w C:\Documents and Settings\kylie\Application Data\HPQ
2007-12-14 08:33 --------- d-----w C:\Program Files\Fichiers communs\LogiShrd
2007-12-14 08:27 --------- d-----w C:\Program Files\Logitech
2007-12-14 08:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2007-12-09 16:17 --------- d-----w C:\Documents and Settings\kylie\Application Data\AdobeUM
2007-12-09 08:28 --------- d-----w C:\Program Files\Java
2007-12-03 13:53 482 ----a-w C:\Documents and Settings\Compaq_Propriétaire\Application Data\wklnhst.dat
2007-12-03 11:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-03 11:58 --------- d-----w C:\Program Files\Marco Polo Mobile Navigator 2
2007-12-03 11:54 --------- d-----w C:\Program Files\Fichiers communs\Mapserv
2007-12-03 11:54 --------- d-----w C:\Program Files\Fichiers communs\GIS
2007-12-03 11:50 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-12-03 11:46 --------- d-----w C:\Program Files\Common Files
2007-12-03 11:46 --------- d-----w C:\Program Files\AvantGo Connect
2007-11-30 23:44 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-30 23:44 --------- d-----w C:\Program Files\Windows Live Favorites
2007-11-23 20:24 --------- d-----w C:\Documents and Settings\sabrina\Application Data\HP
2007-11-22 16:42 --------- d-----w C:\Documents and Settings\Compaq_Propriétaire\Application Data\Image Zone Express
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-11-06 05:54 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-11-02 19:15 464 ----a-w C:\Documents and Settings\sabrina\Application Data\wklnhst.dat
2007-10-30 23:23 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2006-02-19 08:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.
((((((((((((((((((((((((((((( snapshot@2008-01-19_14.01.53,68 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-12 12:23:33 56,556 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-19 13:48:58 56,536 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-12-12 12:23:33 67,708 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-01-19 13:48:58 67,616 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2007-12-12 12:23:33 388,518 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-19 13:48:58 388,690 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-12-12 12:23:33 453,674 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-01-19 13:48:58 453,634 ----a-w C:\WINDOWS\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-12 18:58 68856]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-11-06 09:56 67128]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 09:20 401491]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 16:49 307200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 12:54 16010240 C:\WINDOWS\RTHDCPL.EXE]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-02-25 01:46 147456]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14 237568]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 21:34 249856]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 05:11 49152]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
"F-Secure Manager"="C:\Program Files\Pack Securite\Common\FSM32.exe" [2007-04-26 18:12 183208]
"F-Secure TNB"="C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" [2007-04-26 18:10 740208]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"au"="C:\Program Files\Dealio\DealioAU.exe" [2007-10-09 11:47 492896]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-01 01:13 180269]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12 488984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13 774168]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
C:\Documents and Settings\kylie\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-08-01 00:43:29]
C:\Documents and Settings\sabrina\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-08-01 00:43:29]
C:\Documents and Settings\Compaq_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
Outil de d‚tection de support de Cyber-shot Viewer.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-10-29 12:47:36]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logiciel Kodak EasyShare.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 04:33:46]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-06 09:56:43]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]
R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2007-04-26 18:09]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 05:08]
S1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Pack Securite\HIPS\fshs.sys [2007-04-26 18:11]
S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 16:29]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Pack Securite\Anti-Virus\minifilter\fsgk.sys [2007-04-26 18:07]
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2005-06-13 05:57]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Pack Securite\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 18:08]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Pack Securite\Anti-Virus\Win2K\FSrec.sys [2007-04-26 18:08]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-15 14:19:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-26 09:26:26 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.5.30.2.sxt _RegistrationOffer@16
"2008-01-19 12:44:06 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 14:55:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-19 14:57:42
ComboFix-quarantined-files.txt 2008-01-19 13:57:09
ComboFix2.txt 2008-01-19 13:03:03
.
2008-01-17 15:25:45 --- E O F ---
