Probleme virus msn
Résolu
pierre888
Messages postés
250
Date d'inscription
Statut
Membre
Dernière intervention
-
pierre888 Messages postés 250 Date d'inscription Statut Membre Dernière intervention -
pierre888 Messages postés 250 Date d'inscription Statut Membre Dernière intervention -
Bonjour,
bonjour a tous
voila j'ai un problème avec msn j'ai acepte sans reflechir un fichier contenant une soit disant photo de moi qui vene de mon frère :s
j'ai tente de le supprime mes j'y arrive pas
j'ai fait un scan avec avast en mode sans echec et j'ai aussi utilise msn fixe mes rien :s
voici le rapport
MSNFix 1.700
D:\Documents and Settings\clement\Bureau\MSNFix\MSNFix
Fix exécuté le 06/04/2008 - 16:16:09,57 By clement
mode normal
************************ Recherche les fichiers présents
... D:\WINDOWS\system32\%%%.exe
... D:\WINDOWS\system32\%%%.exe
************************ Recherche les dossiers présents
Aucun dossier trouvé
************************ Suppression des fichiers
.. OK ... D:\WINDOWS\system32\%.exe
.. OK ... D:\WINDOWS\system32\%.exe
/!\ ... D:\WINDOWS\system32\%%%.exe
/!\ ... D:\WINDOWS\system32\%%%.exe
/!\ ... D:\WINDOWS\system32\%%%.exe
/!\ ... D:\WINDOWS\system32\%%%.exe
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
Aucun Fichier trouvé
.. OK ... D:\WINDOWS\system32\%.exe
************************ Fichiers suspects
Aucun Fichier trouvé
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 06042008_16361681.zip
************************ HKLM\...\Winlogon\Userinit
Userinit = D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\%.exe
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
merci d'avance pr toutes vos reponse
pierre:)))
bonjour a tous
voila j'ai un problème avec msn j'ai acepte sans reflechir un fichier contenant une soit disant photo de moi qui vene de mon frère :s
j'ai tente de le supprime mes j'y arrive pas
j'ai fait un scan avec avast en mode sans echec et j'ai aussi utilise msn fixe mes rien :s
voici le rapport
MSNFix 1.700
D:\Documents and Settings\clement\Bureau\MSNFix\MSNFix
Fix exécuté le 06/04/2008 - 16:16:09,57 By clement
mode normal
************************ Recherche les fichiers présents
... D:\WINDOWS\system32\%%%.exe
... D:\WINDOWS\system32\%%%.exe
************************ Recherche les dossiers présents
Aucun dossier trouvé
************************ Suppression des fichiers
.. OK ... D:\WINDOWS\system32\%.exe
.. OK ... D:\WINDOWS\system32\%.exe
/!\ ... D:\WINDOWS\system32\%%%.exe
/!\ ... D:\WINDOWS\system32\%%%.exe
/!\ ... D:\WINDOWS\system32\%%%.exe
/!\ ... D:\WINDOWS\system32\%%%.exe
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
Aucun Fichier trouvé
.. OK ... D:\WINDOWS\system32\%.exe
************************ Fichiers suspects
Aucun Fichier trouvé
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 06042008_16361681.zip
************************ HKLM\...\Winlogon\Userinit
Userinit = D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\%.exe
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
merci d'avance pr toutes vos reponse
pierre:)))
A voir également:
- Probleme virus msn
- Virus mcafee - Accueil - Piratage
- Telecharger msn - Télécharger - Messagerie
- Msn explorer - Télécharger - Divers Web & Internet
- Virus facebook demande d'amis - Accueil - Facebook
- Undisclosed-recipients virus - Guide
25 réponses
Bonjour/Bonsoir
• Ne pas surfer ailleurs que sur le site
• Couper MSN ou tout autre connexion hormis celle sur le site
• Appliquer exactement et dans l'ordre les procédures indiquées.
• Au cas ou plusieurs intervenants se manifestent, en choisir un et un seul.
• Rester devant la machine en rafraichissant souvent le forum pour voir les nouvelles réponses.
• Répondre sans attendre à toutes les questions posées dans l'ordre ou elles ont étés posées
• Etre précis dans les réponses. Ne s'en tenir qu'au sujet et rien qu'au sujet.
• A proscrire : le language SMS.
• Ne pas quitter tant qu'il n'est pas dit explicitement que le problème est résolu ou qu'il dépasse les compétences de celui ou ceux qui vous aident.
• Ne pas ouvrir plusieurs discussions sur le même sujet sauf si on vous le demande (Problème non résolu. Ca arrive)
• Ne pas s'impatienter. L'analyse d'un rapport et la recherche de solutions appropriées prends un certain temps. Inutile donc de reposter le même message. Nous ne vous oublions pas, nous vous cherchons une solution
• Ne pas oublier : nous sommes bénévoles. Nous mangeons, nous dormons, nous travaillons, nous avons une vie de famille aussi.
• Les procédures qui vont suivre, bien que largement éprouvées, sont mises en oeuvre aux risques et périls du possesseur de la machine.
Préparation de la machine
• Vider la corbeille
• Fermer toutes les applications
================ PareFeu XP - Vista ===================
• Si un autre pare-feu que celui de windows est installé, vérifier qu'il est actif et passer à l'étape CCleaner
• Sinon
pour activer/désactiver le Pare-feu Vista
pour activer/désactiver le Pare-feu Xp le Pare-feu Vista
• Activer le pare-Feu si ce n'est déjà fait
===================== CCLEANER ========================
Pour le petit coup de polish.
• Appliquer la procédure ci-dessous.
• l'outil pourra être conservé pour faire le ménage de temps en temps en appliquant la même procédure.
• Télécharger CCLeaner et l'installer sur le bureau en refusant l'installation de la barre Yahoo.
• Fermer toutes les applications
• Lancer CCLeaner
S'il n'est pas en Français cliquer sur Options, Setting, Language et sélectionner Français
• cocher dans le menu Nettoyeur - onglet Windows :
Internet Explorer: Fichiers Internet Temporaires, Cookies
• Système: Vider la Poubelle, Fichiers Temporaires, Presse-papiers
• Avancé: Vieilles données du Prefetch
• Décocher dans le menu Options - sous-menu Avancé :
Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures
• Cocher dans le menu Nettoyeur - onglet Applications : Internet: Sun Java
• Cocher , si cela est possible, dans le menu Nettoyeur - onglet Applications :
Firefox/Mozilla: Cache Internet, Cookies
• Click sur Analyse
• Click sur le bouton Lancer le nettoyage dans le menu Nettoyeur.
• Click sur Registre
• Sélectionner tout
• Click sur Chercher des erreurs (En bas)
Une fois le scan terminé sélectionner tout
• Click sur Réparer les erreurs sélectionnées
==================== HIJACKTHIS ======================
HijackThis
• Télécharger HijackThis
• Installer HijackThis en se laissant guider (Accepter le répertoire proposé sans rien changer)
• Fermer HijackThis
• Télécharger sur le bureau HJTNew (Si le Pare-Feu ou l'Anti-virus se manifeste, Ignorer)
• Fermer toutes les applications
• Se débrancher d'Internet (Enlever le cable, c'est encore la meilleure solution)
• Lancer HJTNew.exe (Si le Pare-Feu ou l'Anti-virus se manifeste, Ignorer)
Ne pas s'étonner pour HJTNew, rien ne s'affiche, juste une fenêtre qui s'ouvre et se ferme aussitôt. C'est normal.
• Click sur Do a system scan and save a logfile
• Copier/Coller le rapport dans le prochain message
• Supprimer HJTNew.exe (sinon l'Anti-virus risque de se manifester souvent) puis
• Attendre les instructions
re bonsoir merci booddha de bien vouloir m'aide voila dsl j'ai mis un peut de temps a repondre je pense pas avoir une reponse aussi vite maintenant je suis la pas de probleme :)))
voici le rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:05:58, on 07/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PSIService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\WebcamMax\wcmmon.exe
D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Neuf\Kit\WiFi\9wifi.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Logitech\Video\FxSvr2.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\%%%.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - D:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Traducteur - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - D:\Program Files\PRMT6\PRMTIE\prmtie.dll
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [WebcamMaxMoniter] "D:\Program Files\WebcamMax\wcmmon.exe" /a
O4 - HKLM\..\Run: [vspdfprsrv.exe] D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background
O4 - HKLM\..\Run: [TrayServer] D:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] D:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Flashget] D:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "D:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [36X Raid Configurer] D:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ManyCam] "D:\Program Files\ManyCam 2.1\ManyCam.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Raccourci (2) vers chatserv.lnk = C:\chatserv4\chatserv.exe
O4 - Startup: Raccourci (3) vers chatserv.lnk = C:\chatserv9\chatserv.exe
O4 - Startup: Raccourci vers chatserv.lnk = C:\chatserv2\chatserv.exe
O4 - Startup: Raccourci vers chatserv5.lnk = C:\chatserv_bleu\chatserv.exe
O4 - Startup: TribalWeb.lnk = D:\Program Files\TribalWeb\tribalweb.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - D:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Program Files\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Program Files\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Program Files\PRMT6\PRMTIE\options.htm
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Program Files\PRMT6\PRMTIE\options.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - https://resources.flexera.com/web/installengine/engine/isetupml.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - D:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
voici le rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:05:58, on 07/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PSIService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\WebcamMax\wcmmon.exe
D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Neuf\Kit\WiFi\9wifi.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Logitech\Video\FxSvr2.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\%%%.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - D:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Traducteur - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - D:\Program Files\PRMT6\PRMTIE\prmtie.dll
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [WebcamMaxMoniter] "D:\Program Files\WebcamMax\wcmmon.exe" /a
O4 - HKLM\..\Run: [vspdfprsrv.exe] D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background
O4 - HKLM\..\Run: [TrayServer] D:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] D:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Flashget] D:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "D:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [36X Raid Configurer] D:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ManyCam] "D:\Program Files\ManyCam 2.1\ManyCam.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Raccourci (2) vers chatserv.lnk = C:\chatserv4\chatserv.exe
O4 - Startup: Raccourci (3) vers chatserv.lnk = C:\chatserv9\chatserv.exe
O4 - Startup: Raccourci vers chatserv.lnk = C:\chatserv2\chatserv.exe
O4 - Startup: Raccourci vers chatserv5.lnk = C:\chatserv_bleu\chatserv.exe
O4 - Startup: TribalWeb.lnk = D:\Program Files\TribalWeb\tribalweb.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - D:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Program Files\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Program Files\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Program Files\PRMT6\PRMTIE\options.htm
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Program Files\PRMT6\PRMTIE\options.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - https://resources.flexera.com/web/installengine/engine/isetupml.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - D:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
===================== MSNFix ========================
• Télécharger MSNFix.zip (de !aur3n7 et Regis59) sur le bureau :
Conseil : Toujours télécharger avant utilisation pour profiter des dernières mises à jour.
Remarque: Il est possible que l'antivirus détécte un virus au téléchargement,
il s'agit de Process.exe qui est un faux positif.
• Décompresser (clic droit : Extraire ici).
• A la racine du système, déplace le dossier décompressé, comme suit : C:\MSNFix.
• L'ouvrir et double click sur le fichier MSNFix.bat. (Sous Vista l'ouvrir en tant qu'administrateur)
• Exécutez l'option R.
• Patienter le temps nécessaire
• Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage.
• Patienter le temps nécessaire, le nettoyage peut, en fonction des performances ou du nombre d'infections, prendre un certain temps
• A la fin du scan,un message peut vous inviter à redémarrer l'ordinateur.C'est impératif pour terminer le nettoyage, si vous tardez à le faire l'infection pourrait se réinstaller d'elle même dans le système.'
• Sauvegarder ce rapport puis en faire un copier/coller sur le forum.
• Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt
• Copier/Coller le rapport dans la prochaine réponse.
Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations.
Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.
Je vais me coucher
• Télécharger MSNFix.zip (de !aur3n7 et Regis59) sur le bureau :
Conseil : Toujours télécharger avant utilisation pour profiter des dernières mises à jour.
Remarque: Il est possible que l'antivirus détécte un virus au téléchargement,
il s'agit de Process.exe qui est un faux positif.
• Décompresser (clic droit : Extraire ici).
• A la racine du système, déplace le dossier décompressé, comme suit : C:\MSNFix.
• L'ouvrir et double click sur le fichier MSNFix.bat. (Sous Vista l'ouvrir en tant qu'administrateur)
• Exécutez l'option R.
• Patienter le temps nécessaire
• Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage.
• Patienter le temps nécessaire, le nettoyage peut, en fonction des performances ou du nombre d'infections, prendre un certain temps
• A la fin du scan,un message peut vous inviter à redémarrer l'ordinateur.C'est impératif pour terminer le nettoyage, si vous tardez à le faire l'infection pourrait se réinstaller d'elle même dans le système.'
• Sauvegarder ce rapport puis en faire un copier/coller sur le forum.
• Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt
• Copier/Coller le rapport dans la prochaine réponse.
Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations.
Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.
Je vais me coucher
re bonjour voici le rapport
MSNFix 1.700
D:\MSNFix
Fix exécuté le 07/04/2008 - 5:08:34,25 By clement
mode normal
************************ Recherche les fichiers présents
... D:\WINDOWS\system32\%%%.exe
... D:\WINDOWS\system32\%%%.exe
... D:\WINDOWS\mrofinu*.exe
... D:\WINDOWS\mrofinu*.exe.tmp
************************ Recherche les dossiers présents
Aucun dossier trouvé
************************ Suppression des fichiers
.. OK ... D:\WINDOWS\system32\%.exe
/!\ ... D:\WINDOWS\system32\%%%.exe
/!\ ... D:\WINDOWS\system32\%%%.exe
/!\ ... D:\WINDOWS\system32\%%%.exe
/!\ ... D:\WINDOWS\system32\%%%.exe
.. OK ... D:\WINDOWS\mrofinu*.exe
.. OK ... D:\WINDOWS\mrofinu*.exe.tmp
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
************************ Suppression des fichiers
.. OK ... D:\WINDOWS\system32\real.txt
.. OK ... D:\WINDOWS\system32\%.exe
************************ Fichiers suspects
Aucun Fichier trouvé
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 07042008_ 5123489.zip
************************ HKLM\...\Winlogon\Userinit
Userinit = D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\%.exe
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
avast me la detecte au redemarage y me dit qu'un trojan ou cheuval de trois et present sur mon pc
"win32:-jmh[trj]"mes pas moyen de le mettre en quarantaine ni de le suprime :s
MSNFix 1.700
D:\MSNFix
Fix exécuté le 07/04/2008 - 5:08:34,25 By clement
mode normal
************************ Recherche les fichiers présents
... D:\WINDOWS\system32\%%%.exe
... D:\WINDOWS\system32\%%%.exe
... D:\WINDOWS\mrofinu*.exe
... D:\WINDOWS\mrofinu*.exe.tmp
************************ Recherche les dossiers présents
Aucun dossier trouvé
************************ Suppression des fichiers
.. OK ... D:\WINDOWS\system32\%.exe
/!\ ... D:\WINDOWS\system32\%%%.exe
/!\ ... D:\WINDOWS\system32\%%%.exe
/!\ ... D:\WINDOWS\system32\%%%.exe
/!\ ... D:\WINDOWS\system32\%%%.exe
.. OK ... D:\WINDOWS\mrofinu*.exe
.. OK ... D:\WINDOWS\mrofinu*.exe.tmp
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
************************ Suppression des fichiers
.. OK ... D:\WINDOWS\system32\real.txt
.. OK ... D:\WINDOWS\system32\%.exe
************************ Fichiers suspects
Aucun Fichier trouvé
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 07042008_ 5123489.zip
************************ HKLM\...\Winlogon\Userinit
Userinit = D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\%.exe
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
avast me la detecte au redemarage y me dit qu'un trojan ou cheuval de trois et present sur mon pc
"win32:-jmh[trj]"mes pas moyen de le mettre en quarantaine ni de le suprime :s
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
voici le rapport de hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:33:05, on 07/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PSIService.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\WebcamMax\wcmmon.exe
D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Neuf\Kit\WiFi\9wifi.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Logitech\Video\FxSvr2.exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
D:\Program Files\Trend Micro\HijackThis\MonJack.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\%%%.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - D:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Traducteur - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - D:\Program Files\PRMT6\PRMTIE\prmtie.dll
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [WebcamMaxMoniter] "D:\Program Files\WebcamMax\wcmmon.exe" /a
O4 - HKLM\..\Run: [vspdfprsrv.exe] D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background
O4 - HKLM\..\Run: [TrayServer] D:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] D:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Flashget] D:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "D:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [36X Raid Configurer] D:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Flash Media] D:\WINDOWS\system32\%%%.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ManyCam] "D:\Program Files\ManyCam 2.1\ManyCam.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Raccourci (2) vers chatserv.lnk = C:\chatserv4\chatserv.exe
O4 - Startup: Raccourci (3) vers chatserv.lnk = C:\chatserv9\chatserv.exe
O4 - Startup: Raccourci vers chatserv.lnk = C:\chatserv6\chatserv.exe
O4 - Startup: Raccourci vers chatserv5.lnk = C:\chatserv_bleu\chatserv.exe
O4 - Startup: TribalWeb.lnk = D:\Program Files\TribalWeb\tribalweb.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - D:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Program Files\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Program Files\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Program Files\PRMT6\PRMTIE\options.htm
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Program Files\PRMT6\PRMTIE\options.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - https://resources.flexera.com/web/installengine/engine/isetupml.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - D:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:33:05, on 07/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PSIService.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\WebcamMax\wcmmon.exe
D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Neuf\Kit\WiFi\9wifi.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Logitech\Video\FxSvr2.exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
D:\Program Files\Trend Micro\HijackThis\MonJack.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\%%%.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - D:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Traducteur - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - D:\Program Files\PRMT6\PRMTIE\prmtie.dll
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [WebcamMaxMoniter] "D:\Program Files\WebcamMax\wcmmon.exe" /a
O4 - HKLM\..\Run: [vspdfprsrv.exe] D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background
O4 - HKLM\..\Run: [TrayServer] D:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] D:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Flashget] D:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "D:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [36X Raid Configurer] D:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Flash Media] D:\WINDOWS\system32\%%%.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ManyCam] "D:\Program Files\ManyCam 2.1\ManyCam.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Raccourci (2) vers chatserv.lnk = C:\chatserv4\chatserv.exe
O4 - Startup: Raccourci (3) vers chatserv.lnk = C:\chatserv9\chatserv.exe
O4 - Startup: Raccourci vers chatserv.lnk = C:\chatserv6\chatserv.exe
O4 - Startup: Raccourci vers chatserv5.lnk = C:\chatserv_bleu\chatserv.exe
O4 - Startup: TribalWeb.lnk = D:\Program Files\TribalWeb\tribalweb.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - D:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Program Files\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Program Files\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Program Files\PRMT6\PRMTIE\options.htm
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Program Files\PRMT6\PRMTIE\options.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - https://resources.flexera.com/web/installengine/engine/isetupml.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - D:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
+ccl
+HJT
+MSNFIX
SDFix
------------------------- Ne pas tenir compte des lignes ci-dessus
======================== SDFIX ========================
• Télécharger SDFix sur le bureau
• Double-Click sur le fichier SDFix.EXE et se laisser guider pour l'installation
• Le programme s'installe dans le répertoire C:\SDFix
Il est indispensable d'effectuer le nettoyage avec SDFix en mode sans échec.
------
• Redémarrer en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
• Attention, pas d’accès à internet dans ce mode. Enregistrer ou imprimer les consignes.
• Relancer le Pc et tapoter la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
• Avec les touches « flèches », sélectionner Mode sans échec ==> entrée ==>nom utilisateur habituel
-------
• Une fois en mode sans échec, cliquer sur le menu Démarrer puis Exécuter et coller la commande suivant : C:\SDFix\RunThis.bat
• Taper Y puis appuyer sur la touche Entrée du clavier, afin de lancer le nettoyage !
• SDFix va procéder au nettoyage, patience...cela peut durer une trentaine de minutes
• Une fenêtre indique que SDFix doit redémarrer l'ordinateur afin de terminer le nettoyage.
-------
• Appuyer sur une touche du clavier pour redémarrer le PC.
• Au redémarrage du PC, SDFix indique que le nettoyage est terminé.
• Appuyer sur une touche du clavier afin d'ouvrir le rapport créé par SDFix.
• Il peut être enregistré si besoin, par exemple si on demande de le poster sur un forum (menu Edition / Enregistrer sous).
• Sans quoi le rapport sera quand même sauvegardé dans le fichier suivant : Report.txt
dans le dossier SDFix (ex : C:\SDFix\Report.txt). + un nouveau rapport HiJackThis
+HJT
+MSNFIX
SDFix
------------------------- Ne pas tenir compte des lignes ci-dessus
======================== SDFIX ========================
• Télécharger SDFix sur le bureau
• Double-Click sur le fichier SDFix.EXE et se laisser guider pour l'installation
• Le programme s'installe dans le répertoire C:\SDFix
Il est indispensable d'effectuer le nettoyage avec SDFix en mode sans échec.
------
• Redémarrer en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
• Attention, pas d’accès à internet dans ce mode. Enregistrer ou imprimer les consignes.
• Relancer le Pc et tapoter la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
• Avec les touches « flèches », sélectionner Mode sans échec ==> entrée ==>nom utilisateur habituel
-------
• Une fois en mode sans échec, cliquer sur le menu Démarrer puis Exécuter et coller la commande suivant : C:\SDFix\RunThis.bat
• Taper Y puis appuyer sur la touche Entrée du clavier, afin de lancer le nettoyage !
• SDFix va procéder au nettoyage, patience...cela peut durer une trentaine de minutes
• Une fenêtre indique que SDFix doit redémarrer l'ordinateur afin de terminer le nettoyage.
-------
• Appuyer sur une touche du clavier pour redémarrer le PC.
• Au redémarrage du PC, SDFix indique que le nettoyage est terminé.
• Appuyer sur une touche du clavier afin d'ouvrir le rapport créé par SDFix.
• Il peut être enregistré si besoin, par exemple si on demande de le poster sur un forum (menu Edition / Enregistrer sous).
• Sans quoi le rapport sera quand même sauvegardé dans le fichier suivant : Report.txt
dans le dossier SDFix (ex : C:\SDFix\Report.txt). + un nouveau rapport HiJackThis
voici le rapport de sdfix
[b]SDFix: Version 1.167 [/b]
Run by clement on 07/04/2008 at 07:55
Microsoft Windows XP [version 5.1.2600]
Running From: D:\SDFix
[b]Checking Services [/b]:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
D:\WINDOWS\system32\real.txt - Deleted
Could Not Remove D:\WINDOWS\system32\%%%.exe
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-07 08:04:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
? [1512]
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7AD87D32-4219-4107-57E8-4AFDD2ED771D}]
"paagamekpghejfacaimfenmbgpiobkoe"=hex:6a,61,6d,6f,6a,63,66,64,6e,61,6d,64,68,70,65,6b,6a,68,66,70,00,..
"oakgkgljafonahmiioldnlnkmchafi"=hex:6a,61,6d,6f,6a,63,66,64,6e,61,6d,64,68,70,65,6b,6a,68,66,70,00,..
scanning hidden files ...
scan completed successfully
hidden processes: 1
hidden services: 0
hidden files: 15
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\FlashGet\\flashget.exe"="D:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\chatserv9\\chatserv.exe"="C:\\chatserv9\\chatserv.exe:*:Enabled:chatserv"
"C:\\chatserv4\\chatserv.exe"="C:\\chatserv4\\chatserv.exe:*:Enabled:chatserv"
"C:\\chatserv2\\chatserv.exe"="C:\\chatserv2\\chatserv.exe:*:Enabled:chatserv"
"C:\\chat.scania\\chat.exe"="C:\\chat.scania\\chat.exe:*:Enabled:chat"
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="D:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\French\\setup.exe"="D:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\French\\setup.exe:*:Enabled:Programme d'installation de Kaspersky Anti-Virus 7.0"
"C:\\chatserv6\\chatserv.exe"="C:\\chatserv6\\chatserv.exe:*:Enabled:chatserv"
"D:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="D:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"
"D:\\chat.scan\\chat.exe"="D:\\chat.scan\\chat.exe:*:Enabled:chat"
"D:\\chat.scania\\chat.exe"="D:\\chat.scania\\chat.exe:*:Enabled:chat"
"D:\\Program Files\\eChanblard\\emule.exe"="D:\\Program Files\\eChanblard\\emule.exe:*:Enabled:eChanblard"
"D:\\Program Files\\Morpheus\\Morpheus.exe"="D:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:Morpheus"
"D:\\Program Files\\Internet Explorer\\iexplore.exe"="D:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"D:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"="D:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"D:\\Program Files\\Bonjour\\mDNSResponder.exe"="D:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\\Program Files\\iTunes\\iTunes.exe"="D:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"D:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"="D:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home"
"D:\\Program Files\\innotek VirtualBox\\VirtualBox.exe"="D:\\Program Files\\innotek VirtualBox\\VirtualBox.exe:*:Enabled:VirtualBox"
"C:\\chatserv_bleu\\chatserv.exe"="C:\\chatserv_bleu\\chatserv.exe:*:Enabled:chatserv"
"D:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"="D:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe:*:Enabled:Nero ControlCenter"
"D:\\chatserv\\chatserv.exe"="D:\\chatserv\\chatserv.exe:*:Enabled:chatserv"
"D:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"="D:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3"
"D:\\Program Files\\FileZilla FTP Client\\filezilla.exe"="D:\\Program Files\\FileZilla FTP Client\\filezilla.exe:*:Enabled:FileZilla FTP Client"
"D:\\Program Files\\TribalWeb\\tribalweb.exe"="D:\\Program Files\\TribalWeb\\tribalweb.exe:*:Enabled:tribalweb"
"D:\\Program Files\\Yooda\\SeeUrankV3\\SeeUrank.exe"="D:\\Program Files\\Yooda\\SeeUrankV3\\SeeUrank.exe:*:Enabled:Yooda SeeUrank"
"D:\\Documents and Settings\\clement\\Bureau\\ravenswood-js1.0.12.1\\diskw\\usr\\local\\Apache2\\bin\\Apache.exe"="D:\\Documents and Settings\\clement\\Bureau\\ravenswood-js1.0.12.1\\diskw\\usr\\local\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"D:\\Documents and Settings\\clement\\Bureau\\ravenswood-js1.0.12.1\\diskw\\usr\\local\\mysql\\bin\\mysqld-opt.exe"="D:\\Documents and Settings\\clement\\Bureau\\ravenswood-js1.0.12.1\\diskw\\usr\\local\\mysql\\bin\\mysqld-opt.exe:*:Enabled:mysqld-opt"
"D:\\Program Files\\JSAS\\http_root\\usr\\local\\Apache2\\bin\\Apache.exe"="D:\\Program Files\\JSAS\\http_root\\usr\\local\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"D:\\Program Files\\JSAS\\http_root\\usr\\local\\mysql\\bin\\mysqld-opt.exe"="D:\\Program Files\\JSAS\\http_root\\usr\\local\\mysql\\bin\\mysqld-opt.exe:*:Enabled:mysqld-opt"
"D:\\Documents and Settings\\clement\\Bureau\\Baobab-0.9\\diskw\\usr\\local\\Apache2\\bin\\Apache.exe"="D:\\Documents and Settings\\clement\\Bureau\\Baobab-0.9\\diskw\\usr\\local\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"D:\\Documents and Settings\\clement\\Bureau\\Baobab-0.9\\diskw\\usr\\local\\mysql\\bin\\mysqld-opt.exe"="D:\\Documents and Settings\\clement\\Bureau\\Baobab-0.9\\diskw\\usr\\local\\mysql\\bin\\mysqld-opt.exe:*:Enabled:mysqld-opt"
"D:\\WINDOWS\\system32\\%%%.exe"="D:\\WINDOWS\\system32\\%%%.exe:*:Enabled:Flash Media"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="D:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[b]Remaining Files [/b]:
D:\WINDOWS\system32\%%%.exe Found
File Backups: - D:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Thu 5 Jun 2003 24,576 A..H. --- "D:\Program Files\RamBoost XP\StopRam.exe"
Mon 11 Feb 2008 88 ..SHR --- "D:\WINDOWS\system32\71FC339969.sys"
Mon 11 Feb 2008 3,452 A.SH. --- "D:\WINDOWS\system32\KGyGaAvL.sys"
Sun 23 Mar 2008 1,122,304 ...H. --- "D:\WINDOWS\system32\wodfamop.dll"
Wed 13 Feb 2008 13 ...H. --- "D:\Documents and Settings\All Users\Application Data\1ޝ13.sys"
Sun 27 Jan 2008 0 A.SH. --- "D:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\17e3f23ff72184333b78d75c8e81cda8\download\BITA3.tmp"
Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\27efdbd68a382580fdb15dd4f797360e\download\BITAA.tmp"
Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\29f6d57cd4efa945b402cdec2ffedddf\download\BITA5.tmp"
Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\42526a992b20eef1df8750beb4f78f35\download\BITA8.tmp"
Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\4ad242756613df3e539d49e3db7fff27\download\BITB1.tmp"
Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\4cabbc33d9fa3ea879d2330766ba6ff1\download\BITA9.tmp"
Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\598b3ea05d3c2f275520ea46f80fb98d\download\BITA4.tmp"
Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\5d24ad19cee78bba662249a4deccb260\download\BITA7.tmp"
Sat 12 Jan 2008 838,420 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\79dfe016119d9f9104f7a081382c2de7\download\BIT9D.tmp"
Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\7d67df8d2fa218514bbe5a22ae12a9b3\download\BITAE.tmp"
Sat 12 Jan 2008 5,375,291 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\90eded57e7780b832eed3339a922a322\download\BIT81.tmp"
Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\a04a8dce324b141449b6bb4b762ae54a\download\BITA6.tmp"
Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\a957c596efa7d0ec1b4b7fdc1e1c5705\download\BITA1.tmp"
Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\bfd81cbd42e5265d12677c96600c0804\download\BIT9E.tmp"
Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\c8f95ed251aedea843abb9ea5b1a52d3\download\BITAD.tmp"
Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\cbee9c95b55c0a7f59376a89c9a3d3c1\download\BITA2.tmp"
Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\d3d59acde4bc99f07df90298fa402c77\download\BITAF.tmp"
Sat 12 Jan 2008 8,536,737 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\d58f7a46215418e5cd2283eb289472c2\download\BIT66.tmp"
Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\d8cfedd5cfd3f0881276825d82978e5d\download\BITA0.tmp"
Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\e8ac11bc9e4687d6c2a32699ff0541d6\download\BIT9F.tmp"
Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\f32bfa5d1049b53eae766f9d37379ea6\download\BITB0.tmp"
[b]Finished![/b]
[b]SDFix: Version 1.167 [/b]
Run by clement on 07/04/2008 at 07:55
Microsoft Windows XP [version 5.1.2600]
Running From: D:\SDFix
[b]Checking Services [/b]:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
D:\WINDOWS\system32\real.txt - Deleted
Could Not Remove D:\WINDOWS\system32\%%%.exe
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-07 08:04:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
? [1512]
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7AD87D32-4219-4107-57E8-4AFDD2ED771D}]
"paagamekpghejfacaimfenmbgpiobkoe"=hex:6a,61,6d,6f,6a,63,66,64,6e,61,6d,64,68,70,65,6b,6a,68,66,70,00,..
"oakgkgljafonahmiioldnlnkmchafi"=hex:6a,61,6d,6f,6a,63,66,64,6e,61,6d,64,68,70,65,6b,6a,68,66,70,00,..
scanning hidden files ...
scan completed successfully
hidden processes: 1
hidden services: 0
hidden files: 15
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\FlashGet\\flashget.exe"="D:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\chatserv9\\chatserv.exe"="C:\\chatserv9\\chatserv.exe:*:Enabled:chatserv"
"C:\\chatserv4\\chatserv.exe"="C:\\chatserv4\\chatserv.exe:*:Enabled:chatserv"
"C:\\chatserv2\\chatserv.exe"="C:\\chatserv2\\chatserv.exe:*:Enabled:chatserv"
"C:\\chat.scania\\chat.exe"="C:\\chat.scania\\chat.exe:*:Enabled:chat"
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="D:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\French\\setup.exe"="D:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\French\\setup.exe:*:Enabled:Programme d'installation de Kaspersky Anti-Virus 7.0"
"C:\\chatserv6\\chatserv.exe"="C:\\chatserv6\\chatserv.exe:*:Enabled:chatserv"
"D:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="D:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"
"D:\\chat.scan\\chat.exe"="D:\\chat.scan\\chat.exe:*:Enabled:chat"
"D:\\chat.scania\\chat.exe"="D:\\chat.scania\\chat.exe:*:Enabled:chat"
"D:\\Program Files\\eChanblard\\emule.exe"="D:\\Program Files\\eChanblard\\emule.exe:*:Enabled:eChanblard"
"D:\\Program Files\\Morpheus\\Morpheus.exe"="D:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:Morpheus"
"D:\\Program Files\\Internet Explorer\\iexplore.exe"="D:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"D:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"="D:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"D:\\Program Files\\Bonjour\\mDNSResponder.exe"="D:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\\Program Files\\iTunes\\iTunes.exe"="D:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"D:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"="D:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home"
"D:\\Program Files\\innotek VirtualBox\\VirtualBox.exe"="D:\\Program Files\\innotek VirtualBox\\VirtualBox.exe:*:Enabled:VirtualBox"
"C:\\chatserv_bleu\\chatserv.exe"="C:\\chatserv_bleu\\chatserv.exe:*:Enabled:chatserv"
"D:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"="D:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe:*:Enabled:Nero ControlCenter"
"D:\\chatserv\\chatserv.exe"="D:\\chatserv\\chatserv.exe:*:Enabled:chatserv"
"D:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"="D:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3"
"D:\\Program Files\\FileZilla FTP Client\\filezilla.exe"="D:\\Program Files\\FileZilla FTP Client\\filezilla.exe:*:Enabled:FileZilla FTP Client"
"D:\\Program Files\\TribalWeb\\tribalweb.exe"="D:\\Program Files\\TribalWeb\\tribalweb.exe:*:Enabled:tribalweb"
"D:\\Program Files\\Yooda\\SeeUrankV3\\SeeUrank.exe"="D:\\Program Files\\Yooda\\SeeUrankV3\\SeeUrank.exe:*:Enabled:Yooda SeeUrank"
"D:\\Documents and Settings\\clement\\Bureau\\ravenswood-js1.0.12.1\\diskw\\usr\\local\\Apache2\\bin\\Apache.exe"="D:\\Documents and Settings\\clement\\Bureau\\ravenswood-js1.0.12.1\\diskw\\usr\\local\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"D:\\Documents and Settings\\clement\\Bureau\\ravenswood-js1.0.12.1\\diskw\\usr\\local\\mysql\\bin\\mysqld-opt.exe"="D:\\Documents and Settings\\clement\\Bureau\\ravenswood-js1.0.12.1\\diskw\\usr\\local\\mysql\\bin\\mysqld-opt.exe:*:Enabled:mysqld-opt"
"D:\\Program Files\\JSAS\\http_root\\usr\\local\\Apache2\\bin\\Apache.exe"="D:\\Program Files\\JSAS\\http_root\\usr\\local\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"D:\\Program Files\\JSAS\\http_root\\usr\\local\\mysql\\bin\\mysqld-opt.exe"="D:\\Program Files\\JSAS\\http_root\\usr\\local\\mysql\\bin\\mysqld-opt.exe:*:Enabled:mysqld-opt"
"D:\\Documents and Settings\\clement\\Bureau\\Baobab-0.9\\diskw\\usr\\local\\Apache2\\bin\\Apache.exe"="D:\\Documents and Settings\\clement\\Bureau\\Baobab-0.9\\diskw\\usr\\local\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"D:\\Documents and Settings\\clement\\Bureau\\Baobab-0.9\\diskw\\usr\\local\\mysql\\bin\\mysqld-opt.exe"="D:\\Documents and Settings\\clement\\Bureau\\Baobab-0.9\\diskw\\usr\\local\\mysql\\bin\\mysqld-opt.exe:*:Enabled:mysqld-opt"
"D:\\WINDOWS\\system32\\%%%.exe"="D:\\WINDOWS\\system32\\%%%.exe:*:Enabled:Flash Media"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="D:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[b]Remaining Files [/b]:
D:\WINDOWS\system32\%%%.exe Found
File Backups: - D:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Thu 5 Jun 2003 24,576 A..H. --- "D:\Program Files\RamBoost XP\StopRam.exe"
Mon 11 Feb 2008 88 ..SHR --- "D:\WINDOWS\system32\71FC339969.sys"
Mon 11 Feb 2008 3,452 A.SH. --- "D:\WINDOWS\system32\KGyGaAvL.sys"
Sun 23 Mar 2008 1,122,304 ...H. --- "D:\WINDOWS\system32\wodfamop.dll"
Wed 13 Feb 2008 13 ...H. --- "D:\Documents and Settings\All Users\Application Data\1ޝ13.sys"
Sun 27 Jan 2008 0 A.SH. --- "D:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\17e3f23ff72184333b78d75c8e81cda8\download\BITA3.tmp"
Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\27efdbd68a382580fdb15dd4f797360e\download\BITAA.tmp"
Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\29f6d57cd4efa945b402cdec2ffedddf\download\BITA5.tmp"
Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\42526a992b20eef1df8750beb4f78f35\download\BITA8.tmp"
Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\4ad242756613df3e539d49e3db7fff27\download\BITB1.tmp"
Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\4cabbc33d9fa3ea879d2330766ba6ff1\download\BITA9.tmp"
Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\598b3ea05d3c2f275520ea46f80fb98d\download\BITA4.tmp"
Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\5d24ad19cee78bba662249a4deccb260\download\BITA7.tmp"
Sat 12 Jan 2008 838,420 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\79dfe016119d9f9104f7a081382c2de7\download\BIT9D.tmp"
Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\7d67df8d2fa218514bbe5a22ae12a9b3\download\BITAE.tmp"
Sat 12 Jan 2008 5,375,291 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\90eded57e7780b832eed3339a922a322\download\BIT81.tmp"
Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\a04a8dce324b141449b6bb4b762ae54a\download\BITA6.tmp"
Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\a957c596efa7d0ec1b4b7fdc1e1c5705\download\BITA1.tmp"
Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\bfd81cbd42e5265d12677c96600c0804\download\BIT9E.tmp"
Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\c8f95ed251aedea843abb9ea5b1a52d3\download\BITAD.tmp"
Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\cbee9c95b55c0a7f59376a89c9a3d3c1\download\BITA2.tmp"
Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\d3d59acde4bc99f07df90298fa402c77\download\BITAF.tmp"
Sat 12 Jan 2008 8,536,737 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\d58f7a46215418e5cd2283eb289472c2\download\BIT66.tmp"
Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\d8cfedd5cfd3f0881276825d82978e5d\download\BITA0.tmp"
Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\e8ac11bc9e4687d6c2a32699ff0541d6\download\BIT9F.tmp"
Sat 12 Jan 2008 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\f32bfa5d1049b53eae766f9d37379ea6\download\BITB0.tmp"
[b]Finished![/b]
+ccl
+HJT
+-MSNFIX
+SDFix
MalwaresBytes
------------------------- Ne pas tenir compte des lignes ci-dessus
Il y en a qui font de la résistance
================== MalwareBytes =====================
Telecharger MalwareBytes
Le Tutorial
Attention à ce que l'option Perform Full Scan soit cochée
Ne pas oublier de supprimer tout ce que MalwaresByte trouve. Bouton Remove Selected après avoir tout sélectionné
Poster le rapport et un nouveau rapport HiJackThis
+HJT
+-MSNFIX
+SDFix
MalwaresBytes
------------------------- Ne pas tenir compte des lignes ci-dessus
Il y en a qui font de la résistance
================== MalwareBytes =====================
Telecharger MalwareBytes
Le Tutorial
Attention à ce que l'option Perform Full Scan soit cochée
Ne pas oublier de supprimer tout ce que MalwaresByte trouve. Bouton Remove Selected après avoir tout sélectionné
Poster le rapport et un nouveau rapport HiJackThis
re re voici les 2 news rapport :)))
Malwarebytes' Anti-Malware 1.10
Version de la base de données: 598
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 417849
Temps écoulé: 52 minute(s), 32 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\HID_Layer (Malware.Trace) -> No action taken.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
D:\System Volume Information\_restore{8B7BA8C9-5C1C-41A7-9FEE-A19D1BDE7FFE}\RP27\A0012419.exe (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8B7BA8C9-5C1C-41A7-9FEE-A19D1BDE7FFE}\RP27\A0012420.exe (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8B7BA8C9-5C1C-41A7-9FEE-A19D1BDE7FFE}\RP27\A0013299.exe (Trojan.Downloader) -> No action taken.
D:\WINDOWS\mrofinu1423.exe.MSNFix (Trojan.Downloader) -> No action taken.
D:\WINDOWS\mrofinu1423.MSNFix (Trojan.Downloader) -> No action taken.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:08, on 07/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PSIService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\svchost.exe
D:\Program Files\WebcamMax\wcmmon.exe
D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Neuf\Kit\WiFi\9wifi.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Logitech\Video\FxSvr2.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
D:\PROGRA~1\Mozilla Firefox\firefox.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Trend Micro\HijackThis\MonJack.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\%%%.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - D:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Traducteur - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - D:\Program Files\PRMT6\PRMTIE\prmtie.dll
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [WebcamMaxMoniter] "D:\Program Files\WebcamMax\wcmmon.exe" /a
O4 - HKLM\..\Run: [vspdfprsrv.exe] D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background
O4 - HKLM\..\Run: [TrayServer] D:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] D:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Flashget] D:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "D:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [36X Raid Configurer] D:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ManyCam] "D:\Program Files\ManyCam 2.1\ManyCam.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Raccourci (2) vers chatserv.lnk = C:\chatserv4\chatserv.exe
O4 - Startup: Raccourci (3) vers chatserv.lnk = C:\chatserv9\chatserv.exe
O4 - Startup: Raccourci vers chatserv.lnk = C:\chatserv6\chatserv.exe
O4 - Startup: Raccourci vers chatserv5.lnk = C:\chatserv_bleu\chatserv.exe
O4 - Startup: TribalWeb.lnk = D:\Program Files\TribalWeb\tribalweb.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - D:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Program Files\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Program Files\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Program Files\PRMT6\PRMTIE\options.htm
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Program Files\PRMT6\PRMTIE\options.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - https://resources.flexera.com/web/installengine/engine/isetupml.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - D:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
Malwarebytes' Anti-Malware 1.10
Version de la base de données: 598
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 417849
Temps écoulé: 52 minute(s), 32 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\HID_Layer (Malware.Trace) -> No action taken.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
D:\System Volume Information\_restore{8B7BA8C9-5C1C-41A7-9FEE-A19D1BDE7FFE}\RP27\A0012419.exe (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8B7BA8C9-5C1C-41A7-9FEE-A19D1BDE7FFE}\RP27\A0012420.exe (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{8B7BA8C9-5C1C-41A7-9FEE-A19D1BDE7FFE}\RP27\A0013299.exe (Trojan.Downloader) -> No action taken.
D:\WINDOWS\mrofinu1423.exe.MSNFix (Trojan.Downloader) -> No action taken.
D:\WINDOWS\mrofinu1423.MSNFix (Trojan.Downloader) -> No action taken.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:08, on 07/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PSIService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\svchost.exe
D:\Program Files\WebcamMax\wcmmon.exe
D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Neuf\Kit\WiFi\9wifi.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Logitech\Video\FxSvr2.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
D:\PROGRA~1\Mozilla Firefox\firefox.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Trend Micro\HijackThis\MonJack.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\%%%.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - D:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Traducteur - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - D:\Program Files\PRMT6\PRMTIE\prmtie.dll
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [WebcamMaxMoniter] "D:\Program Files\WebcamMax\wcmmon.exe" /a
O4 - HKLM\..\Run: [vspdfprsrv.exe] D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background
O4 - HKLM\..\Run: [TrayServer] D:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] D:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Flashget] D:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "D:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [36X Raid Configurer] D:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ManyCam] "D:\Program Files\ManyCam 2.1\ManyCam.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Raccourci (2) vers chatserv.lnk = C:\chatserv4\chatserv.exe
O4 - Startup: Raccourci (3) vers chatserv.lnk = C:\chatserv9\chatserv.exe
O4 - Startup: Raccourci vers chatserv.lnk = C:\chatserv6\chatserv.exe
O4 - Startup: Raccourci vers chatserv5.lnk = C:\chatserv_bleu\chatserv.exe
O4 - Startup: TribalWeb.lnk = D:\Program Files\TribalWeb\tribalweb.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - D:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Program Files\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Program Files\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Program Files\PRMT6\PRMTIE\options.htm
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Program Files\PRMT6\PRMTIE\options.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - https://resources.flexera.com/web/installengine/engine/isetupml.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - D:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
Je suis désolé mais apparement il faut recommencer la procédure MalwaresByte
car il n'a rien supprimé.
Tu as du oublier de faire ceci à la fin du scan
Bouton Remove Selected après avoir tout sélectionné
Une fois que tu as appuyé sur ce bouton un rapport est généré, c'est ce rapport qu'il me faut + rapport HiJackThis
car il n'a rien supprimé.
Tu as du oublier de faire ceci à la fin du scan
Bouton Remove Selected après avoir tout sélectionné
Une fois que tu as appuyé sur ce bouton un rapport est généré, c'est ce rapport qu'il me faut + rapport HiJackThis
re re
voici les 2 news rapport :))
Malwarebytes' Anti-Malware 1.10
Version de la base de données: 598
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 417756
Temps écoulé: 54 minute(s), 5 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:34:47, on 07/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PSIService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\svchost.exe
D:\Program Files\WebcamMax\wcmmon.exe
D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Neuf\Kit\WiFi\9wifi.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Logitech\Video\FxSvr2.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
D:\PROGRA~1\Mozilla Firefox\firefox.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\chatserv4\chatserv.exe
C:\chatserv9\chatserv.exe
C:\chatserv6\chatserv.exe
C:\chatserv_bleu\chatserv.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
D:\chat.scania\chat.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Trend Micro\HijackThis\MonJack.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\%%%.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - D:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Traducteur - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - D:\Program Files\PRMT6\PRMTIE\prmtie.dll
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [WebcamMaxMoniter] "D:\Program Files\WebcamMax\wcmmon.exe" /a
O4 - HKLM\..\Run: [vspdfprsrv.exe] D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background
O4 - HKLM\..\Run: [TrayServer] D:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] D:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Flashget] D:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "D:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [36X Raid Configurer] D:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ManyCam] "D:\Program Files\ManyCam 2.1\ManyCam.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Raccourci (2) vers chatserv.lnk = C:\chatserv4\chatserv.exe
O4 - Startup: Raccourci (3) vers chatserv.lnk = C:\chatserv9\chatserv.exe
O4 - Startup: Raccourci vers chatserv.lnk = C:\chatserv6\chatserv.exe
O4 - Startup: Raccourci vers chatserv5.lnk = C:\chatserv_bleu\chatserv.exe
O4 - Startup: TribalWeb.lnk = D:\Program Files\TribalWeb\tribalweb.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - D:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Program Files\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Program Files\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Program Files\PRMT6\PRMTIE\options.htm
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Program Files\PRMT6\PRMTIE\options.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - https://resources.flexera.com/web/installengine/engine/isetupml.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - D:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
voici les 2 news rapport :))
Malwarebytes' Anti-Malware 1.10
Version de la base de données: 598
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 417756
Temps écoulé: 54 minute(s), 5 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:34:47, on 07/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PSIService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\svchost.exe
D:\Program Files\WebcamMax\wcmmon.exe
D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Neuf\Kit\WiFi\9wifi.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Logitech\Video\FxSvr2.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
D:\PROGRA~1\Mozilla Firefox\firefox.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\chatserv4\chatserv.exe
C:\chatserv9\chatserv.exe
C:\chatserv6\chatserv.exe
C:\chatserv_bleu\chatserv.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
D:\chat.scania\chat.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Trend Micro\HijackThis\MonJack.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\%%%.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - D:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Traducteur - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - D:\Program Files\PRMT6\PRMTIE\prmtie.dll
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [WebcamMaxMoniter] "D:\Program Files\WebcamMax\wcmmon.exe" /a
O4 - HKLM\..\Run: [vspdfprsrv.exe] D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background
O4 - HKLM\..\Run: [TrayServer] D:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] D:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Flashget] D:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "D:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [36X Raid Configurer] D:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ManyCam] "D:\Program Files\ManyCam 2.1\ManyCam.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Raccourci (2) vers chatserv.lnk = C:\chatserv4\chatserv.exe
O4 - Startup: Raccourci (3) vers chatserv.lnk = C:\chatserv9\chatserv.exe
O4 - Startup: Raccourci vers chatserv.lnk = C:\chatserv6\chatserv.exe
O4 - Startup: Raccourci vers chatserv5.lnk = C:\chatserv_bleu\chatserv.exe
O4 - Startup: TribalWeb.lnk = D:\Program Files\TribalWeb\tribalweb.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - D:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Program Files\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Program Files\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Program Files\PRMT6\PRMTIE\options.htm
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Program Files\PRMT6\PRMTIE\options.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - https://resources.flexera.com/web/installengine/engine/isetupml.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - D:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
+ccl
+HJT
+-MSNFIX
+SDFix
+MalwaresBytes
------------------------- Ne pas tenir compte des lignes ci-dessus
========================= OTMOVE IT ===========================
OteMoveIt
• Télécharger : OteMoveIt
• L'installer sur le bureau
• Le lancer.
• S'Assurer que la case Unregister Dll's and Ocx's soit bien cochée.
• Copier la ou les lignes ci-dessous en gras
D:\WINDOWS\system32\%%%.exe
• Coller dans la fenêtre de OTMoveIt nommée Paste Standard List of Files/Folders to move.
• Click sur MoveIt! pour lancer la suppression.
• Si OTMoveIt propose de redémarrer le PC, accepter !
• Lorsque un résultat apparaît dans le cadre Results, click sur Exit.
• Copier/Coller sur le forum le rapport de OTMoveIt situé sur C:\_OTMoveIt\MovedFiles.
+HJT
+-MSNFIX
+SDFix
+MalwaresBytes
------------------------- Ne pas tenir compte des lignes ci-dessus
========================= OTMOVE IT ===========================
OteMoveIt
• Télécharger : OteMoveIt
• L'installer sur le bureau
• Le lancer.
• S'Assurer que la case Unregister Dll's and Ocx's soit bien cochée.
• Copier la ou les lignes ci-dessous en gras
D:\WINDOWS\system32\%%%.exe
• Coller dans la fenêtre de OTMoveIt nommée Paste Standard List of Files/Folders to move.
• Click sur MoveIt! pour lancer la suppression.
• Si OTMoveIt propose de redémarrer le PC, accepter !
• Lorsque un résultat apparaît dans le cadre Results, click sur Exit.
• Copier/Coller sur le forum le rapport de OTMoveIt situé sur C:\_OTMoveIt\MovedFiles.
re :)
voici le rapport :p
< D:\WINDOWS\system32\%%%.exe >
File move failed. D:\WINDOWS\system32\%%%.exe scheduled to be moved on reboot.
OTMoveIt2 by OldTimer - Version 1.0.4.0 log created on 04072008_123104
Files moved on Reboot...
D:\WINDOWS\system32\%%%.exe moved successfully.
voici le rapport :p
< D:\WINDOWS\system32\%%%.exe >
File move failed. D:\WINDOWS\system32\%%%.exe scheduled to be moved on reboot.
OTMoveIt2 by OldTimer - Version 1.0.4.0 log created on 04072008_123104
Files moved on Reboot...
D:\WINDOWS\system32\%%%.exe moved successfully.
re
voici le rapport :)))
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:04:08, on 07/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PSIService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\notepad.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\WebcamMax\wcmmon.exe
D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\FlashGet\FlashGet.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Neuf\Kit\WiFi\9wifi.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\ManyCam 2.1\ManyCam.exe
D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\Program Files\WinZip\WZQKPICK.EXE
D:\Program Files\Logitech\Video\FxSvr2.exe
C:\chatserv4\chatserv.exe
C:\chatserv9\chatserv.exe
C:\chatserv6\chatserv.exe
D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\chatserv_bleu\chatserv.exe
D:\Program Files\TribalWeb\tribalweb.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\PROGRA~1\Mozilla Firefox\firefox.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Windows Live\Mail\wlmail.exe
D:\Program Files\Trend Micro\HijackThis\MonJack.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\%%%.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - D:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Traducteur - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - D:\Program Files\PRMT6\PRMTIE\prmtie.dll
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [WebcamMaxMoniter] "D:\Program Files\WebcamMax\wcmmon.exe" /a
O4 - HKLM\..\Run: [vspdfprsrv.exe] D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background
O4 - HKLM\..\Run: [TrayServer] D:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] D:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Flashget] D:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "D:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [36X Raid Configurer] D:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Flash Media] D:\WINDOWS\system32\%%%.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ManyCam] "D:\Program Files\ManyCam 2.1\ManyCam.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Raccourci (2) vers chatserv.lnk = C:\chatserv4\chatserv.exe
O4 - Startup: Raccourci (3) vers chatserv.lnk = C:\chatserv9\chatserv.exe
O4 - Startup: Raccourci vers chatserv.lnk = C:\chatserv6\chatserv.exe
O4 - Startup: Raccourci vers chatserv5.lnk = C:\chatserv_bleu\chatserv.exe
O4 - Startup: TribalWeb.lnk = D:\Program Files\TribalWeb\tribalweb.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - D:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Program Files\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Program Files\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Program Files\PRMT6\PRMTIE\options.htm
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Program Files\PRMT6\PRMTIE\options.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - https://resources.flexera.com/web/installengine/engine/isetupml.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - D:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
voici le rapport :)))
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:04:08, on 07/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PSIService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\notepad.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\WebcamMax\wcmmon.exe
D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\FlashGet\FlashGet.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Neuf\Kit\WiFi\9wifi.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\ManyCam 2.1\ManyCam.exe
D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\Program Files\WinZip\WZQKPICK.EXE
D:\Program Files\Logitech\Video\FxSvr2.exe
C:\chatserv4\chatserv.exe
C:\chatserv9\chatserv.exe
C:\chatserv6\chatserv.exe
D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\chatserv_bleu\chatserv.exe
D:\Program Files\TribalWeb\tribalweb.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\PROGRA~1\Mozilla Firefox\firefox.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Windows Live\Mail\wlmail.exe
D:\Program Files\Trend Micro\HijackThis\MonJack.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,D:\WINDOWS\system32\%%%.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - D:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Traducteur - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - D:\Program Files\PRMT6\PRMTIE\prmtie.dll
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [WebcamMaxMoniter] "D:\Program Files\WebcamMax\wcmmon.exe" /a
O4 - HKLM\..\Run: [vspdfprsrv.exe] D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background
O4 - HKLM\..\Run: [TrayServer] D:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] D:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Flashget] D:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "D:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [36X Raid Configurer] D:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Flash Media] D:\WINDOWS\system32\%%%.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ManyCam] "D:\Program Files\ManyCam 2.1\ManyCam.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Raccourci (2) vers chatserv.lnk = C:\chatserv4\chatserv.exe
O4 - Startup: Raccourci (3) vers chatserv.lnk = C:\chatserv9\chatserv.exe
O4 - Startup: Raccourci vers chatserv.lnk = C:\chatserv6\chatserv.exe
O4 - Startup: Raccourci vers chatserv5.lnk = C:\chatserv_bleu\chatserv.exe
O4 - Startup: TribalWeb.lnk = D:\Program Files\TribalWeb\tribalweb.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - D:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Program Files\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Program Files\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Program Files\PRMT6\PRMTIE\options.htm
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Program Files\PRMT6\PRMTIE\options.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - https://resources.flexera.com/web/installengine/engine/isetupml.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - D:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
C'est un phoenix
===================== COMBOFIX =======================
</gras>
• Imprimer ou sauvegarder avec le bloc-note cette procédure car la suite va se dérouler sans accès à Internet.
• Installer ComboFix sur le bureau
Note :
Le serveur de téléchargement peut être en surcharge et renvoyer une page d'erreur. Il faut insister.
• Renommer COMBOFIX.EXE en COMBO-FIX.EXE
------
• Redémarrer en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
• Attention, pas d’accès à internet dans ce mode. Enregistrer ou imprimer les consignes.
• Relancer le Pc et tapoter la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
• Avec les touches « flèches », sélectionner Mode sans échec ==> entrée ==>nom utilisateur habituel
-------
• Désactiver seulement pendant l'utilisation de ComboFix, la protection de l'antivirus et de l'antispyware ceux-ci pouvant entraver le bon fonctionnement de combofix
• Fermer toutes les applications en cours
• Double-click sur l'icône qui s'est installé sur le bureau
• Appuyer sur la touche 1 puis sur entrée:
• Laisser Combofix travailler sans se servir de la machine.
• Si ComboFix a besoin de redémarrer la machine, laisser faire sinon redémarrer en mode normal.
• Copier/Coller le rapport généré dans le bloc-note dans le prochain message
(Ce fichier est automatiquement généré et enregistré sous C:\Combofix.txt) + Rapport HiJackThis
===================== COMBOFIX =======================
</gras>
• Imprimer ou sauvegarder avec le bloc-note cette procédure car la suite va se dérouler sans accès à Internet.
• Installer ComboFix sur le bureau
Note :
Le serveur de téléchargement peut être en surcharge et renvoyer une page d'erreur. Il faut insister.
• Renommer COMBOFIX.EXE en COMBO-FIX.EXE
------
• Redémarrer en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
• Attention, pas d’accès à internet dans ce mode. Enregistrer ou imprimer les consignes.
• Relancer le Pc et tapoter la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
• Avec les touches « flèches », sélectionner Mode sans échec ==> entrée ==>nom utilisateur habituel
-------
• Désactiver seulement pendant l'utilisation de ComboFix, la protection de l'antivirus et de l'antispyware ceux-ci pouvant entraver le bon fonctionnement de combofix
• Fermer toutes les applications en cours
• Double-click sur l'icône qui s'est installé sur le bureau
• Appuyer sur la touche 1 puis sur entrée:
• Laisser Combofix travailler sans se servir de la machine.
• Si ComboFix a besoin de redémarrer la machine, laisser faire sinon redémarrer en mode normal.
• Copier/Coller le rapport généré dans le bloc-note dans le prochain message
(Ce fichier est automatiquement généré et enregistré sous C:\Combofix.txt) + Rapport HiJackThis
re
voici les 2 rapportss
ComboFix 08-04-06.1 - clement 2008-04-07 14:36:13.7 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.2653 [GMT 2:00]
Endroit: D:\Documents and Settings\clement\Bureau\COMBO-FIX.EXE
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
TimedOut: progfile.dat
((((((((((((((((((((((((((((( Fichiers créés 2008-03-07 to 2008-04-07 ))))))))))))))))))))))))))))))))))))
.
2008-04-07 14:27 . 2008-04-07 14:28 <REP> d-------- D:\ComboFix
2008-04-07 12:31 . 2008-04-07 12:31 9,296 --a------ D:\WINDOWS\system32\bzjccg.exe
2008-04-07 12:31 . 2008-04-07 12:31 244 --ah----- D:\sqmnoopt01.sqm
2008-04-07 12:31 . 2008-04-07 12:31 232 --ah----- D:\sqmdata01.sqm
2008-04-07 08:20 . 2008-04-07 08:20 <REP> d-------- D:\Program Files\Malwarebytes' Anti-Malware
2008-04-07 08:20 . 2008-04-07 08:20 <REP> d-------- D:\Documents and Settings\clement\Application Data\Malwarebytes
2008-04-07 08:20 . 2008-04-07 08:20 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-07 07:52 . 2008-04-07 07:52 <REP> d-------- D:\WINDOWS\ERUNT
2008-04-07 07:46 . 2008-04-07 08:08 <REP> d-------- D:\SDFix
2008-04-07 07:29 . 2008-04-07 07:29 9,296 --a------ D:\WINDOWS\system32\yfhuwc.exe
2008-04-07 07:29 . 2008-04-07 07:29 244 --ah----- D:\sqmnoopt00.sqm
2008-04-07 07:29 . 2008-04-07 07:29 232 --ah----- D:\sqmdata00.sqm
2008-04-07 05:10 . 2008-04-07 05:10 9,296 --a------ D:\WINDOWS\system32\ipwftr.exe
2008-04-07 05:08 . 2008-04-07 05:12 <REP> d-------- D:\MSNFix
2008-04-07 05:08 . 2008-04-07 05:07 447,902 --a------ D:\MSNFix.zip
2008-04-06 16:55 . 2008-04-06 16:55 <REP> d-------- D:\Program Files\Live-Prod
2008-04-05 13:04 . 2008-04-05 13:15 <REP> d-------- D:\Program Files\Abacre Photo Downloader
2008-04-05 10:09 . 2008-04-05 10:09 <REP> d-------- D:\WINDOWS\JSAS
2008-04-05 10:09 . 2008-04-05 10:09 <REP> d-------- D:\Program Files\JSAS
2008-04-04 23:05 . 2008-03-29 19:31 75,856 --a------ D:\WINDOWS\system32\drivers\aswSP.sys
2008-04-04 23:05 . 2008-03-29 19:35 20,560 --a------ D:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-26 18:56 . 2008-03-26 18:56 <REP> d-------- D:\Program Files\Synapse Développement
2008-03-26 18:56 . 2008-03-26 18:56 24,276 --a------ D:\WINDOWS\system\axd99cab.dll
2008-03-26 18:07 . 2008-03-26 18:07 23 --a------ D:\WINDOWS\system32\dp48x.hlx
2008-03-26 17:56 . 2008-03-26 17:56 <REP> d-------- D:\Program Files\Yooda
2008-03-26 17:35 . 2008-03-26 17:59 <REP> d-------- D:\Program Files\TRELLIAN
2008-03-26 05:49 . 2008-03-26 05:58 <REP> d-------- D:\Program Files\Ref Hotkey
2008-03-26 02:50 . 2008-04-06 14:50 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-26 00:31 . 2008-03-26 00:31 <REP> d-------- D:\Program Files\IVCsoft
2008-03-26 00:13 . 2008-03-26 00:13 <REP> d-------- D:\Program Files\BulletProofSoft.com
2008-03-22 00:20 . 2008-03-22 00:20 <REP> d-------- D:\Program Files\TribalWeb
2008-03-22 00:20 . 2008-04-06 17:13 <REP> d-------- D:\Documents and Settings\clement\Application Data\TribalWeb
2008-03-20 02:51 . 2008-03-20 03:16 <REP> d-------- D:\Program Files\SecondLife
2008-03-20 02:51 . 2008-03-20 02:58 <REP> d-------- D:\Documents and Settings\clement\Application Data\SecondLife
2008-03-16 21:13 . 2008-04-02 09:01 <REP> d-------- D:\Program Files\RamBoost XP
2008-03-15 17:39 . 2008-03-15 17:39 <REP> d-------- D:\Program Files\Apache Software Foundation
2008-03-15 02:26 . 2008-03-15 02:26 0 --a------ D:\WINDOWS\nsreg.dat
2008-03-15 01:18 . 2008-03-29 19:43 <REP> d-------- D:\Program Files\FileZilla FTP Client
2008-03-15 01:12 . 2008-03-15 01:15 <REP> d-------- D:\Documents and Settings\clement\Application Data\Sites
2008-03-15 01:12 . 2008-03-15 01:12 <REP> d-------- D:\Documents and Settings\clement\Application Data\Dynamique
2008-03-15 01:12 . 2008-03-15 01:12 <REP> d-------- D:\Documents and Settings\clement\Application Data\Classes de site
2008-03-15 01:11 . 2008-03-15 01:11 <REP> d-------- D:\Program Files\vmntoolbar
2008-03-15 01:11 . 2008-03-15 01:11 <REP> d-------- D:\Program Files\Visicom Media
2008-03-15 01:11 . 2008-04-07 13:53 <REP> d-------- D:\Documents and Settings\clement\Application Data\vmntoolbar
2008-03-14 14:55 . 2008-03-14 14:55 <REP> d-------- D:\Program Files\Vista Buttons Trial
2008-03-14 00:28 . 2008-03-14 00:28 <REP> d-------- D:\Program Files\PRMT6
2008-03-14 00:28 . 2008-03-14 00:28 <REP> d-------- D:\Program Files\Fichiers communs\PROject MT
2008-03-14 00:28 . 2008-03-14 00:28 <REP> d-------- D:\Documents and Settings\clement\Application Data\PROject MT
2008-03-14 00:28 . 2008-03-14 00:28 <REP> d-------- D:\Documents and Settings\All Users\Application Data\PROject MT
2008-03-13 23:57 . 2008-03-13 23:57 <REP> d-------- D:\Program Files\ThiWeb Live 2
2008-03-13 23:44 . 2008-03-13 23:44 <REP> d-------- D:\Program Files\Antadis
2008-03-13 15:36 . 2008-03-13 15:36 <REP> d-------- D:\Program Files\Pierre Le Muzic - Editeur Fichier CSS
2008-03-13 09:51 . 2008-03-13 09:51 <REP> d-------- D:\Program Files\directx
2008-03-13 09:46 . 2008-03-13 09:46 <REP> d-------- D:\Program Files\Micro Application
2008-03-13 09:46 . 2008-03-13 09:46 40 --a------ D:\WINDOWS\NAVIGMA.INI
2008-03-11 09:54 . 2008-03-11 10:08 <REP> d-------- D:\Documents and Settings\All Users\Application Data\WinZip
2008-03-09 19:26 . 2008-03-09 19:26 <REP> d-------- D:\Program Files\innotek VirtualBox
2008-03-09 16:43 . 2008-03-09 16:50 <REP> d-------- D:\Program Files\MSN Spy 2004
2008-03-09 07:31 . 2008-04-07 12:34 54,156 --ah----- D:\WINDOWS\QTFont.qfn
2008-03-09 07:31 . 2008-03-09 07:31 1,409 --a------ D:\WINDOWS\QTFont.for
2008-03-08 17:58 . 2008-03-08 17:58 <REP> d-------- D:\_OTMoveIt
2008-03-08 07:18 . 2008-03-09 07:45 <REP> d-------- D:\WINDOWS\BDOSCAN8
2008-03-07 17:12 . 2008-03-09 19:03 <REP> d-------- D:\Program Files\Navilog1
2008-03-07 16:13 . 2008-03-07 16:13 <REP> d-------- D:\Program Files\Trend Micro
2008-03-07 15:40 . 2008-03-07 16:04 <REP> d-------- D:\Program Files\Lopxp
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-07 12:25 --------- d-----w D:\Program Files\FlashGet
2008-04-07 00:03 --------- d-----w D:\Program Files\ManyCam 2.1
2008-04-06 23:03 --------- d-----w D:\Program Files\DynDNS Updater
2008-04-06 14:26 --------- d-----w D:\Program Files\AxBx
2008-04-06 13:18 --------- d-----w D:\Documents and Settings\clement\Application Data\FileZilla
2008-03-29 17:45 1,146,232 ----a-w D:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w D:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w D:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w D:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w D:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w D:\WINDOWS\system32\AvastSS.scr
2008-03-29 04:38 --------- d-----w D:\Documents and Settings\clement\Application Data\teamspeak2
2008-03-28 17:23 --------- d-----w D:\Program Files\eChanblard
2008-03-26 16:56 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-03-26 10:47 --------- d-----w D:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-26 00:51 --------- d-----w D:\Program Files\Google
2008-03-23 20:26 --------- d-----w D:\Program Files\Messenger Plus! Live
2008-03-23 18:39 1,122,304 ---h--w D:\WINDOWS\system32\wodfamop.dll
2008-03-13 19:47 --------- d-----w D:\Program Files\Java
2008-03-07 08:16 --------- d-----w D:\Program Files\SUPERAntiSpyware
2008-03-07 08:16 --------- d-----w D:\Documents and Settings\clement\Application Data\SUPERAntiSpyware.com
2008-03-06 10:31 --------- d-----w D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-05 13:29 --------- d-----w D:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-05 13:21 --------- d-----w D:\Program Files\Opera
2008-03-04 09:24 --------- d-----w D:\Documents and Settings\All Users\Application Data\HP
2008-03-04 09:23 --------- d-----w D:\Program Files\Fichiers communs\HP
2008-03-04 09:22 --------- d-----w D:\Program Files\HP
2008-03-04 09:22 --------- d-----w D:\Program Files\Hewlett-Packard
2008-03-04 09:21 --------- d-----w D:\Program Files\Fichiers communs\Hewlett-Packard
2008-03-04 03:22 --------- d-----w D:\Program Files\ISO Commander
2008-03-02 01:29 --------- d-----w D:\Program Files\Fichiers communs\Macromedia
2008-03-02 01:28 --------- d-----w D:\Program Files\Macromedia
2008-03-01 10:48 --------- d-----w D:\Documents and Settings\invite\Application Data\Webcammax
2008-03-01 10:48 --------- d-----w D:\Documents and Settings\invite\Application Data\Nero
2008-03-01 10:48 --------- d-----w D:\Documents and Settings\invite\Application Data\Grisoft
2008-03-01 08:58 --------- d-----w D:\Documents and Settings\Administrateur\Application Data\Grisoft
2008-02-27 22:14 --------- d-----w D:\Documents and Settings\clement\Application Data\dvdcss
2008-02-27 16:17 --------- d-----w D:\Program Files\ABC Amber XML Converter
2008-02-26 03:26 --------- d-----w D:\Program Files\CCleaner
2008-02-26 03:22 --------- d-----w D:\Program Files\Morpheus
2008-02-25 22:51 --------- d-----w D:\Program Files\Paltalk Messenger
2008-02-25 22:51 --------- d-----w D:\Documents and Settings\clement\Application Data\Paltalk
2008-02-25 17:09 --------- d-----w D:\Documents and Settings\clement\Application Data\LimeWire
2008-02-25 03:08 --------- d-----w D:\Documents and Settings\clement\Application Data\blaxxun interactive
2008-02-25 03:03 --------- d-----w D:\Program Files\AskPBar
2008-02-24 00:07 --------- d-----w D:\Program Files\WebcamMax
2008-02-23 15:11 --------- d-----w D:\Documents and Settings\clement\Application Data\OtakuSoftware
2008-02-22 21:46 --------- d-----w D:\Program Files\Fichiers communs\DVDVideoSoft
2008-02-22 21:46 --------- d-----w D:\Program Files\DVDVideoSoft
2008-02-22 21:45 --------- d-----w D:\Program Files\OneStopSoft.com
2008-02-22 21:34 --------- d-----w D:\Program Files\MAGIX
2008-02-22 21:34 --------- d-----w D:\Documents and Settings\clement\Application Data\MAGIX
2008-02-22 21:33 --------- d-----w D:\Program Files\Fichiers communs\MAGIX Shared
2008-02-22 21:33 --------- d-----w D:\Documents and Settings\All Users\Application Data\MAGIX
2008-02-20 19:17 40,928 ----a-w D:\WINDOWS\system32\drivers\VBoxDrv.sys
2008-02-20 19:17 27,776 ----a-w D:\WINDOWS\system32\drivers\VBoxUSBMon.sys
2008-02-20 08:18 --------- d-----w D:\Program Files\CommentCaMarche
2008-02-14 22:03 --------- d-----w D:\Documents and Settings\clement\Application Data\eXPert PDF Editor
2008-02-14 21:52 --------- d-----w D:\Documents and Settings\All Users\Application Data\eXPert PDF 5
2008-02-14 21:48 --------- d-----w D:\Program Files\Fichiers communs\Nero
2008-02-14 21:48 --------- d-----w D:\Documents and Settings\clement\Application Data\Nero
2008-02-14 21:47 --------- d-----w D:\Program Files\Nero
2008-02-14 21:47 --------- d-----w D:\Documents and Settings\All Users\Application Data\Nero
2008-02-14 21:40 --------- d-----w D:\Program Files\Visagesoft
2008-02-14 21:40 --------- d-----w D:\Documents and Settings\All Users\Application Data\eXPert PDF Jobs
2008-02-14 21:40 --------- d-----w D:\Documents and Settings\All Users\Application Data\eXPert PDF
2008-02-14 21:37 --------- d-----w D:\Program Files\MOVAVI
2008-02-14 21:37 --------- d-----w D:\Program Files\ConvertMovie 5.0
2008-02-14 00:49 --------- d-----w D:\Documents and Settings\clement\Application Data\Dev-Cpp
2008-02-13 17:34 --------- d-----w D:\Program Files\PhotoFiltre
2008-02-13 13:36 13 ---h--w D:\Documents and Settings\All Users\Application Data\1ÌØ13.sys
2008-02-13 13:36 --------- d-----w D:\Program Files\CoffeeCup Software
2008-02-13 12:38 --------- d-----w D:\Program Files\Microsoft Visual Studio .NET
2008-02-13 12:38 --------- d-----w D:\Program Files\Gdot
2008-02-13 12:38 --------- d-----w D:\Program Files\Fichiers communs\Crystal Decisions
2008-02-13 07:42 --------- d-----w D:\Program Files\Alwil Software
2008-02-12 22:56 --------- d-----w D:\Program Files\PDFCreator
2008-02-12 19:20 --------- d-----w D:\Program Files\PDFapps Convert PDF to HTML 2.0
2008-02-12 13:19 --------- d-----w D:\Documents and Settings\clement\Application Data\Nvu
2008-02-11 20:52 --------- d-----w D:\Program Files\LimeWire
2008-02-11 02:00 --------- d-----w D:\Program Files\MSXML 4.0
2008-02-10 22:19 3,452 --sha-w D:\WINDOWS\system32\KGyGaAvL.sys
2008-02-10 22:18 --------- d-----w D:\Documents and Settings\clement\Application Data\Corel
2008-02-10 18:21 --------- d-----w D:\Program Files\iTunes
2008-02-10 18:21 --------- d-----w D:\Program Files\iPod
2008-02-10 18:21 --------- d-----w D:\Program Files\Bonjour
2008-02-10 18:21 --------- d-----w D:\Documents and Settings\clement\Application Data\Apple Computer
2008-02-10 18:21 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-10 18:20 --------- d-----w D:\Program Files\QuickTime
2008-02-10 18:19 --------- d-----w D:\Program Files\Apple Software Update
2008-02-10 18:18 --------- d-----w D:\Program Files\Fichiers communs\Apple
2008-02-10 18:18 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple
2008-02-10 11:03 --------- d-----w D:\Documents and Settings\All Users\Application Data\Corel
2008-02-10 11:02 --------- d-----w D:\Program Files\Fichiers communs\Corel
2008-02-10 11:02 --------- d-----w D:\Program Files\Corel
2008-02-09 03:32 --------- d-----w D:\Program Files\Teleport Pro
2008-02-09 02:00 --------- d-----w D:\Program Files\MSXML 6.0
2008-02-08 19:36 --------- d-----w D:\Program Files\WinHTTrack
2008-02-08 19:30 --------- d-----w D:\Program Files\MorpheusBar
2008-02-08 12:33 --------- d-----w D:\Program Files\ParallelGraphics
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]
2007-10-24 16:27 1918936 --a------ D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-8287-79A187E26987}"= "D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL" [2007-10-24 16:27 1918936]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
[HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-8287-79A187E26987}"= D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL [2007-10-24 16:27 1918936]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
[HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="D:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-11-06 16:03 5724184]
"ManyCam"="D:\Program Files\ManyCam 2.1\ManyCam.exe" [2007-08-20 12:44 1515520]
"LogitechSoftwareUpdate"="D:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 18:07 196608]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 20:10 1688872]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"WebcamMaxMoniter"="D:\Program Files\WebcamMax\wcmmon.exe" [2007-09-16 07:15 450048]
"vspdfprsrv.exe"="D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe" [2007-07-02 20:58 966656]
"TrayServer"="D:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe" [2007-07-17 14:58 90112]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SoundMAXPnP"="D:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 22:34 868352]
"SoundMAX"="D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 08:12 729088]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2008-02-10 19:59 385024]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 D:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"NeroFilterCheck"="D:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 15:21 2213160]
"LVCOMSX"="D:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 12:52 221184]
"LogitechVideoTray"="D:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 18:37 217088]
"LogitechVideoRepair"="D:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 18:47 458752]
"JMB36X IDE Setup"="D:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 15:36 36864]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 15:18 267048]
"Flashget"="D:\Program Files\FlashGet\FlashGet.exe" [2007-09-25 10:10 2007088]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"Autoconfigurateur WiFi Neuf"="D:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2007-02-14 13:06 181752]
"36X Raid Configurer"="D:\WINDOWS\system32\xRaidSetup.exe" [2007-03-21 17:23 1953792]
"HP Software Update"="D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 16:49 49152]
"Flash Media"="D:\WINDOWS\system32\%%%.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
"DWQueuedReporting"="D:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 17:38 39264]
"msnmsgr"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-11-06 16:03 5724184]
D:\Documents and Settings\clement\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
Raccourci (2) vers chatserv.lnk - C:\chatserv4\chatserv.exe [2007-12-30 12:36:29 1855526]
Raccourci (3) vers chatserv.lnk - C:\chatserv9\chatserv.exe [2007-12-30 12:36:39 1855526]
Raccourci vers chatserv.lnk - C:\chatserv6\chatserv.exe [2007-12-30 12:36:34 1855526]
Raccourci vers chatserv5.lnk - C:\chatserv_bleu\chatserv.exe [2008-02-20 14:49:16 1855526]
TribalWeb.lnk - D:\Program Files\TribalWeb\tribalweb.exe [2008-03-22 00:20:37 1077248]
D:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide du logiciel HP Image Zone.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 20:50:52 53248]
HP Digital Imaging Monitor.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 20:28:24 258048]
Outil de mise … jour Google.lnk - D:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-26 02:50:34 124400]
WinZip Quick Pick.lnk - D:\Program Files\WinZip\WZQKPICK.EXE [2007-06-06 12:10:02 394856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= lvcodec2.dll
"MSVideo"= vfwwdm32.dll
"MSVideo8"= VfWWDM32.dll
"vidc.tscc"= tsccvid.dll
"vidc.LEAD"= LCODCCMP.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\chatserv9\\chatserv.exe"=
"C:\\chatserv4\\chatserv.exe"=
"C:\\chatserv2\\chatserv.exe"=
"C:\\chat.scania\\chat.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\French\\setup.exe"=
"C:\\chatserv6\\chatserv.exe"=
"D:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"D:\\chat.scan\\chat.exe"=
"D:\\chat.scania\\chat.exe"=
"D:\\Program Files\\eChanblard\\emule.exe"=
"D:\\Program Files\\Morpheus\\Morpheus.exe"=
"D:\\Program Files\\Internet Explorer\\iexplore.exe"=
"D:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"D:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"D:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"D:\\Program Files\\innotek VirtualBox\\VirtualBox.exe"=
"C:\\chatserv_bleu\\chatserv.exe"=
"D:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"=
"D:\\chatserv\\chatserv.exe"=
"D:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"D:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"D:\\Program Files\\TribalWeb\\tribalweb.exe"=
"D:\\Program Files\\Yooda\\SeeUrankV3\\SeeUrank.exe"=
"D:\\Program Files\\JSAS\\http_root\\usr\\local\\Apache2\\bin\\Apache.exe"=
"D:\\Program Files\\JSAS\\http_root\\usr\\local\\mysql\\bin\\mysqld-opt.exe"=
"D:\\WINDOWS\\system32\\%%%.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7890:TCP"= 7890:TCP:e3
"7890:UDP"= 7890:UDP:e4
S1 aswSP;avast! Self Protection;D:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
S1 VBoxDrv;VirtualBox Service;D:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2008-02-20 21:17]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;D:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2008-02-20 21:17]
S2 aswFsBlk;aswFsBlk;D:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
S2 CamthWDM;WebcamMax, WDM Video Capture;D:\WINDOWS\system32\DRIVERS\CamthWDM.sys [2007-10-06 10:38]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 16:18]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;D:\WINDOWS\system32\DRIVERS\ManyCam.sys [2007-03-22 14:17]
S3 PCASp50;PCASp50 NDIS Protocol Driver;D:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 03:13]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;D:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-06-16 16:30]
S3 SjyPkt;SjyPkt;D:\WINDOWS\System32\Drivers\SjyPkt.sys [2006-03-31 05:39]
S3 VBoxTAP;VirtualBox TAP Adapter;D:\WINDOWS\system32\DRIVERS\VBoxTAP.sys [2007-09-03 18:19]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa35ab71-c10a-11dc-8d72-806d6172696f}]
\Shell\AutoRun\command - E:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5a2d3a6-c126-11dc-97b0-00146c722b84}]
\Shell\AutoRun\command - setupSNK.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-02 20:08:00 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- D:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-07 05:43:19 D:\WINDOWS\Tasks\User_Feed_Synchronization-{25E3F2BE-EC8D-4DBB-AF4F-599536C5B7CB}.job"
- D:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-07 14:37:34
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-04-07 14:38:02
ComboFix-quarantined-files.txt 2008-04-07 12:37:55
ComboFix2.txt 2008-04-07 12:34:08
ComboFix3.txt 2008-03-08 15:50:59
ComboFix4.txt 2008-03-08 09:38:01
ComboFix5.txt 2008-03-08 09:35:08
Pre-Run: 104,612,876,288 octets libres
Post-Run: 104,599,052,288 octets libres
.
2008-03-12 07:03:31 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:42:23, on 07/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PSIService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\WebcamMax\wcmmon.exe
D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\FlashGet\FlashGet.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Neuf\Kit\WiFi\9wifi.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\ManyCam 2.1\ManyCam.exe
D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\Program Files\Logitech\Video\FxSvr2.exe
D:\Program Files\WinZip\WZQKPICK.EXE
C:\chatserv4\chatserv.exe
C:\chatserv9\chatserv.exe
C:\chatserv6\chatserv.exe
D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\chatserv_bleu\chatserv.exe
D:\Program Files\TribalWeb\tribalweb.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Trend Micro\HijackThis\MonJack.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - D:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Traducteur - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - D:\Program Files\PRMT6\PRMTIE\prmtie.dll
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [WebcamMaxMoniter] "D:\Program Files\WebcamMax\wcmmon.exe" /a
O4 - HKLM\..\Run: [vspdfprsrv.exe] D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background
O4 - HKLM\..\Run: [TrayServer] D:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] D:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Flashget] D:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "D:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [36X Raid Configurer] D:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Flash Media] D:\WINDOWS\system32\%%%.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ManyCam] "D:\Program Files\ManyCam 2.1\ManyCam.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Raccourci (2) vers chatserv.lnk = C:\chatserv4\chatserv.exe
O4 - Startup: Raccourci (3) vers chatserv.lnk = C:\chatserv9\chatserv.exe
O4 - Startup: Raccourci vers chatserv.lnk = C:\chatserv6\chatserv.exe
O4 - Startup: Raccourci vers chatserv5.lnk = C:\chatserv_bleu\chatserv.exe
O4 - Startup: TribalWeb.lnk = D:\Program Files\TribalWeb\tribalweb.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - D:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Program Files\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Program Files\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Program Files\PRMT6\PRMTIE\options.htm
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Program Files\PRMT6\PRMTIE\options.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - https://resources.flexera.com/web/installengine/engine/isetupml.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - D:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
voici les 2 rapportss
ComboFix 08-04-06.1 - clement 2008-04-07 14:36:13.7 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.2653 [GMT 2:00]
Endroit: D:\Documents and Settings\clement\Bureau\COMBO-FIX.EXE
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
TimedOut: progfile.dat
((((((((((((((((((((((((((((( Fichiers créés 2008-03-07 to 2008-04-07 ))))))))))))))))))))))))))))))))))))
.
2008-04-07 14:27 . 2008-04-07 14:28 <REP> d-------- D:\ComboFix
2008-04-07 12:31 . 2008-04-07 12:31 9,296 --a------ D:\WINDOWS\system32\bzjccg.exe
2008-04-07 12:31 . 2008-04-07 12:31 244 --ah----- D:\sqmnoopt01.sqm
2008-04-07 12:31 . 2008-04-07 12:31 232 --ah----- D:\sqmdata01.sqm
2008-04-07 08:20 . 2008-04-07 08:20 <REP> d-------- D:\Program Files\Malwarebytes' Anti-Malware
2008-04-07 08:20 . 2008-04-07 08:20 <REP> d-------- D:\Documents and Settings\clement\Application Data\Malwarebytes
2008-04-07 08:20 . 2008-04-07 08:20 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-07 07:52 . 2008-04-07 07:52 <REP> d-------- D:\WINDOWS\ERUNT
2008-04-07 07:46 . 2008-04-07 08:08 <REP> d-------- D:\SDFix
2008-04-07 07:29 . 2008-04-07 07:29 9,296 --a------ D:\WINDOWS\system32\yfhuwc.exe
2008-04-07 07:29 . 2008-04-07 07:29 244 --ah----- D:\sqmnoopt00.sqm
2008-04-07 07:29 . 2008-04-07 07:29 232 --ah----- D:\sqmdata00.sqm
2008-04-07 05:10 . 2008-04-07 05:10 9,296 --a------ D:\WINDOWS\system32\ipwftr.exe
2008-04-07 05:08 . 2008-04-07 05:12 <REP> d-------- D:\MSNFix
2008-04-07 05:08 . 2008-04-07 05:07 447,902 --a------ D:\MSNFix.zip
2008-04-06 16:55 . 2008-04-06 16:55 <REP> d-------- D:\Program Files\Live-Prod
2008-04-05 13:04 . 2008-04-05 13:15 <REP> d-------- D:\Program Files\Abacre Photo Downloader
2008-04-05 10:09 . 2008-04-05 10:09 <REP> d-------- D:\WINDOWS\JSAS
2008-04-05 10:09 . 2008-04-05 10:09 <REP> d-------- D:\Program Files\JSAS
2008-04-04 23:05 . 2008-03-29 19:31 75,856 --a------ D:\WINDOWS\system32\drivers\aswSP.sys
2008-04-04 23:05 . 2008-03-29 19:35 20,560 --a------ D:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-26 18:56 . 2008-03-26 18:56 <REP> d-------- D:\Program Files\Synapse Développement
2008-03-26 18:56 . 2008-03-26 18:56 24,276 --a------ D:\WINDOWS\system\axd99cab.dll
2008-03-26 18:07 . 2008-03-26 18:07 23 --a------ D:\WINDOWS\system32\dp48x.hlx
2008-03-26 17:56 . 2008-03-26 17:56 <REP> d-------- D:\Program Files\Yooda
2008-03-26 17:35 . 2008-03-26 17:59 <REP> d-------- D:\Program Files\TRELLIAN
2008-03-26 05:49 . 2008-03-26 05:58 <REP> d-------- D:\Program Files\Ref Hotkey
2008-03-26 02:50 . 2008-04-06 14:50 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-26 00:31 . 2008-03-26 00:31 <REP> d-------- D:\Program Files\IVCsoft
2008-03-26 00:13 . 2008-03-26 00:13 <REP> d-------- D:\Program Files\BulletProofSoft.com
2008-03-22 00:20 . 2008-03-22 00:20 <REP> d-------- D:\Program Files\TribalWeb
2008-03-22 00:20 . 2008-04-06 17:13 <REP> d-------- D:\Documents and Settings\clement\Application Data\TribalWeb
2008-03-20 02:51 . 2008-03-20 03:16 <REP> d-------- D:\Program Files\SecondLife
2008-03-20 02:51 . 2008-03-20 02:58 <REP> d-------- D:\Documents and Settings\clement\Application Data\SecondLife
2008-03-16 21:13 . 2008-04-02 09:01 <REP> d-------- D:\Program Files\RamBoost XP
2008-03-15 17:39 . 2008-03-15 17:39 <REP> d-------- D:\Program Files\Apache Software Foundation
2008-03-15 02:26 . 2008-03-15 02:26 0 --a------ D:\WINDOWS\nsreg.dat
2008-03-15 01:18 . 2008-03-29 19:43 <REP> d-------- D:\Program Files\FileZilla FTP Client
2008-03-15 01:12 . 2008-03-15 01:15 <REP> d-------- D:\Documents and Settings\clement\Application Data\Sites
2008-03-15 01:12 . 2008-03-15 01:12 <REP> d-------- D:\Documents and Settings\clement\Application Data\Dynamique
2008-03-15 01:12 . 2008-03-15 01:12 <REP> d-------- D:\Documents and Settings\clement\Application Data\Classes de site
2008-03-15 01:11 . 2008-03-15 01:11 <REP> d-------- D:\Program Files\vmntoolbar
2008-03-15 01:11 . 2008-03-15 01:11 <REP> d-------- D:\Program Files\Visicom Media
2008-03-15 01:11 . 2008-04-07 13:53 <REP> d-------- D:\Documents and Settings\clement\Application Data\vmntoolbar
2008-03-14 14:55 . 2008-03-14 14:55 <REP> d-------- D:\Program Files\Vista Buttons Trial
2008-03-14 00:28 . 2008-03-14 00:28 <REP> d-------- D:\Program Files\PRMT6
2008-03-14 00:28 . 2008-03-14 00:28 <REP> d-------- D:\Program Files\Fichiers communs\PROject MT
2008-03-14 00:28 . 2008-03-14 00:28 <REP> d-------- D:\Documents and Settings\clement\Application Data\PROject MT
2008-03-14 00:28 . 2008-03-14 00:28 <REP> d-------- D:\Documents and Settings\All Users\Application Data\PROject MT
2008-03-13 23:57 . 2008-03-13 23:57 <REP> d-------- D:\Program Files\ThiWeb Live 2
2008-03-13 23:44 . 2008-03-13 23:44 <REP> d-------- D:\Program Files\Antadis
2008-03-13 15:36 . 2008-03-13 15:36 <REP> d-------- D:\Program Files\Pierre Le Muzic - Editeur Fichier CSS
2008-03-13 09:51 . 2008-03-13 09:51 <REP> d-------- D:\Program Files\directx
2008-03-13 09:46 . 2008-03-13 09:46 <REP> d-------- D:\Program Files\Micro Application
2008-03-13 09:46 . 2008-03-13 09:46 40 --a------ D:\WINDOWS\NAVIGMA.INI
2008-03-11 09:54 . 2008-03-11 10:08 <REP> d-------- D:\Documents and Settings\All Users\Application Data\WinZip
2008-03-09 19:26 . 2008-03-09 19:26 <REP> d-------- D:\Program Files\innotek VirtualBox
2008-03-09 16:43 . 2008-03-09 16:50 <REP> d-------- D:\Program Files\MSN Spy 2004
2008-03-09 07:31 . 2008-04-07 12:34 54,156 --ah----- D:\WINDOWS\QTFont.qfn
2008-03-09 07:31 . 2008-03-09 07:31 1,409 --a------ D:\WINDOWS\QTFont.for
2008-03-08 17:58 . 2008-03-08 17:58 <REP> d-------- D:\_OTMoveIt
2008-03-08 07:18 . 2008-03-09 07:45 <REP> d-------- D:\WINDOWS\BDOSCAN8
2008-03-07 17:12 . 2008-03-09 19:03 <REP> d-------- D:\Program Files\Navilog1
2008-03-07 16:13 . 2008-03-07 16:13 <REP> d-------- D:\Program Files\Trend Micro
2008-03-07 15:40 . 2008-03-07 16:04 <REP> d-------- D:\Program Files\Lopxp
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-07 12:25 --------- d-----w D:\Program Files\FlashGet
2008-04-07 00:03 --------- d-----w D:\Program Files\ManyCam 2.1
2008-04-06 23:03 --------- d-----w D:\Program Files\DynDNS Updater
2008-04-06 14:26 --------- d-----w D:\Program Files\AxBx
2008-04-06 13:18 --------- d-----w D:\Documents and Settings\clement\Application Data\FileZilla
2008-03-29 17:45 1,146,232 ----a-w D:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w D:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w D:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w D:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w D:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w D:\WINDOWS\system32\AvastSS.scr
2008-03-29 04:38 --------- d-----w D:\Documents and Settings\clement\Application Data\teamspeak2
2008-03-28 17:23 --------- d-----w D:\Program Files\eChanblard
2008-03-26 16:56 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-03-26 10:47 --------- d-----w D:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-26 00:51 --------- d-----w D:\Program Files\Google
2008-03-23 20:26 --------- d-----w D:\Program Files\Messenger Plus! Live
2008-03-23 18:39 1,122,304 ---h--w D:\WINDOWS\system32\wodfamop.dll
2008-03-13 19:47 --------- d-----w D:\Program Files\Java
2008-03-07 08:16 --------- d-----w D:\Program Files\SUPERAntiSpyware
2008-03-07 08:16 --------- d-----w D:\Documents and Settings\clement\Application Data\SUPERAntiSpyware.com
2008-03-06 10:31 --------- d-----w D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-05 13:29 --------- d-----w D:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-05 13:21 --------- d-----w D:\Program Files\Opera
2008-03-04 09:24 --------- d-----w D:\Documents and Settings\All Users\Application Data\HP
2008-03-04 09:23 --------- d-----w D:\Program Files\Fichiers communs\HP
2008-03-04 09:22 --------- d-----w D:\Program Files\HP
2008-03-04 09:22 --------- d-----w D:\Program Files\Hewlett-Packard
2008-03-04 09:21 --------- d-----w D:\Program Files\Fichiers communs\Hewlett-Packard
2008-03-04 03:22 --------- d-----w D:\Program Files\ISO Commander
2008-03-02 01:29 --------- d-----w D:\Program Files\Fichiers communs\Macromedia
2008-03-02 01:28 --------- d-----w D:\Program Files\Macromedia
2008-03-01 10:48 --------- d-----w D:\Documents and Settings\invite\Application Data\Webcammax
2008-03-01 10:48 --------- d-----w D:\Documents and Settings\invite\Application Data\Nero
2008-03-01 10:48 --------- d-----w D:\Documents and Settings\invite\Application Data\Grisoft
2008-03-01 08:58 --------- d-----w D:\Documents and Settings\Administrateur\Application Data\Grisoft
2008-02-27 22:14 --------- d-----w D:\Documents and Settings\clement\Application Data\dvdcss
2008-02-27 16:17 --------- d-----w D:\Program Files\ABC Amber XML Converter
2008-02-26 03:26 --------- d-----w D:\Program Files\CCleaner
2008-02-26 03:22 --------- d-----w D:\Program Files\Morpheus
2008-02-25 22:51 --------- d-----w D:\Program Files\Paltalk Messenger
2008-02-25 22:51 --------- d-----w D:\Documents and Settings\clement\Application Data\Paltalk
2008-02-25 17:09 --------- d-----w D:\Documents and Settings\clement\Application Data\LimeWire
2008-02-25 03:08 --------- d-----w D:\Documents and Settings\clement\Application Data\blaxxun interactive
2008-02-25 03:03 --------- d-----w D:\Program Files\AskPBar
2008-02-24 00:07 --------- d-----w D:\Program Files\WebcamMax
2008-02-23 15:11 --------- d-----w D:\Documents and Settings\clement\Application Data\OtakuSoftware
2008-02-22 21:46 --------- d-----w D:\Program Files\Fichiers communs\DVDVideoSoft
2008-02-22 21:46 --------- d-----w D:\Program Files\DVDVideoSoft
2008-02-22 21:45 --------- d-----w D:\Program Files\OneStopSoft.com
2008-02-22 21:34 --------- d-----w D:\Program Files\MAGIX
2008-02-22 21:34 --------- d-----w D:\Documents and Settings\clement\Application Data\MAGIX
2008-02-22 21:33 --------- d-----w D:\Program Files\Fichiers communs\MAGIX Shared
2008-02-22 21:33 --------- d-----w D:\Documents and Settings\All Users\Application Data\MAGIX
2008-02-20 19:17 40,928 ----a-w D:\WINDOWS\system32\drivers\VBoxDrv.sys
2008-02-20 19:17 27,776 ----a-w D:\WINDOWS\system32\drivers\VBoxUSBMon.sys
2008-02-20 08:18 --------- d-----w D:\Program Files\CommentCaMarche
2008-02-14 22:03 --------- d-----w D:\Documents and Settings\clement\Application Data\eXPert PDF Editor
2008-02-14 21:52 --------- d-----w D:\Documents and Settings\All Users\Application Data\eXPert PDF 5
2008-02-14 21:48 --------- d-----w D:\Program Files\Fichiers communs\Nero
2008-02-14 21:48 --------- d-----w D:\Documents and Settings\clement\Application Data\Nero
2008-02-14 21:47 --------- d-----w D:\Program Files\Nero
2008-02-14 21:47 --------- d-----w D:\Documents and Settings\All Users\Application Data\Nero
2008-02-14 21:40 --------- d-----w D:\Program Files\Visagesoft
2008-02-14 21:40 --------- d-----w D:\Documents and Settings\All Users\Application Data\eXPert PDF Jobs
2008-02-14 21:40 --------- d-----w D:\Documents and Settings\All Users\Application Data\eXPert PDF
2008-02-14 21:37 --------- d-----w D:\Program Files\MOVAVI
2008-02-14 21:37 --------- d-----w D:\Program Files\ConvertMovie 5.0
2008-02-14 00:49 --------- d-----w D:\Documents and Settings\clement\Application Data\Dev-Cpp
2008-02-13 17:34 --------- d-----w D:\Program Files\PhotoFiltre
2008-02-13 13:36 13 ---h--w D:\Documents and Settings\All Users\Application Data\1ÌØ13.sys
2008-02-13 13:36 --------- d-----w D:\Program Files\CoffeeCup Software
2008-02-13 12:38 --------- d-----w D:\Program Files\Microsoft Visual Studio .NET
2008-02-13 12:38 --------- d-----w D:\Program Files\Gdot
2008-02-13 12:38 --------- d-----w D:\Program Files\Fichiers communs\Crystal Decisions
2008-02-13 07:42 --------- d-----w D:\Program Files\Alwil Software
2008-02-12 22:56 --------- d-----w D:\Program Files\PDFCreator
2008-02-12 19:20 --------- d-----w D:\Program Files\PDFapps Convert PDF to HTML 2.0
2008-02-12 13:19 --------- d-----w D:\Documents and Settings\clement\Application Data\Nvu
2008-02-11 20:52 --------- d-----w D:\Program Files\LimeWire
2008-02-11 02:00 --------- d-----w D:\Program Files\MSXML 4.0
2008-02-10 22:19 3,452 --sha-w D:\WINDOWS\system32\KGyGaAvL.sys
2008-02-10 22:18 --------- d-----w D:\Documents and Settings\clement\Application Data\Corel
2008-02-10 18:21 --------- d-----w D:\Program Files\iTunes
2008-02-10 18:21 --------- d-----w D:\Program Files\iPod
2008-02-10 18:21 --------- d-----w D:\Program Files\Bonjour
2008-02-10 18:21 --------- d-----w D:\Documents and Settings\clement\Application Data\Apple Computer
2008-02-10 18:21 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-10 18:20 --------- d-----w D:\Program Files\QuickTime
2008-02-10 18:19 --------- d-----w D:\Program Files\Apple Software Update
2008-02-10 18:18 --------- d-----w D:\Program Files\Fichiers communs\Apple
2008-02-10 18:18 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple
2008-02-10 11:03 --------- d-----w D:\Documents and Settings\All Users\Application Data\Corel
2008-02-10 11:02 --------- d-----w D:\Program Files\Fichiers communs\Corel
2008-02-10 11:02 --------- d-----w D:\Program Files\Corel
2008-02-09 03:32 --------- d-----w D:\Program Files\Teleport Pro
2008-02-09 02:00 --------- d-----w D:\Program Files\MSXML 6.0
2008-02-08 19:36 --------- d-----w D:\Program Files\WinHTTrack
2008-02-08 19:30 --------- d-----w D:\Program Files\MorpheusBar
2008-02-08 12:33 --------- d-----w D:\Program Files\ParallelGraphics
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]
2007-10-24 16:27 1918936 --a------ D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-8287-79A187E26987}"= "D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL" [2007-10-24 16:27 1918936]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
[HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-8287-79A187E26987}"= D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL [2007-10-24 16:27 1918936]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
[HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="D:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-11-06 16:03 5724184]
"ManyCam"="D:\Program Files\ManyCam 2.1\ManyCam.exe" [2007-08-20 12:44 1515520]
"LogitechSoftwareUpdate"="D:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 18:07 196608]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 20:10 1688872]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"WebcamMaxMoniter"="D:\Program Files\WebcamMax\wcmmon.exe" [2007-09-16 07:15 450048]
"vspdfprsrv.exe"="D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe" [2007-07-02 20:58 966656]
"TrayServer"="D:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe" [2007-07-17 14:58 90112]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SoundMAXPnP"="D:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 22:34 868352]
"SoundMAX"="D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 08:12 729088]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2008-02-10 19:59 385024]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 D:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"NeroFilterCheck"="D:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 15:21 2213160]
"LVCOMSX"="D:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 12:52 221184]
"LogitechVideoTray"="D:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 18:37 217088]
"LogitechVideoRepair"="D:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 18:47 458752]
"JMB36X IDE Setup"="D:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 15:36 36864]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 15:18 267048]
"Flashget"="D:\Program Files\FlashGet\FlashGet.exe" [2007-09-25 10:10 2007088]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"Autoconfigurateur WiFi Neuf"="D:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2007-02-14 13:06 181752]
"36X Raid Configurer"="D:\WINDOWS\system32\xRaidSetup.exe" [2007-03-21 17:23 1953792]
"HP Software Update"="D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 16:49 49152]
"Flash Media"="D:\WINDOWS\system32\%%%.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
"DWQueuedReporting"="D:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 17:38 39264]
"msnmsgr"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-11-06 16:03 5724184]
D:\Documents and Settings\clement\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
Raccourci (2) vers chatserv.lnk - C:\chatserv4\chatserv.exe [2007-12-30 12:36:29 1855526]
Raccourci (3) vers chatserv.lnk - C:\chatserv9\chatserv.exe [2007-12-30 12:36:39 1855526]
Raccourci vers chatserv.lnk - C:\chatserv6\chatserv.exe [2007-12-30 12:36:34 1855526]
Raccourci vers chatserv5.lnk - C:\chatserv_bleu\chatserv.exe [2008-02-20 14:49:16 1855526]
TribalWeb.lnk - D:\Program Files\TribalWeb\tribalweb.exe [2008-03-22 00:20:37 1077248]
D:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide du logiciel HP Image Zone.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 20:50:52 53248]
HP Digital Imaging Monitor.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 20:28:24 258048]
Outil de mise … jour Google.lnk - D:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-26 02:50:34 124400]
WinZip Quick Pick.lnk - D:\Program Files\WinZip\WZQKPICK.EXE [2007-06-06 12:10:02 394856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= lvcodec2.dll
"MSVideo"= vfwwdm32.dll
"MSVideo8"= VfWWDM32.dll
"vidc.tscc"= tsccvid.dll
"vidc.LEAD"= LCODCCMP.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\chatserv9\\chatserv.exe"=
"C:\\chatserv4\\chatserv.exe"=
"C:\\chatserv2\\chatserv.exe"=
"C:\\chat.scania\\chat.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\French\\setup.exe"=
"C:\\chatserv6\\chatserv.exe"=
"D:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"D:\\chat.scan\\chat.exe"=
"D:\\chat.scania\\chat.exe"=
"D:\\Program Files\\eChanblard\\emule.exe"=
"D:\\Program Files\\Morpheus\\Morpheus.exe"=
"D:\\Program Files\\Internet Explorer\\iexplore.exe"=
"D:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"D:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"D:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"D:\\Program Files\\innotek VirtualBox\\VirtualBox.exe"=
"C:\\chatserv_bleu\\chatserv.exe"=
"D:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"=
"D:\\chatserv\\chatserv.exe"=
"D:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"D:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"D:\\Program Files\\TribalWeb\\tribalweb.exe"=
"D:\\Program Files\\Yooda\\SeeUrankV3\\SeeUrank.exe"=
"D:\\Program Files\\JSAS\\http_root\\usr\\local\\Apache2\\bin\\Apache.exe"=
"D:\\Program Files\\JSAS\\http_root\\usr\\local\\mysql\\bin\\mysqld-opt.exe"=
"D:\\WINDOWS\\system32\\%%%.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7890:TCP"= 7890:TCP:e3
"7890:UDP"= 7890:UDP:e4
S1 aswSP;avast! Self Protection;D:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
S1 VBoxDrv;VirtualBox Service;D:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2008-02-20 21:17]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;D:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2008-02-20 21:17]
S2 aswFsBlk;aswFsBlk;D:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
S2 CamthWDM;WebcamMax, WDM Video Capture;D:\WINDOWS\system32\DRIVERS\CamthWDM.sys [2007-10-06 10:38]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 16:18]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;D:\WINDOWS\system32\DRIVERS\ManyCam.sys [2007-03-22 14:17]
S3 PCASp50;PCASp50 NDIS Protocol Driver;D:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 03:13]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;D:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-06-16 16:30]
S3 SjyPkt;SjyPkt;D:\WINDOWS\System32\Drivers\SjyPkt.sys [2006-03-31 05:39]
S3 VBoxTAP;VirtualBox TAP Adapter;D:\WINDOWS\system32\DRIVERS\VBoxTAP.sys [2007-09-03 18:19]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa35ab71-c10a-11dc-8d72-806d6172696f}]
\Shell\AutoRun\command - E:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5a2d3a6-c126-11dc-97b0-00146c722b84}]
\Shell\AutoRun\command - setupSNK.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-02 20:08:00 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- D:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-07 05:43:19 D:\WINDOWS\Tasks\User_Feed_Synchronization-{25E3F2BE-EC8D-4DBB-AF4F-599536C5B7CB}.job"
- D:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-07 14:37:34
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-04-07 14:38:02
ComboFix-quarantined-files.txt 2008-04-07 12:37:55
ComboFix2.txt 2008-04-07 12:34:08
ComboFix3.txt 2008-03-08 15:50:59
ComboFix4.txt 2008-03-08 09:38:01
ComboFix5.txt 2008-03-08 09:35:08
Pre-Run: 104,612,876,288 octets libres
Post-Run: 104,599,052,288 octets libres
.
2008-03-12 07:03:31 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:42:23, on 07/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PSIService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\WebcamMax\wcmmon.exe
D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\FlashGet\FlashGet.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Neuf\Kit\WiFi\9wifi.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\ManyCam 2.1\ManyCam.exe
D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\Program Files\Logitech\Video\FxSvr2.exe
D:\Program Files\WinZip\WZQKPICK.EXE
C:\chatserv4\chatserv.exe
C:\chatserv9\chatserv.exe
C:\chatserv6\chatserv.exe
D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\chatserv_bleu\chatserv.exe
D:\Program Files\TribalWeb\tribalweb.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Trend Micro\HijackThis\MonJack.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - D:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Traducteur - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - D:\Program Files\PRMT6\PRMTIE\prmtie.dll
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [WebcamMaxMoniter] "D:\Program Files\WebcamMax\wcmmon.exe" /a
O4 - HKLM\..\Run: [vspdfprsrv.exe] D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background
O4 - HKLM\..\Run: [TrayServer] D:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] D:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Flashget] D:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "D:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [36X Raid Configurer] D:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Flash Media] D:\WINDOWS\system32\%%%.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ManyCam] "D:\Program Files\ManyCam 2.1\ManyCam.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Raccourci (2) vers chatserv.lnk = C:\chatserv4\chatserv.exe
O4 - Startup: Raccourci (3) vers chatserv.lnk = C:\chatserv9\chatserv.exe
O4 - Startup: Raccourci vers chatserv.lnk = C:\chatserv6\chatserv.exe
O4 - Startup: Raccourci vers chatserv5.lnk = C:\chatserv_bleu\chatserv.exe
O4 - Startup: TribalWeb.lnk = D:\Program Files\TribalWeb\tribalweb.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - D:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Program Files\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Program Files\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Program Files\PRMT6\PRMTIE\options.htm
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Program Files\PRMT6\PRMTIE\options.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - https://resources.flexera.com/web/installengine/engine/isetupml.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - D:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
---------------- CORRECTION COMBOFIX ------------------
fais ceci :
• Copier le texte ci-dessous :
File::
d:\windows\system32\%%%.exe
Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Flash Media"=-
• Ouvrir le Bloc-Notes puis coller le texte copié. (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
• Sauvegarder ce fichier sous le nom de CFScript.txt.
• Glisser maintenant le fichier CFScript.txt dans Combofix.exe comme montré ici
• Cela va relancer Combofix,
• Une fenêtre bleue va apparaître: un message qui apparait ( Type 1 to continue, or 2 to abort)
• taper 1 puis valider.
• Patienter le temps du scan. Le bureau va disparaitre à plusieurs reprises: c'est normal!
• Ne toucher à rien tant que le scan n'est pas terminé.
• Après redémarrage, copier/coller le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de redémarrage, redémarrer et poster les rapports.
fais ceci :
• Copier le texte ci-dessous :
File::
d:\windows\system32\%%%.exe
Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Flash Media"=-
• Ouvrir le Bloc-Notes puis coller le texte copié. (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
• Sauvegarder ce fichier sous le nom de CFScript.txt.
• Glisser maintenant le fichier CFScript.txt dans Combofix.exe comme montré ici
• Cela va relancer Combofix,
• Une fenêtre bleue va apparaître: un message qui apparait ( Type 1 to continue, or 2 to abort)
• taper 1 puis valider.
• Patienter le temps du scan. Le bureau va disparaitre à plusieurs reprises: c'est normal!
• Ne toucher à rien tant que le scan n'est pas terminé.
• Après redémarrage, copier/coller le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de redémarrage, redémarrer et poster les rapports.
re
voici les rapports
ComboFix 08-04-06.1 - clement 2008-04-07 15:12:28.9 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.2385 [GMT 2:00]
Endroit: D:\Documents and Settings\clement\Bureau\COMBO-FIX.EXE
Command switches used :: D:\Documents and Settings\clement\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
d:\windows\system32\%%%.exe
.
TimedOut: progfile.dat
((((((((((((((((((((((((((((( Fichiers créés 2008-03-07 to 2008-04-07 ))))))))))))))))))))))))))))))))))))
.
2008-04-07 14:27 . 2008-04-07 14:28 <REP> d-------- D:\ComboFix
2008-04-07 12:31 . 2008-04-07 12:31 9,296 --a------ D:\WINDOWS\system32\bzjccg.exe
2008-04-07 12:31 . 2008-04-07 12:31 244 --ah----- D:\sqmnoopt01.sqm
2008-04-07 12:31 . 2008-04-07 12:31 232 --ah----- D:\sqmdata01.sqm
2008-04-07 08:20 . 2008-04-07 08:20 <REP> d-------- D:\Program Files\Malwarebytes' Anti-Malware
2008-04-07 08:20 . 2008-04-07 08:20 <REP> d-------- D:\Documents and Settings\clement\Application Data\Malwarebytes
2008-04-07 08:20 . 2008-04-07 08:20 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-07 07:52 . 2008-04-07 07:52 <REP> d-------- D:\WINDOWS\ERUNT
2008-04-07 07:46 . 2008-04-07 08:08 <REP> d-------- D:\SDFix
2008-04-07 07:29 . 2008-04-07 07:29 9,296 --a------ D:\WINDOWS\system32\yfhuwc.exe
2008-04-07 07:29 . 2008-04-07 07:29 244 --ah----- D:\sqmnoopt00.sqm
2008-04-07 07:29 . 2008-04-07 07:29 232 --ah----- D:\sqmdata00.sqm
2008-04-07 05:10 . 2008-04-07 05:10 9,296 --a------ D:\WINDOWS\system32\ipwftr.exe
2008-04-07 05:08 . 2008-04-07 05:12 <REP> d-------- D:\MSNFix
2008-04-07 05:08 . 2008-04-07 05:07 447,902 --a------ D:\MSNFix.zip
2008-04-06 16:55 . 2008-04-06 16:55 <REP> d-------- D:\Program Files\Live-Prod
2008-04-05 13:04 . 2008-04-05 13:15 <REP> d-------- D:\Program Files\Abacre Photo Downloader
2008-04-05 10:09 . 2008-04-05 10:09 <REP> d-------- D:\WINDOWS\JSAS
2008-04-05 10:09 . 2008-04-05 10:09 <REP> d-------- D:\Program Files\JSAS
2008-04-04 23:05 . 2008-03-29 19:31 75,856 --a------ D:\WINDOWS\system32\drivers\aswSP.sys
2008-04-04 23:05 . 2008-03-29 19:35 20,560 --a------ D:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-26 18:56 . 2008-03-26 18:56 <REP> d-------- D:\Program Files\Synapse Développement
2008-03-26 18:56 . 2008-03-26 18:56 24,276 --a------ D:\WINDOWS\system\axd99cab.dll
2008-03-26 18:07 . 2008-03-26 18:07 23 --a------ D:\WINDOWS\system32\dp48x.hlx
2008-03-26 17:56 . 2008-03-26 17:56 <REP> d-------- D:\Program Files\Yooda
2008-03-26 17:35 . 2008-03-26 17:59 <REP> d-------- D:\Program Files\TRELLIAN
2008-03-26 05:49 . 2008-03-26 05:58 <REP> d-------- D:\Program Files\Ref Hotkey
2008-03-26 02:50 . 2008-04-06 14:50 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-26 00:31 . 2008-03-26 00:31 <REP> d-------- D:\Program Files\IVCsoft
2008-03-26 00:13 . 2008-03-26 00:13 <REP> d-------- D:\Program Files\BulletProofSoft.com
2008-03-22 00:20 . 2008-03-22 00:20 <REP> d-------- D:\Program Files\TribalWeb
2008-03-22 00:20 . 2008-04-06 17:13 <REP> d-------- D:\Documents and Settings\clement\Application Data\TribalWeb
2008-03-20 02:51 . 2008-03-20 03:16 <REP> d-------- D:\Program Files\SecondLife
2008-03-20 02:51 . 2008-03-20 02:58 <REP> d-------- D:\Documents and Settings\clement\Application Data\SecondLife
2008-03-16 21:13 . 2008-04-02 09:01 <REP> d-------- D:\Program Files\RamBoost XP
2008-03-15 17:39 . 2008-03-15 17:39 <REP> d-------- D:\Program Files\Apache Software Foundation
2008-03-15 02:26 . 2008-03-15 02:26 0 --a------ D:\WINDOWS\nsreg.dat
2008-03-15 01:18 . 2008-03-29 19:43 <REP> d-------- D:\Program Files\FileZilla FTP Client
2008-03-15 01:12 . 2008-03-15 01:15 <REP> d-------- D:\Documents and Settings\clement\Application Data\Sites
2008-03-15 01:12 . 2008-03-15 01:12 <REP> d-------- D:\Documents and Settings\clement\Application Data\Dynamique
2008-03-15 01:12 . 2008-03-15 01:12 <REP> d-------- D:\Documents and Settings\clement\Application Data\Classes de site
2008-03-15 01:11 . 2008-03-15 01:11 <REP> d-------- D:\Program Files\vmntoolbar
2008-03-15 01:11 . 2008-03-15 01:11 <REP> d-------- D:\Program Files\Visicom Media
2008-03-15 01:11 . 2008-04-07 13:53 <REP> d-------- D:\Documents and Settings\clement\Application Data\vmntoolbar
2008-03-14 14:55 . 2008-03-14 14:55 <REP> d-------- D:\Program Files\Vista Buttons Trial
2008-03-14 00:28 . 2008-03-14 00:28 <REP> d-------- D:\Program Files\PRMT6
2008-03-14 00:28 . 2008-03-14 00:28 <REP> d-------- D:\Program Files\Fichiers communs\PROject MT
2008-03-14 00:28 . 2008-03-14 00:28 <REP> d-------- D:\Documents and Settings\clement\Application Data\PROject MT
2008-03-14 00:28 . 2008-03-14 00:28 <REP> d-------- D:\Documents and Settings\All Users\Application Data\PROject MT
2008-03-13 23:57 . 2008-03-13 23:57 <REP> d-------- D:\Program Files\ThiWeb Live 2
2008-03-13 23:44 . 2008-03-13 23:44 <REP> d-------- D:\Program Files\Antadis
2008-03-13 15:36 . 2008-03-13 15:36 <REP> d-------- D:\Program Files\Pierre Le Muzic - Editeur Fichier CSS
2008-03-13 09:51 . 2008-03-13 09:51 <REP> d-------- D:\Program Files\directx
2008-03-13 09:46 . 2008-03-13 09:46 <REP> d-------- D:\Program Files\Micro Application
2008-03-13 09:46 . 2008-03-13 09:46 40 --a------ D:\WINDOWS\NAVIGMA.INI
2008-03-11 09:54 . 2008-03-11 10:08 <REP> d-------- D:\Documents and Settings\All Users\Application Data\WinZip
2008-03-09 19:26 . 2008-03-09 19:26 <REP> d-------- D:\Program Files\innotek VirtualBox
2008-03-09 16:43 . 2008-03-09 16:50 <REP> d-------- D:\Program Files\MSN Spy 2004
2008-03-09 07:31 . 2008-04-07 15:08 54,156 --ah----- D:\WINDOWS\QTFont.qfn
2008-03-09 07:31 . 2008-03-09 07:31 1,409 --a------ D:\WINDOWS\QTFont.for
2008-03-08 17:58 . 2008-03-08 17:58 <REP> d-------- D:\_OTMoveIt
2008-03-08 07:18 . 2008-03-09 07:45 <REP> d-------- D:\WINDOWS\BDOSCAN8
2008-03-07 17:12 . 2008-03-09 19:03 <REP> d-------- D:\Program Files\Navilog1
2008-03-07 16:13 . 2008-03-07 16:13 <REP> d-------- D:\Program Files\Trend Micro
2008-03-07 15:40 . 2008-03-07 16:04 <REP> d-------- D:\Program Files\Lopxp
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-07 13:08 --------- d-----w D:\Program Files\ManyCam 2.1
2008-04-07 13:00 --------- d-----w D:\Program Files\FlashGet
2008-04-06 23:03 --------- d-----w D:\Program Files\DynDNS Updater
2008-04-06 14:26 --------- d-----w D:\Program Files\AxBx
2008-04-06 13:18 --------- d-----w D:\Documents and Settings\clement\Application Data\FileZilla
2008-03-29 17:45 1,146,232 ----a-w D:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w D:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w D:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w D:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w D:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w D:\WINDOWS\system32\AvastSS.scr
2008-03-29 04:38 --------- d-----w D:\Documents and Settings\clement\Application Data\teamspeak2
2008-03-28 17:23 --------- d-----w D:\Program Files\eChanblard
2008-03-26 16:56 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-03-26 10:47 --------- d-----w D:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-26 00:51 --------- d-----w D:\Program Files\Google
2008-03-23 20:26 --------- d-----w D:\Program Files\Messenger Plus! Live
2008-03-23 18:39 1,122,304 ---h--w D:\WINDOWS\system32\wodfamop.dll
2008-03-13 19:47 --------- d-----w D:\Program Files\Java
2008-03-07 08:16 --------- d-----w D:\Program Files\SUPERAntiSpyware
2008-03-07 08:16 --------- d-----w D:\Documents and Settings\clement\Application Data\SUPERAntiSpyware.com
2008-03-06 10:31 --------- d-----w D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-05 13:29 --------- d-----w D:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-05 13:21 --------- d-----w D:\Program Files\Opera
2008-03-04 09:24 --------- d-----w D:\Documents and Settings\All Users\Application Data\HP
2008-03-04 09:23 --------- d-----w D:\Program Files\Fichiers communs\HP
2008-03-04 09:22 --------- d-----w D:\Program Files\HP
2008-03-04 09:22 --------- d-----w D:\Program Files\Hewlett-Packard
2008-03-04 09:21 --------- d-----w D:\Program Files\Fichiers communs\Hewlett-Packard
2008-03-04 03:22 --------- d-----w D:\Program Files\ISO Commander
2008-03-02 01:29 --------- d-----w D:\Program Files\Fichiers communs\Macromedia
2008-03-02 01:28 --------- d-----w D:\Program Files\Macromedia
2008-03-01 10:48 --------- d-----w D:\Documents and Settings\invite\Application Data\Webcammax
2008-03-01 10:48 --------- d-----w D:\Documents and Settings\invite\Application Data\Nero
2008-03-01 10:48 --------- d-----w D:\Documents and Settings\invite\Application Data\Grisoft
2008-03-01 08:58 --------- d-----w D:\Documents and Settings\Administrateur\Application Data\Grisoft
2008-02-27 22:14 --------- d-----w D:\Documents and Settings\clement\Application Data\dvdcss
2008-02-27 16:17 --------- d-----w D:\Program Files\ABC Amber XML Converter
2008-02-26 03:26 --------- d-----w D:\Program Files\CCleaner
2008-02-26 03:22 --------- d-----w D:\Program Files\Morpheus
2008-02-25 22:51 --------- d-----w D:\Program Files\Paltalk Messenger
2008-02-25 22:51 --------- d-----w D:\Documents and Settings\clement\Application Data\Paltalk
2008-02-25 17:09 --------- d-----w D:\Documents and Settings\clement\Application Data\LimeWire
2008-02-25 03:08 --------- d-----w D:\Documents and Settings\clement\Application Data\blaxxun interactive
2008-02-25 03:03 --------- d-----w D:\Program Files\AskPBar
2008-02-24 00:07 --------- d-----w D:\Program Files\WebcamMax
2008-02-23 15:11 --------- d-----w D:\Documents and Settings\clement\Application Data\OtakuSoftware
2008-02-22 21:46 --------- d-----w D:\Program Files\Fichiers communs\DVDVideoSoft
2008-02-22 21:46 --------- d-----w D:\Program Files\DVDVideoSoft
2008-02-22 21:45 --------- d-----w D:\Program Files\OneStopSoft.com
2008-02-22 21:34 --------- d-----w D:\Program Files\MAGIX
2008-02-22 21:34 --------- d-----w D:\Documents and Settings\clement\Application Data\MAGIX
2008-02-22 21:33 --------- d-----w D:\Program Files\Fichiers communs\MAGIX Shared
2008-02-22 21:33 --------- d-----w D:\Documents and Settings\All Users\Application Data\MAGIX
2008-02-20 19:17 40,928 ----a-w D:\WINDOWS\system32\drivers\VBoxDrv.sys
2008-02-20 19:17 27,776 ----a-w D:\WINDOWS\system32\drivers\VBoxUSBMon.sys
2008-02-20 08:18 --------- d-----w D:\Program Files\CommentCaMarche
2008-02-14 22:03 --------- d-----w D:\Documents and Settings\clement\Application Data\eXPert PDF Editor
2008-02-14 21:52 --------- d-----w D:\Documents and Settings\All Users\Application Data\eXPert PDF 5
2008-02-14 21:48 --------- d-----w D:\Program Files\Fichiers communs\Nero
2008-02-14 21:48 --------- d-----w D:\Documents and Settings\clement\Application Data\Nero
2008-02-14 21:47 --------- d-----w D:\Program Files\Nero
2008-02-14 21:47 --------- d-----w D:\Documents and Settings\All Users\Application Data\Nero
2008-02-14 21:40 --------- d-----w D:\Program Files\Visagesoft
2008-02-14 21:40 --------- d-----w D:\Documents and Settings\All Users\Application Data\eXPert PDF Jobs
2008-02-14 21:40 --------- d-----w D:\Documents and Settings\All Users\Application Data\eXPert PDF
2008-02-14 21:37 --------- d-----w D:\Program Files\MOVAVI
2008-02-14 21:37 --------- d-----w D:\Program Files\ConvertMovie 5.0
2008-02-14 00:49 --------- d-----w D:\Documents and Settings\clement\Application Data\Dev-Cpp
2008-02-13 17:34 --------- d-----w D:\Program Files\PhotoFiltre
2008-02-13 13:36 13 ---h--w D:\Documents and Settings\All Users\Application Data\1ÌØ13.sys
2008-02-13 13:36 --------- d-----w D:\Program Files\CoffeeCup Software
2008-02-13 12:38 --------- d-----w D:\Program Files\Microsoft Visual Studio .NET
2008-02-13 12:38 --------- d-----w D:\Program Files\Gdot
2008-02-13 12:38 --------- d-----w D:\Program Files\Fichiers communs\Crystal Decisions
2008-02-13 07:42 --------- d-----w D:\Program Files\Alwil Software
2008-02-12 22:56 --------- d-----w D:\Program Files\PDFCreator
2008-02-12 19:20 --------- d-----w D:\Program Files\PDFapps Convert PDF to HTML 2.0
2008-02-12 13:19 --------- d-----w D:\Documents and Settings\clement\Application Data\Nvu
2008-02-11 20:52 --------- d-----w D:\Program Files\LimeWire
2008-02-11 02:00 --------- d-----w D:\Program Files\MSXML 4.0
2008-02-10 22:19 3,452 --sha-w D:\WINDOWS\system32\KGyGaAvL.sys
2008-02-10 22:18 --------- d-----w D:\Documents and Settings\clement\Application Data\Corel
2008-02-10 18:21 --------- d-----w D:\Program Files\iTunes
2008-02-10 18:21 --------- d-----w D:\Program Files\iPod
2008-02-10 18:21 --------- d-----w D:\Program Files\Bonjour
2008-02-10 18:21 --------- d-----w D:\Documents and Settings\clement\Application Data\Apple Computer
2008-02-10 18:21 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-10 18:20 --------- d-----w D:\Program Files\QuickTime
2008-02-10 18:19 --------- d-----w D:\Program Files\Apple Software Update
2008-02-10 18:18 --------- d-----w D:\Program Files\Fichiers communs\Apple
2008-02-10 18:18 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple
2008-02-10 11:03 --------- d-----w D:\Documents and Settings\All Users\Application Data\Corel
2008-02-10 11:02 --------- d-----w D:\Program Files\Fichiers communs\Corel
2008-02-10 11:02 --------- d-----w D:\Program Files\Corel
2008-02-09 03:32 --------- d-----w D:\Program Files\Teleport Pro
2008-02-09 02:00 --------- d-----w D:\Program Files\MSXML 6.0
2008-02-08 19:36 --------- d-----w D:\Program Files\WinHTTrack
2008-02-08 19:30 --------- d-----w D:\Program Files\MorpheusBar
2008-02-08 12:33 --------- d-----w D:\Program Files\ParallelGraphics
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]
2007-10-24 16:27 1918936 --a------ D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-8287-79A187E26987}"= "D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL" [2007-10-24 16:27 1918936]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
[HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-8287-79A187E26987}"= D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL [2007-10-24 16:27 1918936]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
[HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="D:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-11-06 16:03 5724184]
"ManyCam"="D:\Program Files\ManyCam 2.1\ManyCam.exe" [2007-08-20 12:44 1515520]
"LogitechSoftwareUpdate"="D:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 18:07 196608]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 20:10 1688872]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"WebcamMaxMoniter"="D:\Program Files\WebcamMax\wcmmon.exe" [2007-09-16 07:15 450048]
"vspdfprsrv.exe"="D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe" [2007-07-02 20:58 966656]
"TrayServer"="D:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe" [2007-07-17 14:58 90112]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SoundMAXPnP"="D:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 22:34 868352]
"SoundMAX"="D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 08:12 729088]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2008-02-10 19:59 385024]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 D:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"NeroFilterCheck"="D:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 15:21 2213160]
"LVCOMSX"="D:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 12:52 221184]
"LogitechVideoTray"="D:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 18:37 217088]
"LogitechVideoRepair"="D:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 18:47 458752]
"JMB36X IDE Setup"="D:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 15:36 36864]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 15:18 267048]
"Flashget"="D:\Program Files\FlashGet\FlashGet.exe" [2007-09-25 10:10 2007088]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"Autoconfigurateur WiFi Neuf"="D:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2007-02-14 13:06 181752]
"36X Raid Configurer"="D:\WINDOWS\system32\xRaidSetup.exe" [2007-03-21 17:23 1953792]
"HP Software Update"="D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 16:49 49152]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
"DWQueuedReporting"="D:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 17:38 39264]
"msnmsgr"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-11-06 16:03 5724184]
D:\Documents and Settings\clement\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
Raccourci (2) vers chatserv.lnk - C:\chatserv4\chatserv.exe [2007-12-30 12:36:29 1855526]
Raccourci (3) vers chatserv.lnk - C:\chatserv9\chatserv.exe [2007-12-30 12:36:39 1855526]
Raccourci vers chatserv.lnk - C:\chatserv6\chatserv.exe [2007-12-30 12:36:34 1855526]
Raccourci vers chatserv5.lnk - C:\chatserv_bleu\chatserv.exe [2008-02-20 14:49:16 1855526]
TribalWeb.lnk - D:\Program Files\TribalWeb\tribalweb.exe [2008-03-22 00:20:37 1077248]
D:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide du logiciel HP Image Zone.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 20:50:52 53248]
HP Digital Imaging Monitor.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 20:28:24 258048]
Outil de mise … jour Google.lnk - D:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-26 02:50:34 124400]
WinZip Quick Pick.lnk - D:\Program Files\WinZip\WZQKPICK.EXE [2007-06-06 12:10:02 394856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= lvcodec2.dll
"MSVideo"= vfwwdm32.dll
"MSVideo8"= VfWWDM32.dll
"vidc.tscc"= tsccvid.dll
"vidc.LEAD"= LCODCCMP.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\chatserv9\\chatserv.exe"=
"C:\\chatserv4\\chatserv.exe"=
"C:\\chatserv2\\chatserv.exe"=
"C:\\chat.scania\\chat.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\French\\setup.exe"=
"C:\\chatserv6\\chatserv.exe"=
"D:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"D:\\chat.scan\\chat.exe"=
"D:\\chat.scania\\chat.exe"=
"D:\\Program Files\\eChanblard\\emule.exe"=
"D:\\Program Files\\Morpheus\\Morpheus.exe"=
"D:\\Program Files\\Internet Explorer\\iexplore.exe"=
"D:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"D:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"D:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"D:\\Program Files\\innotek VirtualBox\\VirtualBox.exe"=
"C:\\chatserv_bleu\\chatserv.exe"=
"D:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"=
"D:\\chatserv\\chatserv.exe"=
"D:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"D:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"D:\\Program Files\\TribalWeb\\tribalweb.exe"=
"D:\\Program Files\\Yooda\\SeeUrankV3\\SeeUrank.exe"=
"D:\\Program Files\\JSAS\\http_root\\usr\\local\\Apache2\\bin\\Apache.exe"=
"D:\\Program Files\\JSAS\\http_root\\usr\\local\\mysql\\bin\\mysqld-opt.exe"=
"D:\\WINDOWS\\system32\\%%%.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7890:TCP"= 7890:TCP:e3
"7890:UDP"= 7890:UDP:e4
R1 aswSP;avast! Self Protection;D:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 VBoxDrv;VirtualBox Service;D:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2008-02-20 21:17]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;D:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2008-02-20 21:17]
R2 aswFsBlk;aswFsBlk;D:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 CamthWDM;WebcamMax, WDM Video Capture;D:\WINDOWS\system32\DRIVERS\CamthWDM.sys [2007-10-06 10:38]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;D:\WINDOWS\system32\DRIVERS\ManyCam.sys [2007-03-22 14:17]
R3 PCASp50;PCASp50 NDIS Protocol Driver;D:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 03:13]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;D:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-06-16 16:30]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 16:18]
S3 SjyPkt;SjyPkt;D:\WINDOWS\System32\Drivers\SjyPkt.sys [2006-03-31 05:39]
S3 VBoxTAP;VirtualBox TAP Adapter;D:\WINDOWS\system32\DRIVERS\VBoxTAP.sys [2007-09-03 18:19]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa35ab71-c10a-11dc-8d72-806d6172696f}]
\Shell\AutoRun\command - E:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5a2d3a6-c126-11dc-97b0-00146c722b84}]
\Shell\AutoRun\command - setupSNK.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-02 20:08:00 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- D:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-07 05:43:19 D:\WINDOWS\Tasks\User_Feed_Synchronization-{25E3F2BE-EC8D-4DBB-AF4F-599536C5B7CB}.job"
- D:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-07 15:15:14
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-04-07 15:17:28
ComboFix-quarantined-files.txt 2008-04-07 13:17:26
ComboFix2.txt 2008-04-07 12:38:03
ComboFix3.txt 2008-04-07 12:34:08
ComboFix4.txt 2008-03-08 15:50:59
ComboFix5.txt 2008-03-08 09:38:01
Pre-Run: 104,544,759,808 octets libres
Post-Run: 104,530,518,016 octets libres
.
2008-03-12 07:03:31 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:24:05, on 07/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PSIService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\WebcamMax\wcmmon.exe
D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\FlashGet\FlashGet.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Neuf\Kit\WiFi\9wifi.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\ManyCam 2.1\ManyCam.exe
D:\Program Files\Logitech\Video\FxSvr2.exe
D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\Program Files\WinZip\WZQKPICK.EXE
D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\chatserv4\chatserv.exe
C:\chatserv9\chatserv.exe
C:\chatserv6\chatserv.exe
C:\chatserv_bleu\chatserv.exe
D:\Program Files\TribalWeb\tribalweb.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\MonJack.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - D:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Traducteur - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - D:\Program Files\PRMT6\PRMTIE\prmtie.dll
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [WebcamMaxMoniter] "D:\Program Files\WebcamMax\wcmmon.exe" /a
O4 - HKLM\..\Run: [vspdfprsrv.exe] D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background
O4 - HKLM\..\Run: [TrayServer] D:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] D:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Flashget] D:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "D:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [36X Raid Configurer] D:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ManyCam] "D:\Program Files\ManyCam 2.1\ManyCam.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Raccourci (2) vers chatserv.lnk = C:\chatserv4\chatserv.exe
O4 - Startup: Raccourci (3) vers chatserv.lnk = C:\chatserv9\chatserv.exe
O4 - Startup: Raccourci vers chatserv.lnk = C:\chatserv6\chatserv.exe
O4 - Startup: Raccourci vers chatserv5.lnk = C:\chatserv_bleu\chatserv.exe
O4 - Startup: TribalWeb.lnk = D:\Program Files\TribalWeb\tribalweb.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - D:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Program Files\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Program Files\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Program Files\PRMT6\PRMTIE\options.htm
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Program Files\PRMT6\PRMTIE\options.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - https://resources.flexera.com/web/installengine/engine/isetupml.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - D:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
voici les rapports
ComboFix 08-04-06.1 - clement 2008-04-07 15:12:28.9 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.2385 [GMT 2:00]
Endroit: D:\Documents and Settings\clement\Bureau\COMBO-FIX.EXE
Command switches used :: D:\Documents and Settings\clement\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
d:\windows\system32\%%%.exe
.
TimedOut: progfile.dat
((((((((((((((((((((((((((((( Fichiers créés 2008-03-07 to 2008-04-07 ))))))))))))))))))))))))))))))))))))
.
2008-04-07 14:27 . 2008-04-07 14:28 <REP> d-------- D:\ComboFix
2008-04-07 12:31 . 2008-04-07 12:31 9,296 --a------ D:\WINDOWS\system32\bzjccg.exe
2008-04-07 12:31 . 2008-04-07 12:31 244 --ah----- D:\sqmnoopt01.sqm
2008-04-07 12:31 . 2008-04-07 12:31 232 --ah----- D:\sqmdata01.sqm
2008-04-07 08:20 . 2008-04-07 08:20 <REP> d-------- D:\Program Files\Malwarebytes' Anti-Malware
2008-04-07 08:20 . 2008-04-07 08:20 <REP> d-------- D:\Documents and Settings\clement\Application Data\Malwarebytes
2008-04-07 08:20 . 2008-04-07 08:20 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-07 07:52 . 2008-04-07 07:52 <REP> d-------- D:\WINDOWS\ERUNT
2008-04-07 07:46 . 2008-04-07 08:08 <REP> d-------- D:\SDFix
2008-04-07 07:29 . 2008-04-07 07:29 9,296 --a------ D:\WINDOWS\system32\yfhuwc.exe
2008-04-07 07:29 . 2008-04-07 07:29 244 --ah----- D:\sqmnoopt00.sqm
2008-04-07 07:29 . 2008-04-07 07:29 232 --ah----- D:\sqmdata00.sqm
2008-04-07 05:10 . 2008-04-07 05:10 9,296 --a------ D:\WINDOWS\system32\ipwftr.exe
2008-04-07 05:08 . 2008-04-07 05:12 <REP> d-------- D:\MSNFix
2008-04-07 05:08 . 2008-04-07 05:07 447,902 --a------ D:\MSNFix.zip
2008-04-06 16:55 . 2008-04-06 16:55 <REP> d-------- D:\Program Files\Live-Prod
2008-04-05 13:04 . 2008-04-05 13:15 <REP> d-------- D:\Program Files\Abacre Photo Downloader
2008-04-05 10:09 . 2008-04-05 10:09 <REP> d-------- D:\WINDOWS\JSAS
2008-04-05 10:09 . 2008-04-05 10:09 <REP> d-------- D:\Program Files\JSAS
2008-04-04 23:05 . 2008-03-29 19:31 75,856 --a------ D:\WINDOWS\system32\drivers\aswSP.sys
2008-04-04 23:05 . 2008-03-29 19:35 20,560 --a------ D:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-26 18:56 . 2008-03-26 18:56 <REP> d-------- D:\Program Files\Synapse Développement
2008-03-26 18:56 . 2008-03-26 18:56 24,276 --a------ D:\WINDOWS\system\axd99cab.dll
2008-03-26 18:07 . 2008-03-26 18:07 23 --a------ D:\WINDOWS\system32\dp48x.hlx
2008-03-26 17:56 . 2008-03-26 17:56 <REP> d-------- D:\Program Files\Yooda
2008-03-26 17:35 . 2008-03-26 17:59 <REP> d-------- D:\Program Files\TRELLIAN
2008-03-26 05:49 . 2008-03-26 05:58 <REP> d-------- D:\Program Files\Ref Hotkey
2008-03-26 02:50 . 2008-04-06 14:50 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-26 00:31 . 2008-03-26 00:31 <REP> d-------- D:\Program Files\IVCsoft
2008-03-26 00:13 . 2008-03-26 00:13 <REP> d-------- D:\Program Files\BulletProofSoft.com
2008-03-22 00:20 . 2008-03-22 00:20 <REP> d-------- D:\Program Files\TribalWeb
2008-03-22 00:20 . 2008-04-06 17:13 <REP> d-------- D:\Documents and Settings\clement\Application Data\TribalWeb
2008-03-20 02:51 . 2008-03-20 03:16 <REP> d-------- D:\Program Files\SecondLife
2008-03-20 02:51 . 2008-03-20 02:58 <REP> d-------- D:\Documents and Settings\clement\Application Data\SecondLife
2008-03-16 21:13 . 2008-04-02 09:01 <REP> d-------- D:\Program Files\RamBoost XP
2008-03-15 17:39 . 2008-03-15 17:39 <REP> d-------- D:\Program Files\Apache Software Foundation
2008-03-15 02:26 . 2008-03-15 02:26 0 --a------ D:\WINDOWS\nsreg.dat
2008-03-15 01:18 . 2008-03-29 19:43 <REP> d-------- D:\Program Files\FileZilla FTP Client
2008-03-15 01:12 . 2008-03-15 01:15 <REP> d-------- D:\Documents and Settings\clement\Application Data\Sites
2008-03-15 01:12 . 2008-03-15 01:12 <REP> d-------- D:\Documents and Settings\clement\Application Data\Dynamique
2008-03-15 01:12 . 2008-03-15 01:12 <REP> d-------- D:\Documents and Settings\clement\Application Data\Classes de site
2008-03-15 01:11 . 2008-03-15 01:11 <REP> d-------- D:\Program Files\vmntoolbar
2008-03-15 01:11 . 2008-03-15 01:11 <REP> d-------- D:\Program Files\Visicom Media
2008-03-15 01:11 . 2008-04-07 13:53 <REP> d-------- D:\Documents and Settings\clement\Application Data\vmntoolbar
2008-03-14 14:55 . 2008-03-14 14:55 <REP> d-------- D:\Program Files\Vista Buttons Trial
2008-03-14 00:28 . 2008-03-14 00:28 <REP> d-------- D:\Program Files\PRMT6
2008-03-14 00:28 . 2008-03-14 00:28 <REP> d-------- D:\Program Files\Fichiers communs\PROject MT
2008-03-14 00:28 . 2008-03-14 00:28 <REP> d-------- D:\Documents and Settings\clement\Application Data\PROject MT
2008-03-14 00:28 . 2008-03-14 00:28 <REP> d-------- D:\Documents and Settings\All Users\Application Data\PROject MT
2008-03-13 23:57 . 2008-03-13 23:57 <REP> d-------- D:\Program Files\ThiWeb Live 2
2008-03-13 23:44 . 2008-03-13 23:44 <REP> d-------- D:\Program Files\Antadis
2008-03-13 15:36 . 2008-03-13 15:36 <REP> d-------- D:\Program Files\Pierre Le Muzic - Editeur Fichier CSS
2008-03-13 09:51 . 2008-03-13 09:51 <REP> d-------- D:\Program Files\directx
2008-03-13 09:46 . 2008-03-13 09:46 <REP> d-------- D:\Program Files\Micro Application
2008-03-13 09:46 . 2008-03-13 09:46 40 --a------ D:\WINDOWS\NAVIGMA.INI
2008-03-11 09:54 . 2008-03-11 10:08 <REP> d-------- D:\Documents and Settings\All Users\Application Data\WinZip
2008-03-09 19:26 . 2008-03-09 19:26 <REP> d-------- D:\Program Files\innotek VirtualBox
2008-03-09 16:43 . 2008-03-09 16:50 <REP> d-------- D:\Program Files\MSN Spy 2004
2008-03-09 07:31 . 2008-04-07 15:08 54,156 --ah----- D:\WINDOWS\QTFont.qfn
2008-03-09 07:31 . 2008-03-09 07:31 1,409 --a------ D:\WINDOWS\QTFont.for
2008-03-08 17:58 . 2008-03-08 17:58 <REP> d-------- D:\_OTMoveIt
2008-03-08 07:18 . 2008-03-09 07:45 <REP> d-------- D:\WINDOWS\BDOSCAN8
2008-03-07 17:12 . 2008-03-09 19:03 <REP> d-------- D:\Program Files\Navilog1
2008-03-07 16:13 . 2008-03-07 16:13 <REP> d-------- D:\Program Files\Trend Micro
2008-03-07 15:40 . 2008-03-07 16:04 <REP> d-------- D:\Program Files\Lopxp
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-07 13:08 --------- d-----w D:\Program Files\ManyCam 2.1
2008-04-07 13:00 --------- d-----w D:\Program Files\FlashGet
2008-04-06 23:03 --------- d-----w D:\Program Files\DynDNS Updater
2008-04-06 14:26 --------- d-----w D:\Program Files\AxBx
2008-04-06 13:18 --------- d-----w D:\Documents and Settings\clement\Application Data\FileZilla
2008-03-29 17:45 1,146,232 ----a-w D:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w D:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w D:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w D:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w D:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w D:\WINDOWS\system32\AvastSS.scr
2008-03-29 04:38 --------- d-----w D:\Documents and Settings\clement\Application Data\teamspeak2
2008-03-28 17:23 --------- d-----w D:\Program Files\eChanblard
2008-03-26 16:56 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-03-26 10:47 --------- d-----w D:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-26 00:51 --------- d-----w D:\Program Files\Google
2008-03-23 20:26 --------- d-----w D:\Program Files\Messenger Plus! Live
2008-03-23 18:39 1,122,304 ---h--w D:\WINDOWS\system32\wodfamop.dll
2008-03-13 19:47 --------- d-----w D:\Program Files\Java
2008-03-07 08:16 --------- d-----w D:\Program Files\SUPERAntiSpyware
2008-03-07 08:16 --------- d-----w D:\Documents and Settings\clement\Application Data\SUPERAntiSpyware.com
2008-03-06 10:31 --------- d-----w D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-05 13:29 --------- d-----w D:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-05 13:21 --------- d-----w D:\Program Files\Opera
2008-03-04 09:24 --------- d-----w D:\Documents and Settings\All Users\Application Data\HP
2008-03-04 09:23 --------- d-----w D:\Program Files\Fichiers communs\HP
2008-03-04 09:22 --------- d-----w D:\Program Files\HP
2008-03-04 09:22 --------- d-----w D:\Program Files\Hewlett-Packard
2008-03-04 09:21 --------- d-----w D:\Program Files\Fichiers communs\Hewlett-Packard
2008-03-04 03:22 --------- d-----w D:\Program Files\ISO Commander
2008-03-02 01:29 --------- d-----w D:\Program Files\Fichiers communs\Macromedia
2008-03-02 01:28 --------- d-----w D:\Program Files\Macromedia
2008-03-01 10:48 --------- d-----w D:\Documents and Settings\invite\Application Data\Webcammax
2008-03-01 10:48 --------- d-----w D:\Documents and Settings\invite\Application Data\Nero
2008-03-01 10:48 --------- d-----w D:\Documents and Settings\invite\Application Data\Grisoft
2008-03-01 08:58 --------- d-----w D:\Documents and Settings\Administrateur\Application Data\Grisoft
2008-02-27 22:14 --------- d-----w D:\Documents and Settings\clement\Application Data\dvdcss
2008-02-27 16:17 --------- d-----w D:\Program Files\ABC Amber XML Converter
2008-02-26 03:26 --------- d-----w D:\Program Files\CCleaner
2008-02-26 03:22 --------- d-----w D:\Program Files\Morpheus
2008-02-25 22:51 --------- d-----w D:\Program Files\Paltalk Messenger
2008-02-25 22:51 --------- d-----w D:\Documents and Settings\clement\Application Data\Paltalk
2008-02-25 17:09 --------- d-----w D:\Documents and Settings\clement\Application Data\LimeWire
2008-02-25 03:08 --------- d-----w D:\Documents and Settings\clement\Application Data\blaxxun interactive
2008-02-25 03:03 --------- d-----w D:\Program Files\AskPBar
2008-02-24 00:07 --------- d-----w D:\Program Files\WebcamMax
2008-02-23 15:11 --------- d-----w D:\Documents and Settings\clement\Application Data\OtakuSoftware
2008-02-22 21:46 --------- d-----w D:\Program Files\Fichiers communs\DVDVideoSoft
2008-02-22 21:46 --------- d-----w D:\Program Files\DVDVideoSoft
2008-02-22 21:45 --------- d-----w D:\Program Files\OneStopSoft.com
2008-02-22 21:34 --------- d-----w D:\Program Files\MAGIX
2008-02-22 21:34 --------- d-----w D:\Documents and Settings\clement\Application Data\MAGIX
2008-02-22 21:33 --------- d-----w D:\Program Files\Fichiers communs\MAGIX Shared
2008-02-22 21:33 --------- d-----w D:\Documents and Settings\All Users\Application Data\MAGIX
2008-02-20 19:17 40,928 ----a-w D:\WINDOWS\system32\drivers\VBoxDrv.sys
2008-02-20 19:17 27,776 ----a-w D:\WINDOWS\system32\drivers\VBoxUSBMon.sys
2008-02-20 08:18 --------- d-----w D:\Program Files\CommentCaMarche
2008-02-14 22:03 --------- d-----w D:\Documents and Settings\clement\Application Data\eXPert PDF Editor
2008-02-14 21:52 --------- d-----w D:\Documents and Settings\All Users\Application Data\eXPert PDF 5
2008-02-14 21:48 --------- d-----w D:\Program Files\Fichiers communs\Nero
2008-02-14 21:48 --------- d-----w D:\Documents and Settings\clement\Application Data\Nero
2008-02-14 21:47 --------- d-----w D:\Program Files\Nero
2008-02-14 21:47 --------- d-----w D:\Documents and Settings\All Users\Application Data\Nero
2008-02-14 21:40 --------- d-----w D:\Program Files\Visagesoft
2008-02-14 21:40 --------- d-----w D:\Documents and Settings\All Users\Application Data\eXPert PDF Jobs
2008-02-14 21:40 --------- d-----w D:\Documents and Settings\All Users\Application Data\eXPert PDF
2008-02-14 21:37 --------- d-----w D:\Program Files\MOVAVI
2008-02-14 21:37 --------- d-----w D:\Program Files\ConvertMovie 5.0
2008-02-14 00:49 --------- d-----w D:\Documents and Settings\clement\Application Data\Dev-Cpp
2008-02-13 17:34 --------- d-----w D:\Program Files\PhotoFiltre
2008-02-13 13:36 13 ---h--w D:\Documents and Settings\All Users\Application Data\1ÌØ13.sys
2008-02-13 13:36 --------- d-----w D:\Program Files\CoffeeCup Software
2008-02-13 12:38 --------- d-----w D:\Program Files\Microsoft Visual Studio .NET
2008-02-13 12:38 --------- d-----w D:\Program Files\Gdot
2008-02-13 12:38 --------- d-----w D:\Program Files\Fichiers communs\Crystal Decisions
2008-02-13 07:42 --------- d-----w D:\Program Files\Alwil Software
2008-02-12 22:56 --------- d-----w D:\Program Files\PDFCreator
2008-02-12 19:20 --------- d-----w D:\Program Files\PDFapps Convert PDF to HTML 2.0
2008-02-12 13:19 --------- d-----w D:\Documents and Settings\clement\Application Data\Nvu
2008-02-11 20:52 --------- d-----w D:\Program Files\LimeWire
2008-02-11 02:00 --------- d-----w D:\Program Files\MSXML 4.0
2008-02-10 22:19 3,452 --sha-w D:\WINDOWS\system32\KGyGaAvL.sys
2008-02-10 22:18 --------- d-----w D:\Documents and Settings\clement\Application Data\Corel
2008-02-10 18:21 --------- d-----w D:\Program Files\iTunes
2008-02-10 18:21 --------- d-----w D:\Program Files\iPod
2008-02-10 18:21 --------- d-----w D:\Program Files\Bonjour
2008-02-10 18:21 --------- d-----w D:\Documents and Settings\clement\Application Data\Apple Computer
2008-02-10 18:21 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-10 18:20 --------- d-----w D:\Program Files\QuickTime
2008-02-10 18:19 --------- d-----w D:\Program Files\Apple Software Update
2008-02-10 18:18 --------- d-----w D:\Program Files\Fichiers communs\Apple
2008-02-10 18:18 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple
2008-02-10 11:03 --------- d-----w D:\Documents and Settings\All Users\Application Data\Corel
2008-02-10 11:02 --------- d-----w D:\Program Files\Fichiers communs\Corel
2008-02-10 11:02 --------- d-----w D:\Program Files\Corel
2008-02-09 03:32 --------- d-----w D:\Program Files\Teleport Pro
2008-02-09 02:00 --------- d-----w D:\Program Files\MSXML 6.0
2008-02-08 19:36 --------- d-----w D:\Program Files\WinHTTrack
2008-02-08 19:30 --------- d-----w D:\Program Files\MorpheusBar
2008-02-08 12:33 --------- d-----w D:\Program Files\ParallelGraphics
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]
2007-10-24 16:27 1918936 --a------ D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-8287-79A187E26987}"= "D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL" [2007-10-24 16:27 1918936]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
[HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-8287-79A187E26987}"= D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL [2007-10-24 16:27 1918936]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
[HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="D:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-11-06 16:03 5724184]
"ManyCam"="D:\Program Files\ManyCam 2.1\ManyCam.exe" [2007-08-20 12:44 1515520]
"LogitechSoftwareUpdate"="D:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 18:07 196608]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 20:10 1688872]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"WebcamMaxMoniter"="D:\Program Files\WebcamMax\wcmmon.exe" [2007-09-16 07:15 450048]
"vspdfprsrv.exe"="D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe" [2007-07-02 20:58 966656]
"TrayServer"="D:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe" [2007-07-17 14:58 90112]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SoundMAXPnP"="D:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 22:34 868352]
"SoundMAX"="D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 08:12 729088]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2008-02-10 19:59 385024]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 D:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"NeroFilterCheck"="D:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 15:21 2213160]
"LVCOMSX"="D:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 12:52 221184]
"LogitechVideoTray"="D:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 18:37 217088]
"LogitechVideoRepair"="D:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 18:47 458752]
"JMB36X IDE Setup"="D:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 15:36 36864]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 15:18 267048]
"Flashget"="D:\Program Files\FlashGet\FlashGet.exe" [2007-09-25 10:10 2007088]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"Autoconfigurateur WiFi Neuf"="D:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2007-02-14 13:06 181752]
"36X Raid Configurer"="D:\WINDOWS\system32\xRaidSetup.exe" [2007-03-21 17:23 1953792]
"HP Software Update"="D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 16:49 49152]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
"DWQueuedReporting"="D:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 17:38 39264]
"msnmsgr"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-11-06 16:03 5724184]
D:\Documents and Settings\clement\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
Raccourci (2) vers chatserv.lnk - C:\chatserv4\chatserv.exe [2007-12-30 12:36:29 1855526]
Raccourci (3) vers chatserv.lnk - C:\chatserv9\chatserv.exe [2007-12-30 12:36:39 1855526]
Raccourci vers chatserv.lnk - C:\chatserv6\chatserv.exe [2007-12-30 12:36:34 1855526]
Raccourci vers chatserv5.lnk - C:\chatserv_bleu\chatserv.exe [2008-02-20 14:49:16 1855526]
TribalWeb.lnk - D:\Program Files\TribalWeb\tribalweb.exe [2008-03-22 00:20:37 1077248]
D:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide du logiciel HP Image Zone.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 20:50:52 53248]
HP Digital Imaging Monitor.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 20:28:24 258048]
Outil de mise … jour Google.lnk - D:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-26 02:50:34 124400]
WinZip Quick Pick.lnk - D:\Program Files\WinZip\WZQKPICK.EXE [2007-06-06 12:10:02 394856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= lvcodec2.dll
"MSVideo"= vfwwdm32.dll
"MSVideo8"= VfWWDM32.dll
"vidc.tscc"= tsccvid.dll
"vidc.LEAD"= LCODCCMP.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\chatserv9\\chatserv.exe"=
"C:\\chatserv4\\chatserv.exe"=
"C:\\chatserv2\\chatserv.exe"=
"C:\\chat.scania\\chat.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\French\\setup.exe"=
"C:\\chatserv6\\chatserv.exe"=
"D:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"D:\\chat.scan\\chat.exe"=
"D:\\chat.scania\\chat.exe"=
"D:\\Program Files\\eChanblard\\emule.exe"=
"D:\\Program Files\\Morpheus\\Morpheus.exe"=
"D:\\Program Files\\Internet Explorer\\iexplore.exe"=
"D:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"D:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"D:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"D:\\Program Files\\innotek VirtualBox\\VirtualBox.exe"=
"C:\\chatserv_bleu\\chatserv.exe"=
"D:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"=
"D:\\chatserv\\chatserv.exe"=
"D:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"D:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"D:\\Program Files\\TribalWeb\\tribalweb.exe"=
"D:\\Program Files\\Yooda\\SeeUrankV3\\SeeUrank.exe"=
"D:\\Program Files\\JSAS\\http_root\\usr\\local\\Apache2\\bin\\Apache.exe"=
"D:\\Program Files\\JSAS\\http_root\\usr\\local\\mysql\\bin\\mysqld-opt.exe"=
"D:\\WINDOWS\\system32\\%%%.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7890:TCP"= 7890:TCP:e3
"7890:UDP"= 7890:UDP:e4
R1 aswSP;avast! Self Protection;D:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 VBoxDrv;VirtualBox Service;D:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2008-02-20 21:17]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;D:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2008-02-20 21:17]
R2 aswFsBlk;aswFsBlk;D:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 CamthWDM;WebcamMax, WDM Video Capture;D:\WINDOWS\system32\DRIVERS\CamthWDM.sys [2007-10-06 10:38]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;D:\WINDOWS\system32\DRIVERS\ManyCam.sys [2007-03-22 14:17]
R3 PCASp50;PCASp50 NDIS Protocol Driver;D:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 03:13]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;D:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-06-16 16:30]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 16:18]
S3 SjyPkt;SjyPkt;D:\WINDOWS\System32\Drivers\SjyPkt.sys [2006-03-31 05:39]
S3 VBoxTAP;VirtualBox TAP Adapter;D:\WINDOWS\system32\DRIVERS\VBoxTAP.sys [2007-09-03 18:19]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa35ab71-c10a-11dc-8d72-806d6172696f}]
\Shell\AutoRun\command - E:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5a2d3a6-c126-11dc-97b0-00146c722b84}]
\Shell\AutoRun\command - setupSNK.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-02 20:08:00 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- D:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-07 05:43:19 D:\WINDOWS\Tasks\User_Feed_Synchronization-{25E3F2BE-EC8D-4DBB-AF4F-599536C5B7CB}.job"
- D:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-07 15:15:14
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-04-07 15:17:28
ComboFix-quarantined-files.txt 2008-04-07 13:17:26
ComboFix2.txt 2008-04-07 12:38:03
ComboFix3.txt 2008-04-07 12:34:08
ComboFix4.txt 2008-03-08 15:50:59
ComboFix5.txt 2008-03-08 09:38:01
Pre-Run: 104,544,759,808 octets libres
Post-Run: 104,530,518,016 octets libres
.
2008-03-12 07:03:31 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:24:05, on 07/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PSIService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\WebcamMax\wcmmon.exe
D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\FlashGet\FlashGet.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Neuf\Kit\WiFi\9wifi.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\ManyCam 2.1\ManyCam.exe
D:\Program Files\Logitech\Video\FxSvr2.exe
D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\Program Files\WinZip\WZQKPICK.EXE
D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\chatserv4\chatserv.exe
C:\chatserv9\chatserv.exe
C:\chatserv6\chatserv.exe
C:\chatserv_bleu\chatserv.exe
D:\Program Files\TribalWeb\tribalweb.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\MonJack.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - D:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Traducteur - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - D:\Program Files\PRMT6\PRMTIE\prmtie.dll
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [WebcamMaxMoniter] "D:\Program Files\WebcamMax\wcmmon.exe" /a
O4 - HKLM\..\Run: [vspdfprsrv.exe] D:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background
O4 - HKLM\..\Run: [TrayServer] D:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] D:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Flashget] D:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "D:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [36X Raid Configurer] D:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ManyCam] "D:\Program Files\ManyCam 2.1\ManyCam.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Raccourci (2) vers chatserv.lnk = C:\chatserv4\chatserv.exe
O4 - Startup: Raccourci (3) vers chatserv.lnk = C:\chatserv9\chatserv.exe
O4 - Startup: Raccourci vers chatserv.lnk = C:\chatserv6\chatserv.exe
O4 - Startup: Raccourci vers chatserv5.lnk = C:\chatserv_bleu\chatserv.exe
O4 - Startup: TribalWeb.lnk = D:\Program Files\TribalWeb\tribalweb.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - D:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Program Files\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - D:\Program Files\PRMT6\PRMTIE\prmtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Program Files\PRMT6\PRMTIE\options.htm
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - D:\Program Files\PRMT6\PRMTIE\options.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - https://resources.flexera.com/web/installengine/engine/isetupml.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - D:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
