Virus msn persistant
Résolu
Matt0013
Messages postés
117
Date d'inscription
Statut
Membre
Dernière intervention
-
^^Marie^^ -
^^Marie^^ -
Bonjour,
Voila j'ai chopé un virus sur msn et je n'arrive plus a l'enlever, j'ai executer avast,hijack,avg, msnfix,cleaner mais voila ca redevient comme avant je peux aller sur internet 1min apres je peux plus rien faire , voici le rapport de Hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:55, on 17/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Propriétaire\Bureau\test.exe.exe
C:\WINDOWS\svchost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/fr9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fnhotmail%2fhelp%2f%3f
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\svchost.exe
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [bokja] C:\WINDOWS\bokja.exe
O4 - HKLM\..\Run: [ifuxyf] C:\WINDOWS\ifuxyf.exe
O4 - HKLM\..\Run: [Jawa32] C:\WINDOWS\jawa32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Jawa322] C:\WINDOWS\jawa32.exe
O4 - HKLM\..\Run: [Ztvpbsi] C:\WINDOWS\Ytgzm.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [zkmtgi] C:\Documents and Settings\Propriétaire\zkmtgi.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Aéris online.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c32.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://11984.kit.carpediem.fr/enviedebaiser.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C39B6EC-D035-49CC-9F72-7A00FA1F47AE}: NameServer = 192.168.0.250
O17 - HKLM\System\CCS\Services\Tcpip\..\{B06C9A92-1D82-4EDA-A96C-1D1220AD3C2A}: NameServer = 192.168.0.250
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Generic Host Process for Win-32 Service - Unknown owner - C:\WINDOWS\svchost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Voila j'ai chopé un virus sur msn et je n'arrive plus a l'enlever, j'ai executer avast,hijack,avg, msnfix,cleaner mais voila ca redevient comme avant je peux aller sur internet 1min apres je peux plus rien faire , voici le rapport de Hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:55, on 17/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Propriétaire\Bureau\test.exe.exe
C:\WINDOWS\svchost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/fr9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fnhotmail%2fhelp%2f%3f
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\svchost.exe
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [bokja] C:\WINDOWS\bokja.exe
O4 - HKLM\..\Run: [ifuxyf] C:\WINDOWS\ifuxyf.exe
O4 - HKLM\..\Run: [Jawa32] C:\WINDOWS\jawa32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Jawa322] C:\WINDOWS\jawa32.exe
O4 - HKLM\..\Run: [Ztvpbsi] C:\WINDOWS\Ytgzm.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [zkmtgi] C:\Documents and Settings\Propriétaire\zkmtgi.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Aéris online.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c32.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://11984.kit.carpediem.fr/enviedebaiser.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C39B6EC-D035-49CC-9F72-7A00FA1F47AE}: NameServer = 192.168.0.250
O17 - HKLM\System\CCS\Services\Tcpip\..\{B06C9A92-1D82-4EDA-A96C-1D1220AD3C2A}: NameServer = 192.168.0.250
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Generic Host Process for Win-32 Service - Unknown owner - C:\WINDOWS\svchost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
A voir également:
- Virus msn persistant
- Virus mcafee - Accueil - Piratage
- Telecharger msn - Télécharger - Messagerie
- Msn explorer - Télécharger - Divers Web & Internet
- Virus facebook demande d'amis - Accueil - Facebook
- Undisclosed-recipients virus - Guide
192 réponses
ComboFix 08-01-18.3 - Propriétaire 2008-01-18 0:28:07.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.246 [GMT 1:00]
Running from: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\xpdx.sys
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_ASC3550U
-------\LEGACY_MSUPDATE
-------\LEGACY_NTMLSVC
-------\nm
-------\NtmlSvc
-------\xpdx
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-17 to 2008-01-17 ))))))))))))))))))))))))))))))))))))
.
2008-01-18 00:25 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-17 20:00 . 2008-01-17 20:00 <REP> d-------- C:\Program Files\CCleaner
2008-01-17 12:56 . 2008-01-17 12:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-16 23:06 . 2008-01-16 23:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-16 23:06 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-16 22:18 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-16 22:18 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-16 22:18 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-16 21:54 . 2008-01-17 22:05 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-16 21:53 . 2008-01-17 21:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-16 18:48 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-16 18:48 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-16 18:48 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-16 18:48 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-16 18:48 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-16 18:48 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-16 18:48 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-16 18:48 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-15 21:12 . 2008-01-16 17:05 512 --a------ C:\WINDOWS\randseed.rnd
2008-01-15 21:08 . 2008-01-15 21:08 <REP> d-------- C:\Program Files\Fichiers communs\Cisco Systems
2008-01-15 17:11 . 2008-01-15 17:11 <REP> d-------- C:\Program Files\Dot1XCfg
2008-01-14 22:02 . 2008-01-16 23:59 <REP> d--h----- C:\Program Files\Fichiers communs\Carlson
2008-01-02 06:46 . 2007-10-31 14:09 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-17 21:28 --------- d-----w C:\Program Files\AeRO
2008-01-16 21:11 --------- d-----w C:\Program Files\Yahoo!
2008-01-16 20:54 --------- d-----w C:\Program Files\Windows Live
2008-01-16 20:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-16 19:27 --------- d-----w C:\Program Files\Kaspersky Lab
2008-01-16 18:10 --------- d-----w C:\Program Files\Adverts
2008-01-14 22:05 --------- d-----w C:\Program Files\MSN Messenger
2008-01-12 12:24 --------- d-----w C:\Program Files\Reign Of Midgard
2008-01-12 12:21 --------- d-----w C:\Program Files\Ragnarok Online Factions
2008-01-02 05:51 --------- d-----w C:\Program Files\iTunes
2008-01-02 05:51 --------- d-----w C:\Program Files\iPod
2008-01-02 05:49 --------- d-----w C:\Program Files\QuickTime
2007-12-05 15:49 --------- d-----w C:\Program Files\Simply RO
2007-11-25 13:02 --------- d-----w C:\Program Files\Tales of Pirates Online
2007-11-25 13:00 --------- d-----w C:\Program Files\Heliopolis
2007-11-23 17:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-23 17:23 --------- d-----w C:\Program Files\Veoh Networks
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [ ]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2006-08-31 13:38 20480]
"Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-12 22:24 68856]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-11-13 15:48 3411968]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2003-05-08 07:32 36864 C:\WINDOWS\system32\VTTimer.exe]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-08-09 11:27 139264]
"StorageGuard"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-02-13 15:01 155648]
"nwiz"="nwiz.exe" [2005-06-15 10:20 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-06-15 10:20 6803456]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-12 03:02 61440]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 23:04 52736]
"HPHUPD05"="c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 10:03 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 09:56 483328]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 14:07 114688]
"EPSON Stylus CX6400"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2003-05-27 04:08 99840]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 14:23 90112]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-18 15:36 28672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" []
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-06-15 10:20 86016]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 23:57 81920]
"zkmtgi"="C:\Documents and Settings\Propriétaire\zkmtgi.exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2006-03-02 13:00 208952]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 04:42 212992]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ :\WINDOWS\system3
R3 HPCFILT;Alcor Micro Corp - 9361;C:\WINDOWS\System32\Drivers\HpcFilt.sys [2003-08-11 09:46]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-03-02 13:00]
S2 Ca533av;Slim 3000, WDM Video Capture;C:\WINDOWS\system32\Drivers\Ca533av.sys []
S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2005-04-14 13:42]
S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2005-04-14 13:42]
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 18:08]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 18:11]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 18:11]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 18:13]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 18:15]
S3 o1394bul;o1394bul;C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\o1394bul.sys []
S3 USBCamera;DSC Still Image Capture (CA100);C:\WINDOWS\system32\Drivers\Bulk533.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 ZD1201U;Réseau sans fil OLITEC IEEE 802.11b Wireless LAN Driver (USB);C:\WINDOWS\system32\DRIVERS\zd1201u.sys [2003-08-06 16:25]
S3 ZDNDIS5;ZDNDIS5 Protocol Driver;C:\WINDOWS\System32\ZDNDIS5.SYS [2002-10-30 10:43]
S4 .NET Connection Service;.NET Framework Service;C:\WINDOWS\svchost.exe []
S4 Generic Host Process for Win-32 Service;Generic Host Process for Win-32 Service;"C:\WINDOWS\svchost.exe" []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Info.exe folder.htt 480 480
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-17 23:00:00 C:\WINDOWS\Tasks\AE14A10B919F53D7.job"
- c:\docume~1\propri~1\applic~1\settin~1\camp rdr rect.exe
"2008-01-17 23:00:00 C:\WINDOWS\Tasks\AE5713BA9188845A.job"
- c:\progra~1\settin~1\camp rdr rect.exe
"2008-01-10 15:15:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 00:35:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-18 0:41:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-17 23:41:25
.
2008-01-09 23:14:29 --- E O F ---
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.246 [GMT 1:00]
Running from: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\xpdx.sys
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_ASC3550U
-------\LEGACY_MSUPDATE
-------\LEGACY_NTMLSVC
-------\nm
-------\NtmlSvc
-------\xpdx
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-17 to 2008-01-17 ))))))))))))))))))))))))))))))))))))
.
2008-01-18 00:25 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-17 20:00 . 2008-01-17 20:00 <REP> d-------- C:\Program Files\CCleaner
2008-01-17 12:56 . 2008-01-17 12:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-16 23:06 . 2008-01-16 23:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-16 23:06 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-16 22:18 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-16 22:18 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-16 22:18 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-16 21:54 . 2008-01-17 22:05 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-16 21:53 . 2008-01-17 21:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-16 18:48 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-16 18:48 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-16 18:48 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-16 18:48 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-16 18:48 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-16 18:48 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-16 18:48 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-16 18:48 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-15 21:12 . 2008-01-16 17:05 512 --a------ C:\WINDOWS\randseed.rnd
2008-01-15 21:08 . 2008-01-15 21:08 <REP> d-------- C:\Program Files\Fichiers communs\Cisco Systems
2008-01-15 17:11 . 2008-01-15 17:11 <REP> d-------- C:\Program Files\Dot1XCfg
2008-01-14 22:02 . 2008-01-16 23:59 <REP> d--h----- C:\Program Files\Fichiers communs\Carlson
2008-01-02 06:46 . 2007-10-31 14:09 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-17 21:28 --------- d-----w C:\Program Files\AeRO
2008-01-16 21:11 --------- d-----w C:\Program Files\Yahoo!
2008-01-16 20:54 --------- d-----w C:\Program Files\Windows Live
2008-01-16 20:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-16 19:27 --------- d-----w C:\Program Files\Kaspersky Lab
2008-01-16 18:10 --------- d-----w C:\Program Files\Adverts
2008-01-14 22:05 --------- d-----w C:\Program Files\MSN Messenger
2008-01-12 12:24 --------- d-----w C:\Program Files\Reign Of Midgard
2008-01-12 12:21 --------- d-----w C:\Program Files\Ragnarok Online Factions
2008-01-02 05:51 --------- d-----w C:\Program Files\iTunes
2008-01-02 05:51 --------- d-----w C:\Program Files\iPod
2008-01-02 05:49 --------- d-----w C:\Program Files\QuickTime
2007-12-05 15:49 --------- d-----w C:\Program Files\Simply RO
2007-11-25 13:02 --------- d-----w C:\Program Files\Tales of Pirates Online
2007-11-25 13:00 --------- d-----w C:\Program Files\Heliopolis
2007-11-23 17:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-23 17:23 --------- d-----w C:\Program Files\Veoh Networks
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [ ]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2006-08-31 13:38 20480]
"Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-12 22:24 68856]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-11-13 15:48 3411968]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2003-05-08 07:32 36864 C:\WINDOWS\system32\VTTimer.exe]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-08-09 11:27 139264]
"StorageGuard"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-02-13 15:01 155648]
"nwiz"="nwiz.exe" [2005-06-15 10:20 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-06-15 10:20 6803456]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-12 03:02 61440]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 23:04 52736]
"HPHUPD05"="c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 10:03 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 09:56 483328]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 14:07 114688]
"EPSON Stylus CX6400"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2003-05-27 04:08 99840]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 14:23 90112]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-18 15:36 28672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" []
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-06-15 10:20 86016]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 23:57 81920]
"zkmtgi"="C:\Documents and Settings\Propriétaire\zkmtgi.exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2006-03-02 13:00 208952]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 04:42 212992]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ :\WINDOWS\system3
R3 HPCFILT;Alcor Micro Corp - 9361;C:\WINDOWS\System32\Drivers\HpcFilt.sys [2003-08-11 09:46]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-03-02 13:00]
S2 Ca533av;Slim 3000, WDM Video Capture;C:\WINDOWS\system32\Drivers\Ca533av.sys []
S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys [2005-04-14 13:42]
S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2005-04-14 13:42]
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 18:08]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 18:11]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 18:11]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 18:13]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 18:15]
S3 o1394bul;o1394bul;C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\o1394bul.sys []
S3 USBCamera;DSC Still Image Capture (CA100);C:\WINDOWS\system32\Drivers\Bulk533.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 ZD1201U;Réseau sans fil OLITEC IEEE 802.11b Wireless LAN Driver (USB);C:\WINDOWS\system32\DRIVERS\zd1201u.sys [2003-08-06 16:25]
S3 ZDNDIS5;ZDNDIS5 Protocol Driver;C:\WINDOWS\System32\ZDNDIS5.SYS [2002-10-30 10:43]
S4 .NET Connection Service;.NET Framework Service;C:\WINDOWS\svchost.exe []
S4 Generic Host Process for Win-32 Service;Generic Host Process for Win-32 Service;"C:\WINDOWS\svchost.exe" []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Info.exe folder.htt 480 480
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-17 23:00:00 C:\WINDOWS\Tasks\AE14A10B919F53D7.job"
- c:\docume~1\propri~1\applic~1\settin~1\camp rdr rect.exe
"2008-01-17 23:00:00 C:\WINDOWS\Tasks\AE5713BA9188845A.job"
- c:\progra~1\settin~1\camp rdr rect.exe
"2008-01-10 15:15:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 00:35:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-18 0:41:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-17 23:41:25
.
2008-01-09 23:14:29 --- E O F ---
Heu , Matt, je te présente toutes mes excuses, j'ai été pris au téléphone et j'ai pas pu faire autrement, désolé !
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
te conseiller de bien suivre les conseils de mes collègues, j'ai vu qu'il t'avais bien fait avancer, il faut voir demain se qu'il vont entreprendre pour terminer le nettoyage des virus:
Ensuite je reste à ta disposition pour tout ce qui est amélioration du system, ( c'est plus mon secteur ), si t'es ok !
Ensuite je reste à ta disposition pour tout ce qui est amélioration du system, ( c'est plus mon secteur ), si t'es ok !
Re,
1) tu n'aurais pas des pubs pour Cid depuis un certain temps ?
Télécharge ceci: (by Moe) :
http://sosvirus.changelog.fr/Green_day/Lopxpsetup.exe
Double clic sur Lopxpsetup.exe pour lancer l'installation
Au menu, choisir l'option 1
Patienter jusqu'à que l'on demande d'appuyer sur une touche, appuyer !
Une rapport sera alors crée, à copie/colle en entier sur le forum.
2) il y a des fichiers pour lesquesls je ne trouve pas d'info.
Rends toi sur ce site :
https://www.virustotal.com/gui/
Clique sur parcourir et cherche ce fichier : C:\Documents and Settings\Propriétaire\zkmtgi.exe
Clique sur Send File.
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta réponse.
Fais la même chose avec :
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\o1394bul.sys
1) tu n'aurais pas des pubs pour Cid depuis un certain temps ?
Télécharge ceci: (by Moe) :
http://sosvirus.changelog.fr/Green_day/Lopxpsetup.exe
Double clic sur Lopxpsetup.exe pour lancer l'installation
Au menu, choisir l'option 1
Patienter jusqu'à que l'on demande d'appuyer sur une touche, appuyer !
Une rapport sera alors crée, à copie/colle en entier sur le forum.
2) il y a des fichiers pour lesquesls je ne trouve pas d'info.
Rends toi sur ce site :
https://www.virustotal.com/gui/
Clique sur parcourir et cherche ce fichier : C:\Documents and Settings\Propriétaire\zkmtgi.exe
Clique sur Send File.
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta réponse.
Fais la même chose avec :
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\o1394bul.sys
A vrai dire je m'y connais pas enormement, mais genre me recommander un bon antivirus?
Tu pourrais me dire des ameliorations a faire pour avoir un bon fonctionnement de la machine, enfin des ameliorations basics..?
Tu pourrais me dire des ameliorations a faire pour avoir un bon fonctionnement de la machine, enfin des ameliorations basics..?
oui je suis présent, mais honnêtement, fini le travail avec LYONNAIS92, nous on fera le reste après, c'est moins important que tes virus,
donc respect pour LYONNAIS >> post 96 ;))
donc respect pour LYONNAIS >> post 96 ;))
Voici pourle rapport lopex:
Rapport Lopxp fait le 18/01/2008 à 1:04:51
Exécuté dans : C:\Program Files\Lopxp
- Fin du rapport -
Rapport Lopxp fait le 18/01/2008 à 1:04:51
Exécuté dans : C:\Program Files\Lopxp
___________________________________________________________________________ => Tâches planifiées C:\WINDOWS\tasks\AE14A10B919F53D7.job Crée le : 26/11/2004 à 23:05 Fichier exécuté => c:\docume~1\propri~1\applic~1\settin~1\camp rdr rect.exe C:\WINDOWS\tasks\AE5713BA9188845A.job Crée le : 28/09/2004 à 06:51 Fichier exécuté => c:\progra~1\settin~1\camp rdr rect.exe C:\WINDOWS\tasks\AppleSoftwareUpdate.job Crée le : 02/10/2006 à 17:22 Fichier exécuté => C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task ___________________________________________________________________________ => Listing des dossiers Application Data +- C:\Documents and Settings\Administrateur\Application Data 12/01/2001 01:45:23 ... Adobe -----= Adobe 12/01/2001 01:45:23 ... IDENTI~1 --= Identities 12/01/2001 01:45:23 ... INTERT~1 --= InterTrust 12/01/2001 01:45:23 ... MICROS~1 --= Microsoft 12/01/2001 01:45:23 ... SAMPLE~1 --= SampleView 12/01/2001 01:45:23 ... Sonic -----= Sonic 12/01/2001 01:45:23 ... Symantec --= Symantec +- C:\Documents and Settings\Administrateur\Local Settings\Application Data 12/01/2001 01:45:23 ... APPLIC~1 --= ApplicationHistory 12/01/2001 01:45:22 ... MICROS~1 --= Microsoft +- C:\Documents and Settings\All Users\Application Data 20/03/2001 14:56:54 ... AGEOFE~1 --= Age of Empires 3 24/08/2007 18:08:12 ... Apple -----= Apple 04/09/2004 18:58:11 ... APPLEC~1 --= Apple Computer 04/11/2006 17:02:02 ... Google ----= Google 16/01/2008 23:06:15 ... Grisoft ---= Grisoft 01/01/2003 16:12:15 ... HEWLET~1 --= Hewlett-Packard 01/01/2003 16:41:13 ... INTERV~1 --= InterVideo 20/07/2006 18:31:08 ... MESSEN~1 --= Messenger Plus! 01/01/2003 14:40:45 ... MICROS~1 --= Microsoft 25/12/2003 11:43:14 ... MSN6 ------= MSN6 05/02/2006 13:50:52 ... NVIEW_~1 --= nView_Profiles 25/07/2004 23:14:22 ... PINGPH~1 --= Ping phone blue burn 10/09/2004 18:38:33 ... PIXELS~1 --= pixelStorm 04/09/2004 18:58:20 ... QUICKT~1 --= QuickTime 26/11/2004 07:59:17 ... RULEBO~1 --= rule book tons proxy 01/01/2003 14:58:15 ... SBSI ------= SBSI 11/01/2006 21:17:38 ... SONYER~1 --= Sony Ericsson 30/12/2004 19:51:15 ... SPYBOT~1 --= Spybot - Search & Destroy 01/01/2003 23:39:43 ... Symantec --= Symantec 30/12/2003 19:08:43 ... UDL -------= UDL 16/01/2008 21:53:48 ... WLINST~1 --= WLInstaller 17/01/2008 12:56:32 ... YAHOO!~1 --= Yahoo! Companion ___________________________________________________________________________ => Listing du dossier ProgramFiles +- C:\Program Files 30/12/2003 19:07:52 ... ABBYYF~1.0SP --= ABBYY FineReader 5.0 Sprint 27/12/2003 19:40:00 ... ACTIVI~1 --= Activision 01/01/2005 17:48:45 ... ADMILL~1 --= Admilli Service 01/01/2003 16:42:26 ... Adobe -----= Adobe 07/12/2006 23:06:56 ... Adverts ---= Adverts 10/10/2007 14:51:41 ... AeRO ------= AeRO 11/02/2001 13:57:53 ... AGORAO~1 --= AgoraOnline 03/07/2004 22:26:06 ... Ahead -----= Ahead 07/01/2004 14:01:38 ... Aiptek ----= Aiptek 11/09/2006 21:17:57 ... ALWILS~1 --= Alwil Software 24/08/2007 18:08:43 ... APPLES~1 --= Apple Software Update 09/11/2006 07:39:47 ... ARCADY~1 --= ArcadyaOnline 24/12/2003 18:34:09 ... ArcSoft ---= ArcSoft 12/02/2006 22:42:34 ... Azureus ---= Azureus 29/07/2005 11:54:52 ... BitComet --= BitComet 18/06/2001 13:21:41 ... BITTOR~1 --= BitTornado 17/01/2008 20:00:17 ... CCleaner --= CCleaner 28/06/2004 17:58:27 ... COMMON~1 --= Common Files 01/01/2003 14:47:16 ... COMPLU~1 --= ComPlus Applications 11/02/2004 22:16:27 ... Creative --= Creative 10/01/2004 20:36:09 ... directx ---= directx 05/07/2004 23:50:48 ... DivX ------= DivX 15/01/2008 17:11:40 ... Dot1XCfg --= Dot1XCfg 01/01/2003 16:52:00 ... EASYIN~1 --= Easy Internet signup 06/05/2004 20:49:57 ... Eidos -----= Eidos 27/06/2004 12:35:49 ... eMule -----= eMule 30/12/2003 19:02:52 ... EPSON -----= EPSON 01/01/2003 14:41:25 ... FICHIE~1 --= Fichiers communs 08/08/2004 00:13:08 ... FIREFL~1 --= FireFly Studios 08/08/2004 00:16:38 ... GAMESP~1 --= GameSpy Arcade 11/08/2004 00:26:51 ... Google ----= Google 02/01/2007 18:46:25 ... Gpotato ---= Gpotato 10/01/2001 22:18:01 ... Gravity ---= Gravity 16/01/2008 23:06:08 ... Grisoft ---= Grisoft 05/11/2006 20:12:25 ... GUITAR~1 --= Guitar Pro 5 13/08/2007 15:37:44 ... HELIOP~1 --= Heliopolis 01/01/2003 15:58:37 ... HEWLET~1 --= Hewlett-Packard 07/07/2004 09:18:46 ... Hold ------= Hold 07/07/2004 09:16:03 ... Holdkeep --= Holdkeep 01/01/2003 16:05:29 ... HP --------= HP 11/01/2001 22:40:56 ... HLIOPO~1 --= Héliopolis 30/09/2004 18:56:52 ... iMesh -----= iMesh 01/01/2003 16:34:38 ... INSTAL~1 --= InstallShield Installation Information 01/01/2003 14:47:39 ... INTERN~1 --= Internet Explorer 01/01/2003 16:34:38 ... INTERV~1 --= InterVideo 21/06/2004 22:55:06 ... Inventel --= Inventel 07/09/2004 18:50:56 ... iPod ------= iPod 24/08/2007 18:11:18 ... iTunes ----= iTunes 01/01/2003 17:00:31 ... Java ------= Java 27/08/2007 02:41:32 ... Karma -----= Karma 13/09/2006 16:52:32 ... KASPER~1 --= Kaspersky Lab 02/12/2004 22:10:30 ... Lavasoft --= Lavasoft 05/06/2006 13:13:40 ... LimeWire --= LimeWire 25/12/2003 11:28:59 ... Logitech --= Logitech 18/01/2008 01:04:18 ... Lopxp -----= Lopxp 05/07/2004 13:04:21 ... Lycos -----= Lycos 01/01/2003 14:46:04 ... MESSEN~1 --= Messenger 27/06/2004 15:42:30 ... MESSEN~2 --= Messenger Plus! 3 20/07/2006 17:05:39 ... MESSEN~3 --= Messenger Plus! Live 01/01/2003 16:17:15 ... MI2493~1 --= Microsoft AutoRoute 01/01/2003 16:18:21 ... MIF408~1 --= Microsoft Encarta 01/01/2003 14:51:47 ... MICROS~1 --= microsoft frontpage 25/12/2003 09:41:40 ... MI9A48~1 --= Microsoft Games 01/01/2003 16:16:45 ... MICAC0~1 --= Microsoft Money 01/01/2003 16:14:25 ... MICROS~4 --= Microsoft Office 01/01/2003 16:17:37 ... MI7D6A~1 --= Microsoft Picture It! 7 01/01/2003 16:12:51 ... MICROS~3 --= Microsoft Works 01/01/2003 16:12:15 ... MICROS~2 --= Microsoft Works Suite 2003 04/06/2001 12:34:32 ... MIDGAR~1 --= Midgard's Destiny 01/01/2003 14:47:47 ... MOVIEM~1 --= Movie Maker 05/02/2006 19:11:57 ... MOZILL~1 --= Mozilla Firefox 01/01/2003 14:45:42 ... MSN -------= MSN 31/07/2004 00:42:47 ... MSNAPP~1 --= MSN Apps 01/01/2003 14:46:02 ... MSNGAM~1 --= MSN Gaming Zone 03/07/2004 17:43:32 ... MSNMES~1 --= MSN Messenger 25/08/2007 03:06:31 ... MSXML4~1.0 --= MSXML 4.0 24/12/2003 18:32:42 ... MULTIM~1 --= Multimedia Card Reader 23/09/2004 16:59:29 ... MUSICA~1 --= Musicalis 19/04/2006 15:54:14 ... MUSICM~1 --= MUSICMATCH 01/01/2003 14:47:43 ... NETMEE~1 --= NetMeeting 17/03/2004 14:17:33 ... NORTON~2 --= Norton Personal Firewall 12/08/2007 19:13:49 ... OLITEC~1 --= OLITEC SA 01/01/2003 14:47:42 ... OUTLOO~1 --= Outlook Express 14/11/2004 13:37:54 ... Piolet ----= Piolet 24/08/2007 18:09:54 ... QUICKT~1 --= QuickTime 08/11/2007 07:42:00 ... RAGNAR~1 --= Ragnarok Online Factions 01/01/2003 16:32:54 ... RECORD~1 --= RecordNow! 28/10/2007 19:36:04 ... REIGNO~1 --= Reign Of Midgard 07/12/2006 23:07:32 ... seekkeep --= seekkeep 01/01/2003 14:46:14 ... SERVIC~1 --= Services en ligne 05/12/2007 08:53:15 ... SIMPLY~1 --= Simply RO 30/12/2003 19:04:56 ... SMARTP~1 --= Smart Panel 12/01/2001 00:17:33 ... SOMBRE~1 --= Sombre-Lune Online 11/01/2006 21:17:38 ... SONYER~1 --= Sony Ericsson 30/12/2004 19:51:13 ... SPYBOT~1 --= Spybot - Search & Destroy 01/01/2003 23:39:42 ... Symantec --= Symantec 18/10/2007 16:59:11 ... TALESO~1 --= Tales of Pirates Online 30/04/2006 20:06:03 ... TEAMSP~1 --= Teamspeak2_RC2 08/07/2004 18:02:46 ... TESTKE~1 --= TestKeepSeek 11/10/2006 17:06:04 ... TIEDUC~1 --= TI Education 03/11/2004 18:16:50 ... TRANSP~1 --= Transport Giant 21/06/2007 00:38:15 ... TWILIG~1 --= Twilight Angel 25/12/2003 10:55:06 ... UBISOFT ---= UBISOFT 07/01/2004 13:56:40 ... ULEADS~1 --= Ulead Systems 01/01/2003 14:56:18 ... UNINST~1 --= Uninstall Information 23/11/2007 18:23:23 ... VEOHNE~1 --= Veoh Networks 29/12/2003 20:27:34 ... Wanadoo ---= Wanadoo 18/06/2007 17:20:27 ... WINDOW~4 --= Windows Live 01/01/2003 14:46:13 ... WINDOW~2 --= Windows Media Player 01/01/2003 14:45:42 ... WINDOW~1 --= Windows NT 01/01/2003 14:46:14 ... WINDOW~3 --= WindowsUpdate 03/07/2004 22:00:41 ... WinRAR ----= WinRAR 09/08/2004 20:01:27 ... WinZip ----= WinZip 01/01/2003 14:51:47 ... xerox -----= xerox 17/09/2004 19:06:05 ... Yahoo! ----= Yahoo! ___________________________________________________________________________ => Clés registre ___________________________________________________________________________ => Bloqueur popups Internet Explorer +- Liste des popups autorisés : zonenxt.msn-int.com zonenxt.msn-ppe.com zone.msn.com PopupMgr ___________________________________________________________________________ /!\ Suggestion (Nécessite une interprétation.) +- Dossiers suspects : C:\Documents and Settings\All Users\Application Data\Ping phone blue burn C:\Documents and Settings\All Users\Application Data\rule book tons proxy C:\Documents and Settings\Propriétaire\Application Data\seekkeep C:\Program Files\Hold C:\Program Files\Holdkeep C:\Program Files\seekkeep C:\Program Files\TestKeepSeek C:\Program Files\Adverts +- Tâches planifiées suspectes : C:\WINDOWS\tasks\AE14A10B919F53D7.job
- Fin du rapport -
Voici pourle rapport lopex:
Rapport Lopxp fait le 18/01/2008 à 1:04:51
Exécuté dans : C:\Program Files\Lopxp
___________________________________________________________________________
=> Tâches planifiées
C:\WINDOWS\tasks\AE14A10B919F53D7.job
Crée le : 26/11/2004 à 23:05
Fichier exécuté => c:\docume~1\propri~1\applic~1\settin~1\camp rdr rect.exe
C:\WINDOWS\tasks\AE5713BA9188845A.job
Crée le : 28/09/2004 à 06:51
Fichier exécuté => c:\progra~1\settin~1\camp rdr rect.exe
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
Crée le : 02/10/2006 à 17:22
Fichier exécuté => C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task
___________________________________________________________________________
=> Listing des dossiers Application Data
+- C:\Documents and Settings\Administrateur\Application Data
12/01/2001 01:45:23 ... Adobe -----= Adobe
12/01/2001 01:45:23 ... IDENTI~1 --= Identities
12/01/2001 01:45:23 ... INTERT~1 --= InterTrust
12/01/2001 01:45:23 ... MICROS~1 --= Microsoft
12/01/2001 01:45:23 ... SAMPLE~1 --= SampleView
12/01/2001 01:45:23 ... Sonic -----= Sonic
12/01/2001 01:45:23 ... Symantec --= Symantec
+- C:\Documents and Settings\Administrateur\Local Settings\Application Data
12/01/2001 01:45:23 ... APPLIC~1 --= ApplicationHistory
12/01/2001 01:45:22 ... MICROS~1 --= Microsoft
+- C:\Documents and Settings\All Users\Application Data
20/03/2001 14:56:54 ... AGEOFE~1 --= Age of Empires 3
24/08/2007 18:08:12 ... Apple -----= Apple
04/09/2004 18:58:11 ... APPLEC~1 --= Apple Computer
04/11/2006 17:02:02 ... Google ----= Google
16/01/2008 23:06:15 ... Grisoft ---= Grisoft
01/01/2003 16:12:15 ... HEWLET~1 --= Hewlett-Packard
01/01/2003 16:41:13 ... INTERV~1 --= InterVideo
20/07/2006 18:31:08 ... MESSEN~1 --= Messenger Plus!
01/01/2003 14:40:45 ... MICROS~1 --= Microsoft
25/12/2003 11:43:14 ... MSN6 ------= MSN6
05/02/2006 13:50:52 ... NVIEW_~1 --= nView_Profiles
25/07/2004 23:14:22 ... PINGPH~1 --= Ping phone blue burn
10/09/2004 18:38:33 ... PIXELS~1 --= pixelStorm
04/09/2004 18:58:20 ... QUICKT~1 --= QuickTime
26/11/2004 07:59:17 ... RULEBO~1 --= rule book tons proxy
01/01/2003 14:58:15 ... SBSI ------= SBSI
11/01/2006 21:17:38 ... SONYER~1 --= Sony Ericsson
30/12/2004 19:51:15 ... SPYBOT~1 --= Spybot - Search & Destroy
01/01/2003 23:39:43 ... Symantec --= Symantec
30/12/2003 19:08:43 ... UDL -------= UDL
16/01/2008 21:53:48 ... WLINST~1 --= WLInstaller
17/01/2008 12:56:32 ... YAHOO!~1 --= Yahoo! Companion
___________________________________________________________________________
=> Listing du dossier ProgramFiles
+- C:\Program Files
30/12/2003 19:07:52 ... ABBYYF~1.0SP --= ABBYY FineReader 5.0 Sprint
27/12/2003 19:40:00 ... ACTIVI~1 --= Activision
01/01/2005 17:48:45 ... ADMILL~1 --= Admilli Service
01/01/2003 16:42:26 ... Adobe -----= Adobe
07/12/2006 23:06:56 ... Adverts ---= Adverts
10/10/2007 14:51:41 ... AeRO ------= AeRO
11/02/2001 13:57:53 ... AGORAO~1 --= AgoraOnline
03/07/2004 22:26:06 ... Ahead -----= Ahead
07/01/2004 14:01:38 ... Aiptek ----= Aiptek
11/09/2006 21:17:57 ... ALWILS~1 --= Alwil Software
24/08/2007 18:08:43 ... APPLES~1 --= Apple Software Update
09/11/2006 07:39:47 ... ARCADY~1 --= ArcadyaOnline
24/12/2003 18:34:09 ... ArcSoft ---= ArcSoft
12/02/2006 22:42:34 ... Azureus ---= Azureus
29/07/2005 11:54:52 ... BitComet --= BitComet
18/06/2001 13:21:41 ... BITTOR~1 --= BitTornado
17/01/2008 20:00:17 ... CCleaner --= CCleaner
28/06/2004 17:58:27 ... COMMON~1 --= Common Files
01/01/2003 14:47:16 ... COMPLU~1 --= ComPlus Applications
11/02/2004 22:16:27 ... Creative --= Creative
10/01/2004 20:36:09 ... directx ---= directx
05/07/2004 23:50:48 ... DivX ------= DivX
15/01/2008 17:11:40 ... Dot1XCfg --= Dot1XCfg
01/01/2003 16:52:00 ... EASYIN~1 --= Easy Internet signup
06/05/2004 20:49:57 ... Eidos -----= Eidos
27/06/2004 12:35:49 ... eMule -----= eMule
30/12/2003 19:02:52 ... EPSON -----= EPSON
01/01/2003 14:41:25 ... FICHIE~1 --= Fichiers communs
08/08/2004 00:13:08 ... FIREFL~1 --= FireFly Studios
08/08/2004 00:16:38 ... GAMESP~1 --= GameSpy Arcade
11/08/2004 00:26:51 ... Google ----= Google
02/01/2007 18:46:25 ... Gpotato ---= Gpotato
10/01/2001 22:18:01 ... Gravity ---= Gravity
16/01/2008 23:06:08 ... Grisoft ---= Grisoft
05/11/2006 20:12:25 ... GUITAR~1 --= Guitar Pro 5
13/08/2007 15:37:44 ... HELIOP~1 --= Heliopolis
01/01/2003 15:58:37 ... HEWLET~1 --= Hewlett-Packard
07/07/2004 09:18:46 ... Hold ------= Hold
07/07/2004 09:16:03 ... Holdkeep --= Holdkeep
01/01/2003 16:05:29 ... HP --------= HP
11/01/2001 22:40:56 ... HLIOPO~1 --= Héliopolis
30/09/2004 18:56:52 ... iMesh -----= iMesh
01/01/2003 16:34:38 ... INSTAL~1 --= InstallShield Installation Information
01/01/2003 14:47:39 ... INTERN~1 --= Internet Explorer
01/01/2003 16:34:38 ... INTERV~1 --= InterVideo
21/06/2004 22:55:06 ... Inventel --= Inventel
07/09/2004 18:50:56 ... iPod ------= iPod
24/08/2007 18:11:18 ... iTunes ----= iTunes
01/01/2003 17:00:31 ... Java ------= Java
27/08/2007 02:41:32 ... Karma -----= Karma
13/09/2006 16:52:32 ... KASPER~1 --= Kaspersky Lab
02/12/2004 22:10:30 ... Lavasoft --= Lavasoft
05/06/2006 13:13:40 ... LimeWire --= LimeWire
25/12/2003 11:28:59 ... Logitech --= Logitech
18/01/2008 01:04:18 ... Lopxp -----= Lopxp
05/07/2004 13:04:21 ... Lycos -----= Lycos
01/01/2003 14:46:04 ... MESSEN~1 --= Messenger
27/06/2004 15:42:30 ... MESSEN~2 --= Messenger Plus! 3
20/07/2006 17:05:39 ... MESSEN~3 --= Messenger Plus! Live
01/01/2003 16:17:15 ... MI2493~1 --= Microsoft AutoRoute
01/01/2003 16:18:21 ... MIF408~1 --= Microsoft Encarta
01/01/2003 14:51:47 ... MICROS~1 --= microsoft frontpage
25/12/2003 09:41:40 ... MI9A48~1 --= Microsoft Games
01/01/2003 16:16:45 ... MICAC0~1 --= Microsoft Money
01/01/2003 16:14:25 ... MICROS~4 --= Microsoft Office
01/01/2003 16:17:37 ... MI7D6A~1 --= Microsoft Picture It! 7
01/01/2003 16:12:51 ... MICROS~3 --= Microsoft Works
01/01/2003 16:12:15 ... MICROS~2 --= Microsoft Works Suite 2003
04/06/2001 12:34:32 ... MIDGAR~1 --= Midgard's Destiny
01/01/2003 14:47:47 ... MOVIEM~1 --= Movie Maker
05/02/2006 19:11:57 ... MOZILL~1 --= Mozilla Firefox
01/01/2003 14:45:42 ... MSN -------= MSN
31/07/2004 00:42:47 ... MSNAPP~1 --= MSN Apps
01/01/2003 14:46:02 ... MSNGAM~1 --= MSN Gaming Zone
03/07/2004 17:43:32 ... MSNMES~1 --= MSN Messenger
25/08/2007 03:06:31 ... MSXML4~1.0 --= MSXML 4.0
24/12/2003 18:32:42 ... MULTIM~1 --= Multimedia Card Reader
23/09/2004 16:59:29 ... MUSICA~1 --= Musicalis
19/04/2006 15:54:14 ... MUSICM~1 --= MUSICMATCH
01/01/2003 14:47:43 ... NETMEE~1 --= NetMeeting
17/03/2004 14:17:33 ... NORTON~2 --= Norton Personal Firewall
12/08/2007 19:13:49 ... OLITEC~1 --= OLITEC SA
01/01/2003 14:47:42 ... OUTLOO~1 --= Outlook Express
14/11/2004 13:37:54 ... Piolet ----= Piolet
24/08/2007 18:09:54 ... QUICKT~1 --= QuickTime
08/11/2007 07:42:00 ... RAGNAR~1 --= Ragnarok Online Factions
01/01/2003 16:32:54 ... RECORD~1 --= RecordNow!
28/10/2007 19:36:04 ... REIGNO~1 --= Reign Of Midgard
07/12/2006 23:07:32 ... seekkeep --= seekkeep
01/01/2003 14:46:14 ... SERVIC~1 --= Services en ligne
05/12/2007 08:53:15 ... SIMPLY~1 --= Simply RO
30/12/2003 19:04:56 ... SMARTP~1 --= Smart Panel
12/01/2001 00:17:33 ... SOMBRE~1 --= Sombre-Lune Online
11/01/2006 21:17:38 ... SONYER~1 --= Sony Ericsson
30/12/2004 19:51:13 ... SPYBOT~1 --= Spybot - Search & Destroy
01/01/2003 23:39:42 ... Symantec --= Symantec
18/10/2007 16:59:11 ... TALESO~1 --= Tales of Pirates Online
30/04/2006 20:06:03 ... TEAMSP~1 --= Teamspeak2_RC2
08/07/2004 18:02:46 ... TESTKE~1 --= TestKeepSeek
11/10/2006 17:06:04 ... TIEDUC~1 --= TI Education
03/11/2004 18:16:50 ... TRANSP~1 --= Transport Giant
21/06/2007 00:38:15 ... TWILIG~1 --= Twilight Angel
25/12/2003 10:55:06 ... UBISOFT ---= UBISOFT
07/01/2004 13:56:40 ... ULEADS~1 --= Ulead Systems
01/01/2003 14:56:18 ... UNINST~1 --= Uninstall Information
23/11/2007 18:23:23 ... VEOHNE~1 --= Veoh Networks
29/12/2003 20:27:34 ... Wanadoo ---= Wanadoo
18/06/2007 17:20:27 ... WINDOW~4 --= Windows Live
01/01/2003 14:46:13 ... WINDOW~2 --= Windows Media Player
01/01/2003 14:45:42 ... WINDOW~1 --= Windows NT
01/01/2003 14:46:14 ... WINDOW~3 --= WindowsUpdate
03/07/2004 22:00:41 ... WinRAR ----= WinRAR
09/08/2004 20:01:27 ... WinZip ----= WinZip
01/01/2003 14:51:47 ... xerox -----= xerox
17/09/2004 19:06:05 ... Yahoo! ----= Yahoo!
___________________________________________________________________________
=> Clés registre
___________________________________________________________________________
=> Bloqueur popups Internet Explorer
+- Liste des popups autorisés :
zonenxt.msn-int.com
zonenxt.msn-ppe.com
zone.msn.com
PopupMgr
___________________________________________________________________________
/!\ Suggestion (Nécessite une interprétation.)
+- Dossiers suspects :
C:\Documents and Settings\All Users\Application Data\Ping phone blue burn
C:\Documents and Settings\All Users\Application Data\rule book tons proxy
C:\Documents and Settings\Propriétaire\Application Data\seekkeep
C:\Program Files\Hold
C:\Program Files\Holdkeep
C:\Program Files\seekkeep
C:\Program Files\TestKeepSeek
C:\Program Files\Adverts
+- Tâches planifiées suspectes :
C:\WINDOWS\tasks\AE14A10B919F53D7.job
- Fin du rapport -
Pour ce qui est du 2)
je n'ai rien trouvé
Rapport Lopxp fait le 18/01/2008 à 1:04:51
Exécuté dans : C:\Program Files\Lopxp
___________________________________________________________________________
=> Tâches planifiées
C:\WINDOWS\tasks\AE14A10B919F53D7.job
Crée le : 26/11/2004 à 23:05
Fichier exécuté => c:\docume~1\propri~1\applic~1\settin~1\camp rdr rect.exe
C:\WINDOWS\tasks\AE5713BA9188845A.job
Crée le : 28/09/2004 à 06:51
Fichier exécuté => c:\progra~1\settin~1\camp rdr rect.exe
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
Crée le : 02/10/2006 à 17:22
Fichier exécuté => C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task
___________________________________________________________________________
=> Listing des dossiers Application Data
+- C:\Documents and Settings\Administrateur\Application Data
12/01/2001 01:45:23 ... Adobe -----= Adobe
12/01/2001 01:45:23 ... IDENTI~1 --= Identities
12/01/2001 01:45:23 ... INTERT~1 --= InterTrust
12/01/2001 01:45:23 ... MICROS~1 --= Microsoft
12/01/2001 01:45:23 ... SAMPLE~1 --= SampleView
12/01/2001 01:45:23 ... Sonic -----= Sonic
12/01/2001 01:45:23 ... Symantec --= Symantec
+- C:\Documents and Settings\Administrateur\Local Settings\Application Data
12/01/2001 01:45:23 ... APPLIC~1 --= ApplicationHistory
12/01/2001 01:45:22 ... MICROS~1 --= Microsoft
+- C:\Documents and Settings\All Users\Application Data
20/03/2001 14:56:54 ... AGEOFE~1 --= Age of Empires 3
24/08/2007 18:08:12 ... Apple -----= Apple
04/09/2004 18:58:11 ... APPLEC~1 --= Apple Computer
04/11/2006 17:02:02 ... Google ----= Google
16/01/2008 23:06:15 ... Grisoft ---= Grisoft
01/01/2003 16:12:15 ... HEWLET~1 --= Hewlett-Packard
01/01/2003 16:41:13 ... INTERV~1 --= InterVideo
20/07/2006 18:31:08 ... MESSEN~1 --= Messenger Plus!
01/01/2003 14:40:45 ... MICROS~1 --= Microsoft
25/12/2003 11:43:14 ... MSN6 ------= MSN6
05/02/2006 13:50:52 ... NVIEW_~1 --= nView_Profiles
25/07/2004 23:14:22 ... PINGPH~1 --= Ping phone blue burn
10/09/2004 18:38:33 ... PIXELS~1 --= pixelStorm
04/09/2004 18:58:20 ... QUICKT~1 --= QuickTime
26/11/2004 07:59:17 ... RULEBO~1 --= rule book tons proxy
01/01/2003 14:58:15 ... SBSI ------= SBSI
11/01/2006 21:17:38 ... SONYER~1 --= Sony Ericsson
30/12/2004 19:51:15 ... SPYBOT~1 --= Spybot - Search & Destroy
01/01/2003 23:39:43 ... Symantec --= Symantec
30/12/2003 19:08:43 ... UDL -------= UDL
16/01/2008 21:53:48 ... WLINST~1 --= WLInstaller
17/01/2008 12:56:32 ... YAHOO!~1 --= Yahoo! Companion
___________________________________________________________________________
=> Listing du dossier ProgramFiles
+- C:\Program Files
30/12/2003 19:07:52 ... ABBYYF~1.0SP --= ABBYY FineReader 5.0 Sprint
27/12/2003 19:40:00 ... ACTIVI~1 --= Activision
01/01/2005 17:48:45 ... ADMILL~1 --= Admilli Service
01/01/2003 16:42:26 ... Adobe -----= Adobe
07/12/2006 23:06:56 ... Adverts ---= Adverts
10/10/2007 14:51:41 ... AeRO ------= AeRO
11/02/2001 13:57:53 ... AGORAO~1 --= AgoraOnline
03/07/2004 22:26:06 ... Ahead -----= Ahead
07/01/2004 14:01:38 ... Aiptek ----= Aiptek
11/09/2006 21:17:57 ... ALWILS~1 --= Alwil Software
24/08/2007 18:08:43 ... APPLES~1 --= Apple Software Update
09/11/2006 07:39:47 ... ARCADY~1 --= ArcadyaOnline
24/12/2003 18:34:09 ... ArcSoft ---= ArcSoft
12/02/2006 22:42:34 ... Azureus ---= Azureus
29/07/2005 11:54:52 ... BitComet --= BitComet
18/06/2001 13:21:41 ... BITTOR~1 --= BitTornado
17/01/2008 20:00:17 ... CCleaner --= CCleaner
28/06/2004 17:58:27 ... COMMON~1 --= Common Files
01/01/2003 14:47:16 ... COMPLU~1 --= ComPlus Applications
11/02/2004 22:16:27 ... Creative --= Creative
10/01/2004 20:36:09 ... directx ---= directx
05/07/2004 23:50:48 ... DivX ------= DivX
15/01/2008 17:11:40 ... Dot1XCfg --= Dot1XCfg
01/01/2003 16:52:00 ... EASYIN~1 --= Easy Internet signup
06/05/2004 20:49:57 ... Eidos -----= Eidos
27/06/2004 12:35:49 ... eMule -----= eMule
30/12/2003 19:02:52 ... EPSON -----= EPSON
01/01/2003 14:41:25 ... FICHIE~1 --= Fichiers communs
08/08/2004 00:13:08 ... FIREFL~1 --= FireFly Studios
08/08/2004 00:16:38 ... GAMESP~1 --= GameSpy Arcade
11/08/2004 00:26:51 ... Google ----= Google
02/01/2007 18:46:25 ... Gpotato ---= Gpotato
10/01/2001 22:18:01 ... Gravity ---= Gravity
16/01/2008 23:06:08 ... Grisoft ---= Grisoft
05/11/2006 20:12:25 ... GUITAR~1 --= Guitar Pro 5
13/08/2007 15:37:44 ... HELIOP~1 --= Heliopolis
01/01/2003 15:58:37 ... HEWLET~1 --= Hewlett-Packard
07/07/2004 09:18:46 ... Hold ------= Hold
07/07/2004 09:16:03 ... Holdkeep --= Holdkeep
01/01/2003 16:05:29 ... HP --------= HP
11/01/2001 22:40:56 ... HLIOPO~1 --= Héliopolis
30/09/2004 18:56:52 ... iMesh -----= iMesh
01/01/2003 16:34:38 ... INSTAL~1 --= InstallShield Installation Information
01/01/2003 14:47:39 ... INTERN~1 --= Internet Explorer
01/01/2003 16:34:38 ... INTERV~1 --= InterVideo
21/06/2004 22:55:06 ... Inventel --= Inventel
07/09/2004 18:50:56 ... iPod ------= iPod
24/08/2007 18:11:18 ... iTunes ----= iTunes
01/01/2003 17:00:31 ... Java ------= Java
27/08/2007 02:41:32 ... Karma -----= Karma
13/09/2006 16:52:32 ... KASPER~1 --= Kaspersky Lab
02/12/2004 22:10:30 ... Lavasoft --= Lavasoft
05/06/2006 13:13:40 ... LimeWire --= LimeWire
25/12/2003 11:28:59 ... Logitech --= Logitech
18/01/2008 01:04:18 ... Lopxp -----= Lopxp
05/07/2004 13:04:21 ... Lycos -----= Lycos
01/01/2003 14:46:04 ... MESSEN~1 --= Messenger
27/06/2004 15:42:30 ... MESSEN~2 --= Messenger Plus! 3
20/07/2006 17:05:39 ... MESSEN~3 --= Messenger Plus! Live
01/01/2003 16:17:15 ... MI2493~1 --= Microsoft AutoRoute
01/01/2003 16:18:21 ... MIF408~1 --= Microsoft Encarta
01/01/2003 14:51:47 ... MICROS~1 --= microsoft frontpage
25/12/2003 09:41:40 ... MI9A48~1 --= Microsoft Games
01/01/2003 16:16:45 ... MICAC0~1 --= Microsoft Money
01/01/2003 16:14:25 ... MICROS~4 --= Microsoft Office
01/01/2003 16:17:37 ... MI7D6A~1 --= Microsoft Picture It! 7
01/01/2003 16:12:51 ... MICROS~3 --= Microsoft Works
01/01/2003 16:12:15 ... MICROS~2 --= Microsoft Works Suite 2003
04/06/2001 12:34:32 ... MIDGAR~1 --= Midgard's Destiny
01/01/2003 14:47:47 ... MOVIEM~1 --= Movie Maker
05/02/2006 19:11:57 ... MOZILL~1 --= Mozilla Firefox
01/01/2003 14:45:42 ... MSN -------= MSN
31/07/2004 00:42:47 ... MSNAPP~1 --= MSN Apps
01/01/2003 14:46:02 ... MSNGAM~1 --= MSN Gaming Zone
03/07/2004 17:43:32 ... MSNMES~1 --= MSN Messenger
25/08/2007 03:06:31 ... MSXML4~1.0 --= MSXML 4.0
24/12/2003 18:32:42 ... MULTIM~1 --= Multimedia Card Reader
23/09/2004 16:59:29 ... MUSICA~1 --= Musicalis
19/04/2006 15:54:14 ... MUSICM~1 --= MUSICMATCH
01/01/2003 14:47:43 ... NETMEE~1 --= NetMeeting
17/03/2004 14:17:33 ... NORTON~2 --= Norton Personal Firewall
12/08/2007 19:13:49 ... OLITEC~1 --= OLITEC SA
01/01/2003 14:47:42 ... OUTLOO~1 --= Outlook Express
14/11/2004 13:37:54 ... Piolet ----= Piolet
24/08/2007 18:09:54 ... QUICKT~1 --= QuickTime
08/11/2007 07:42:00 ... RAGNAR~1 --= Ragnarok Online Factions
01/01/2003 16:32:54 ... RECORD~1 --= RecordNow!
28/10/2007 19:36:04 ... REIGNO~1 --= Reign Of Midgard
07/12/2006 23:07:32 ... seekkeep --= seekkeep
01/01/2003 14:46:14 ... SERVIC~1 --= Services en ligne
05/12/2007 08:53:15 ... SIMPLY~1 --= Simply RO
30/12/2003 19:04:56 ... SMARTP~1 --= Smart Panel
12/01/2001 00:17:33 ... SOMBRE~1 --= Sombre-Lune Online
11/01/2006 21:17:38 ... SONYER~1 --= Sony Ericsson
30/12/2004 19:51:13 ... SPYBOT~1 --= Spybot - Search & Destroy
01/01/2003 23:39:42 ... Symantec --= Symantec
18/10/2007 16:59:11 ... TALESO~1 --= Tales of Pirates Online
30/04/2006 20:06:03 ... TEAMSP~1 --= Teamspeak2_RC2
08/07/2004 18:02:46 ... TESTKE~1 --= TestKeepSeek
11/10/2006 17:06:04 ... TIEDUC~1 --= TI Education
03/11/2004 18:16:50 ... TRANSP~1 --= Transport Giant
21/06/2007 00:38:15 ... TWILIG~1 --= Twilight Angel
25/12/2003 10:55:06 ... UBISOFT ---= UBISOFT
07/01/2004 13:56:40 ... ULEADS~1 --= Ulead Systems
01/01/2003 14:56:18 ... UNINST~1 --= Uninstall Information
23/11/2007 18:23:23 ... VEOHNE~1 --= Veoh Networks
29/12/2003 20:27:34 ... Wanadoo ---= Wanadoo
18/06/2007 17:20:27 ... WINDOW~4 --= Windows Live
01/01/2003 14:46:13 ... WINDOW~2 --= Windows Media Player
01/01/2003 14:45:42 ... WINDOW~1 --= Windows NT
01/01/2003 14:46:14 ... WINDOW~3 --= WindowsUpdate
03/07/2004 22:00:41 ... WinRAR ----= WinRAR
09/08/2004 20:01:27 ... WinZip ----= WinZip
01/01/2003 14:51:47 ... xerox -----= xerox
17/09/2004 19:06:05 ... Yahoo! ----= Yahoo!
___________________________________________________________________________
=> Clés registre
___________________________________________________________________________
=> Bloqueur popups Internet Explorer
+- Liste des popups autorisés :
zonenxt.msn-int.com
zonenxt.msn-ppe.com
zone.msn.com
PopupMgr
___________________________________________________________________________
/!\ Suggestion (Nécessite une interprétation.)
+- Dossiers suspects :
C:\Documents and Settings\All Users\Application Data\Ping phone blue burn
C:\Documents and Settings\All Users\Application Data\rule book tons proxy
C:\Documents and Settings\Propriétaire\Application Data\seekkeep
C:\Program Files\Hold
C:\Program Files\Holdkeep
C:\Program Files\seekkeep
C:\Program Files\TestKeepSeek
C:\Program Files\Adverts
+- Tâches planifiées suspectes :
C:\WINDOWS\tasks\AE14A10B919F53D7.job
- Fin du rapport -
Pour ce qui est du 2)
je n'ai rien trouvé
Re,
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en gras ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
C:\Documents and Settings\All Users\Application Data\Ping phone blue burn
C:\Documents and Settings\All Users\Application Data\rule book tons proxy
C:\Documents and Settings\Propriétaire\Application Data\seekkeep
C:\Program Files\Hold
C:\Program Files\Holdkeep
C:\Program Files\seekkeep
C:\Program Files\TestKeepSeek
C:\Program Files\Adverts
C:\WINDOWS\tasks\AE14A10B919F53D7.job
C:\WINDOWS\tasks\AE5713BA9188845A.job
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
Je verrai le résultat au jour.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en gras ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
C:\Documents and Settings\All Users\Application Data\Ping phone blue burn
C:\Documents and Settings\All Users\Application Data\rule book tons proxy
C:\Documents and Settings\Propriétaire\Application Data\seekkeep
C:\Program Files\Hold
C:\Program Files\Holdkeep
C:\Program Files\seekkeep
C:\Program Files\TestKeepSeek
C:\Program Files\Adverts
C:\WINDOWS\tasks\AE14A10B919F53D7.job
C:\WINDOWS\tasks\AE5713BA9188845A.job
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
Je verrai le résultat au jour.
voila le rapport de moveit:
C:\Documents and Settings\All Users\Application Data\Ping phone blue burn moved successfully.
C:\Documents and Settings\All Users\Application Data\rule book tons proxy moved successfully.
C:\Documents and Settings\Propriétaire\Application Data\seekkeep moved successfully.
C:\Program Files\Hold moved successfully.
C:\Program Files\Holdkeep moved successfully.
C:\Program Files\seekkeep moved successfully.
C:\Program Files\TestKeepSeek moved successfully.
C:\Program Files\Adverts moved successfully.
C:\WINDOWS\tasks\AE14A10B919F53D7.job moved successfully.
C:\WINDOWS\tasks\AE5713BA9188845A.job moved successfully.
Created on 01/18/2008 01:34:32
C:\Documents and Settings\All Users\Application Data\Ping phone blue burn moved successfully.
C:\Documents and Settings\All Users\Application Data\rule book tons proxy moved successfully.
C:\Documents and Settings\Propriétaire\Application Data\seekkeep moved successfully.
C:\Program Files\Hold moved successfully.
C:\Program Files\Holdkeep moved successfully.
C:\Program Files\seekkeep moved successfully.
C:\Program Files\TestKeepSeek moved successfully.
C:\Program Files\Adverts moved successfully.
C:\WINDOWS\tasks\AE14A10B919F53D7.job moved successfully.
C:\WINDOWS\tasks\AE5713BA9188845A.job moved successfully.
Created on 01/18/2008 01:34:32
Voila le rapport Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:45:08, on 18/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Propriétaire\Bureau\test.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [zkmtgi] C:\Documents and Settings\Propriétaire\zkmtgi.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Aéris online.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C39B6EC-D035-49CC-9F72-7A00FA1F47AE}: NameServer = 192.168.0.250
O17 - HKLM\System\CCS\Services\Tcpip\..\{B06C9A92-1D82-4EDA-A96C-1D1220AD3C2A}: NameServer = 192.168.0.250
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:45:08, on 18/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Propriétaire\Bureau\test.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX6400" /O6 "USB001" /M "Stylus CX6400"
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [zkmtgi] C:\Documents and Settings\Propriétaire\zkmtgi.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Aéris online.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C39B6EC-D035-49CC-9F72-7A00FA1F47AE}: NameServer = 192.168.0.250
O17 - HKLM\System\CCS\Services\Tcpip\..\{B06C9A92-1D82-4EDA-A96C-1D1220AD3C2A}: NameServer = 192.168.0.250
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
