A voir également:
- Virus raila olinga
- Virus mcafee - Accueil - Piratage
- Virus informatique - Guide
- Virus facebook demande d'amis - Accueil - Facebook
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
24 réponses
Salut,
Télécharges et installes le logiciel HijackThis :
ici :ftp://ftp.commentcamarche.com/download/HJTInstall.exe
ou ici : http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
1-Cliquer sur le setup pour lancer l'installe : laisses toi guider et ne modifies pas les paramètres d'installation .
A la fin tu dois avoir un raccouci sur ton bureau et aussi un cheminement comme : "C:\ programme file\Trend Micro\HijackThis\HijackThis.exe " .
Important :
Renommer le prg HijackThis :
Rends toi sur ton PC ici "C:\ programme file\Trend Micro\HijackThis\HijackThis.exe"<---cliques droit sur ce dernier et choisis "renommer" : tapes monjack et valides .
tuto pour utilisation
Regardes ici, c'est parfaitement expliqué en images :
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
2-!!Déconnectes toi et fermes toute tes applications en cours !!
Cliques sur le raccourci du bureau pour lancer le prg :
fais un scan "monjack" (ou HijackThis renommé) en cliquant sur : "Do a system scan and save a logfile"
---> Postes le rapport généré pour analyse ...
Télécharges et installes le logiciel HijackThis :
ici :ftp://ftp.commentcamarche.com/download/HJTInstall.exe
ou ici : http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
1-Cliquer sur le setup pour lancer l'installe : laisses toi guider et ne modifies pas les paramètres d'installation .
A la fin tu dois avoir un raccouci sur ton bureau et aussi un cheminement comme : "C:\ programme file\Trend Micro\HijackThis\HijackThis.exe " .
Important :
Renommer le prg HijackThis :
Rends toi sur ton PC ici "C:\ programme file\Trend Micro\HijackThis\HijackThis.exe"<---cliques droit sur ce dernier et choisis "renommer" : tapes monjack et valides .
tuto pour utilisation
Regardes ici, c'est parfaitement expliqué en images :
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
2-!!Déconnectes toi et fermes toute tes applications en cours !!
Cliques sur le raccourci du bureau pour lancer le prg :
fais un scan "monjack" (ou HijackThis renommé) en cliquant sur : "Do a system scan and save a logfile"
---> Postes le rapport généré pour analyse ...
pertorio
Messages postés
36
Statut
Membre
merci j'ai collé le rapport qu est ce que je fais maintenant?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:36:01, on 15/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\SYSTEM32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
E:\WINDOWS\system32\IoctlSvc.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\UTSCSI.EXE
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\WgaTray.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
E:\Program Files\Winamp\winampa.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\AGRSMMSG.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
E:\Program Files\BearShare\BearShare.exe
E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
E:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\program files\topthemesxp\txp.exe
E:\Program Files\Babylon\Babylon-Pro\Babylon.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
E:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
E:\WINDOWS\system32\drivers\projet aquilas.exe
E:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
E:\Program Files\Fritivi\fritivi_recorder.exe
E:\WINDOWS\system32\drivers\$«$r.exe
E:\WINDOWS\system32\drivers\+¦{ÔM_«Þ.exe
E:\WINDOWS\system32\drivers\AVANT PROPOS.exe
E:\WINDOWS\system32\drivers\projet aquilas.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
E:\Program Files\Windows Live\Messenger\usnsvc.exe
E:\Program Files\Netscape\Navigator 9\navigator.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
E:\Program Files\Trend Micro\HijackThis\monjack.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.net-studio.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.speedbit.com/FinishInstall.asp?V=8.0.3.9&MDD=A&EDB=&ASU=A
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - E:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - E:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - E:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - E:\ExploreExtPDF.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - E:\Program Files\Windows Live\Contrôle parental\fssbho.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {706A12C8-039C-4BC0-8A92-04C1A6373066} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - E:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: (no name) - {F3AEF888-A3E2-44EB-BD85-F0C85BA7673F} - (no file)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - E:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - E:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - E:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - E:\ExploreExtPDF.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - E:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [fssui] "E:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SweetIM] E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [BearShare] "E:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [TXP] e:\program files\topthemesxp\txp.exe
O4 - HKLM\..\Run: [Babylon Client] E:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SweetIM] E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] ~"E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [] E:\WINDOWS\system32\drivers\projet aquilas
O4 - HKCU\..\Run: [eMuleAutoStart] D:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: $«$r.lnk = ?
O4 - Startup: +¦{ÔM_«Þ.lnk = ?
O4 - Startup: ampli_op1.php.lnk = ?
O4 - Startup: AVANT PROPOS.lnk = ?
O4 - Startup: BLANCHESSERIE.lnk = ?
O4 - Startup: courier medel.lnk = ?
O4 - Startup: desktop.lnk = ?
O4 - Startup: DOC 2.lnk = ?
O4 - Startup: EQUATIONS D'ACTIVATIO ET DE DESACTIVATION.lnk = ?
O4 - Startup: MEMBRES DU BUREAU IPJ 2008-2009.lnk = ?
O4 - Startup: projet aquilas.lnk = ?
O4 - Startup: RocketDock.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TICHET.lnk = ?
O4 - Startup: TransBar.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Fritivi Recorder.lnk = E:\Program Files\Fritivi\fritivi_recorder.exe
O8 - Extra context menu item: &Windows Live Search - res://E:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://E:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - E:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: E:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O20 - Winlogon Notify: hgGabBtU - hgGabBtU.dll (file missing)
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - E:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Usbest Service Zero (UTSCSI) - USBest - E:\WINDOWS\system32\UTSCSI.EXE
Scan saved at 22:36:01, on 15/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\SYSTEM32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
E:\WINDOWS\system32\IoctlSvc.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\UTSCSI.EXE
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\WgaTray.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
E:\Program Files\Winamp\winampa.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\AGRSMMSG.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
E:\Program Files\BearShare\BearShare.exe
E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
E:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\program files\topthemesxp\txp.exe
E:\Program Files\Babylon\Babylon-Pro\Babylon.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
E:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
E:\WINDOWS\system32\drivers\projet aquilas.exe
E:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
E:\Program Files\Fritivi\fritivi_recorder.exe
E:\WINDOWS\system32\drivers\$«$r.exe
E:\WINDOWS\system32\drivers\+¦{ÔM_«Þ.exe
E:\WINDOWS\system32\drivers\AVANT PROPOS.exe
E:\WINDOWS\system32\drivers\projet aquilas.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
E:\Program Files\Windows Live\Messenger\usnsvc.exe
E:\Program Files\Netscape\Navigator 9\navigator.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
E:\Program Files\Trend Micro\HijackThis\monjack.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.net-studio.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.speedbit.com/FinishInstall.asp?V=8.0.3.9&MDD=A&EDB=&ASU=A
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - E:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - E:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - E:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - E:\ExploreExtPDF.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - E:\Program Files\Windows Live\Contrôle parental\fssbho.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {706A12C8-039C-4BC0-8A92-04C1A6373066} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - E:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: (no name) - {F3AEF888-A3E2-44EB-BD85-F0C85BA7673F} - (no file)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - E:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - E:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - E:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - E:\ExploreExtPDF.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - E:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [fssui] "E:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SweetIM] E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [BearShare] "E:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [TXP] e:\program files\topthemesxp\txp.exe
O4 - HKLM\..\Run: [Babylon Client] E:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SweetIM] E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] ~"E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [] E:\WINDOWS\system32\drivers\projet aquilas
O4 - HKCU\..\Run: [eMuleAutoStart] D:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: $«$r.lnk = ?
O4 - Startup: +¦{ÔM_«Þ.lnk = ?
O4 - Startup: ampli_op1.php.lnk = ?
O4 - Startup: AVANT PROPOS.lnk = ?
O4 - Startup: BLANCHESSERIE.lnk = ?
O4 - Startup: courier medel.lnk = ?
O4 - Startup: desktop.lnk = ?
O4 - Startup: DOC 2.lnk = ?
O4 - Startup: EQUATIONS D'ACTIVATIO ET DE DESACTIVATION.lnk = ?
O4 - Startup: MEMBRES DU BUREAU IPJ 2008-2009.lnk = ?
O4 - Startup: projet aquilas.lnk = ?
O4 - Startup: RocketDock.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TICHET.lnk = ?
O4 - Startup: TransBar.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Fritivi Recorder.lnk = E:\Program Files\Fritivi\fritivi_recorder.exe
O8 - Extra context menu item: &Windows Live Search - res://E:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://E:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - E:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: E:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O20 - Winlogon Notify: hgGabBtU - hgGabBtU.dll (file missing)
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - E:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Usbest Service Zero (UTSCSI) - USBest - E:\WINDOWS\system32\UTSCSI.EXE
Si seulement il n'y avait que Raila ... ;) il y a du boulot lol
Commences par ce-ci :
---> télécharger ce patch sur ton Bureau :
http://www.net-studio.org/application/ropatsa.php
Décompresses le ( = clique droit/extraire tout ) sur ton bureau .
Puis double-clique dessus pour le lancer et laisses faire ...
Une fois finit , redémarres ton PC et fais un nouveau scan Hijackthis .
Postes moi le rapport obtenu pour analyse et attends la suite car ton PC est bourré d'infection ...
Commences par ce-ci :
---> télécharger ce patch sur ton Bureau :
http://www.net-studio.org/application/ropatsa.php
Décompresses le ( = clique droit/extraire tout ) sur ton bureau .
Puis double-clique dessus pour le lancer et laisses faire ...
Une fois finit , redémarres ton PC et fais un nouveau scan Hijackthis .
Postes moi le rapport obtenu pour analyse et attends la suite car ton PC est bourré d'infection ...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:06:37, on 15/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\SYSTEM32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
E:\WINDOWS\system32\IoctlSvc.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\UTSCSI.EXE
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\WgaTray.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
E:\Program Files\Winamp\winampa.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\AGRSMMSG.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
E:\Program Files\BearShare\BearShare.exe
E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
E:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\program files\topthemesxp\txp.exe
E:\Program Files\Babylon\Babylon-Pro\Babylon.exe
E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
E:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
E:\WINDOWS\system32\drivers\projet aquilas.exe
D:\Program Files\eMule\emule.exe
E:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
E:\Program Files\Fritivi\fritivi_recorder.exe
E:\WINDOWS\system32\drivers\$«$r.exe
E:\WINDOWS\system32\drivers\+¦{ÔM_«Þ.exe
E:\WINDOWS\system32\drivers\AVANT PROPOS.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\system32\drivers\projet aquilas.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
E:\Program Files\Trend Micro\HijackThis\monjack.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.net-studio.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.speedbit.com/FinishInstall.asp?V=8.0.3.9&MDD=A&EDB=&ASU=A
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - E:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - E:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - E:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - E:\ExploreExtPDF.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - E:\Program Files\Windows Live\Contrôle parental\fssbho.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {706A12C8-039C-4BC0-8A92-04C1A6373066} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - E:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: (no name) - {F3AEF888-A3E2-44EB-BD85-F0C85BA7673F} - (no file)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - E:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - E:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - E:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - E:\ExploreExtPDF.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - E:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [fssui] "E:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SweetIM] E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [BearShare] "E:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [TXP] e:\program files\topthemesxp\txp.exe
O4 - HKLM\..\Run: [Babylon Client] E:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SweetIM] E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] ~"E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [] E:\WINDOWS\system32\drivers\projet aquilas
O4 - HKCU\..\Run: [eMuleAutoStart] D:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: $«$r.lnk = ?
O4 - Startup: +¦{ÔM_«Þ.lnk = ?
O4 - Startup: ampli_op1.php.lnk = ?
O4 - Startup: AVANT PROPOS.lnk = ?
O4 - Startup: BLANCHESSERIE.lnk = ?
O4 - Startup: courier medel.lnk = ?
O4 - Startup: desktop.lnk = ?
O4 - Startup: DOC 2.lnk = ?
O4 - Startup: EQUATIONS D'ACTIVATIO ET DE DESACTIVATION.lnk = ?
O4 - Startup: MEMBRES DU BUREAU IPJ 2008-2009.lnk = ?
O4 - Startup: projet aquilas.lnk = ?
O4 - Startup: RocketDock.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TICHET.lnk = ?
O4 - Startup: TransBar.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Fritivi Recorder.lnk = E:\Program Files\Fritivi\fritivi_recorder.exe
O8 - Extra context menu item: &Windows Live Search - res://E:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://E:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - E:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: E:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O20 - Winlogon Notify: hgGabBtU - hgGabBtU.dll (file missing)
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - E:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Usbest Service Zero (UTSCSI) - USBest - E:\WINDOWS\system32\UTSCSI.EXE
Scan saved at 23:06:37, on 15/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\SYSTEM32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
E:\WINDOWS\system32\IoctlSvc.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\UTSCSI.EXE
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\WgaTray.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
E:\Program Files\Winamp\winampa.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\AGRSMMSG.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
E:\Program Files\BearShare\BearShare.exe
E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
E:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\program files\topthemesxp\txp.exe
E:\Program Files\Babylon\Babylon-Pro\Babylon.exe
E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
E:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
E:\WINDOWS\system32\drivers\projet aquilas.exe
D:\Program Files\eMule\emule.exe
E:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
E:\Program Files\Fritivi\fritivi_recorder.exe
E:\WINDOWS\system32\drivers\$«$r.exe
E:\WINDOWS\system32\drivers\+¦{ÔM_«Þ.exe
E:\WINDOWS\system32\drivers\AVANT PROPOS.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\system32\drivers\projet aquilas.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
E:\Program Files\Trend Micro\HijackThis\monjack.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.net-studio.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.speedbit.com/FinishInstall.asp?V=8.0.3.9&MDD=A&EDB=&ASU=A
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - E:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - E:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - E:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - E:\ExploreExtPDF.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - E:\Program Files\Windows Live\Contrôle parental\fssbho.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {706A12C8-039C-4BC0-8A92-04C1A6373066} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - E:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: (no name) - {F3AEF888-A3E2-44EB-BD85-F0C85BA7673F} - (no file)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - E:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - E:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - E:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - E:\ExploreExtPDF.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - E:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [fssui] "E:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SweetIM] E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [BearShare] "E:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [TXP] e:\program files\topthemesxp\txp.exe
O4 - HKLM\..\Run: [Babylon Client] E:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SweetIM] E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] ~"E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [] E:\WINDOWS\system32\drivers\projet aquilas
O4 - HKCU\..\Run: [eMuleAutoStart] D:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: $«$r.lnk = ?
O4 - Startup: +¦{ÔM_«Þ.lnk = ?
O4 - Startup: ampli_op1.php.lnk = ?
O4 - Startup: AVANT PROPOS.lnk = ?
O4 - Startup: BLANCHESSERIE.lnk = ?
O4 - Startup: courier medel.lnk = ?
O4 - Startup: desktop.lnk = ?
O4 - Startup: DOC 2.lnk = ?
O4 - Startup: EQUATIONS D'ACTIVATIO ET DE DESACTIVATION.lnk = ?
O4 - Startup: MEMBRES DU BUREAU IPJ 2008-2009.lnk = ?
O4 - Startup: projet aquilas.lnk = ?
O4 - Startup: RocketDock.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TICHET.lnk = ?
O4 - Startup: TransBar.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Fritivi Recorder.lnk = E:\Program Files\Fritivi\fritivi_recorder.exe
O8 - Extra context menu item: &Windows Live Search - res://E:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://E:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - E:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: E:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O20 - Winlogon Notify: hgGabBtU - hgGabBtU.dll (file missing)
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - E:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Usbest Service Zero (UTSCSI) - USBest - E:\WINDOWS\system32\UTSCSI.EXE
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Fais ce-ci :
1-Avoir accès aux fichiers cachés :
Vas dans Menu Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage
* "Afficher les fichiers et dossiers cachés" ---> coché
* "Masquer les extensions des fichiers dont le type est connu" ---> décoché
* "masquer les fichiers du système" ---> décoché
( tu remetteras les paramètres de départ une fois la désinfection terminée , pas avant ... )
2- Connectes tout unitées externes que tu as suseptibles d'être touchées par le virus ( clé USB, DD extern, lect. mp3 ) mais sans les ouvrir !...
3- reprends ce-ci :
* Impératif : Redémarrer l'ordinateur en mode sans échec .
Comment aller en Mode sans échec
1) Redémarre ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur (si besoin ... )
( ps : n'oublies pas , en mode sans échec , pas de connexion ! Donc copies ou imprimes bien les info ci-dessous ...)
-->double-clique sur le patch que tu as télécharger pour le lancer et laisses faire ...
Une fois finit , redémarres ton PC et fais un nouveau scan Hijackthis .
Postes moi le rapport obtenu pour analyse et attends la suite ...
1-Avoir accès aux fichiers cachés :
Vas dans Menu Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage
* "Afficher les fichiers et dossiers cachés" ---> coché
* "Masquer les extensions des fichiers dont le type est connu" ---> décoché
* "masquer les fichiers du système" ---> décoché
( tu remetteras les paramètres de départ une fois la désinfection terminée , pas avant ... )
2- Connectes tout unitées externes que tu as suseptibles d'être touchées par le virus ( clé USB, DD extern, lect. mp3 ) mais sans les ouvrir !...
3- reprends ce-ci :
* Impératif : Redémarrer l'ordinateur en mode sans échec .
Comment aller en Mode sans échec
1) Redémarre ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur (si besoin ... )
( ps : n'oublies pas , en mode sans échec , pas de connexion ! Donc copies ou imprimes bien les info ci-dessous ...)
-->double-clique sur le patch que tu as télécharger pour le lancer et laisses faire ...
Une fois finit , redémarres ton PC et fais un nouveau scan Hijackthis .
Postes moi le rapport obtenu pour analyse et attends la suite ...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:48:07, on 15/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\SYSTEM32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
E:\WINDOWS\system32\IoctlSvc.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\UTSCSI.EXE
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\WgaTray.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
E:\Program Files\Winamp\winampa.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\AGRSMMSG.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
E:\Program Files\BearShare\BearShare.exe
E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
E:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\program files\topthemesxp\txp.exe
E:\Program Files\Babylon\Babylon-Pro\Babylon.exe
E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
D:\Program Files\eMule\emule.exe
E:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
E:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
E:\Program Files\Fritivi\fritivi_recorder.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Trend Micro\HijackThis\monjack.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
E:\Program Files\Thomson\SpeedTouch USB\stdialup.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.net-studio.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.speedbit.com/FinishInstall.asp?V=8.0.3.9&MDD=A&EDB=&ASU=A
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - E:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - E:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - E:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - E:\ExploreExtPDF.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - E:\Program Files\Windows Live\Contrôle parental\fssbho.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {706A12C8-039C-4BC0-8A92-04C1A6373066} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - E:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: (no name) - {F3AEF888-A3E2-44EB-BD85-F0C85BA7673F} - (no file)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - E:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - E:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - E:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - E:\ExploreExtPDF.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - E:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [fssui] "E:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SweetIM] E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [BearShare] "E:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [TXP] e:\program files\topthemesxp\txp.exe
O4 - HKLM\..\Run: [Babylon Client] E:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SweetIM] E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] ~"E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [] E:\WINDOWS\system32\drivers\projet aquilas
O4 - HKCU\..\Run: [eMuleAutoStart] D:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: $«$r.lnk = ?
O4 - Startup: +¦{ÔM_«Þ.lnk = ?
O4 - Startup: ampli_op1.php.lnk = ?
O4 - Startup: AVANT PROPOS.lnk = ?
O4 - Startup: BLANCHESSERIE.lnk = ?
O4 - Startup: courier medel.lnk = ?
O4 - Startup: desktop.lnk = ?
O4 - Startup: DOC 2.lnk = ?
O4 - Startup: EQUATIONS D'ACTIVATIO ET DE DESACTIVATION.lnk = ?
O4 - Startup: MEMBRES DU BUREAU IPJ 2008-2009.lnk = ?
O4 - Startup: projet aquilas.lnk = ?
O4 - Startup: RocketDock.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TICHET.lnk = ?
O4 - Startup: TransBar.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Fritivi Recorder.lnk = E:\Program Files\Fritivi\fritivi_recorder.exe
O8 - Extra context menu item: &Windows Live Search - res://E:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://E:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - E:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: E:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O20 - Winlogon Notify: hgGabBtU - hgGabBtU.dll (file missing)
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - E:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Usbest Service Zero (UTSCSI) - USBest - E:\WINDOWS\system32\UTSCSI.EXE
Scan saved at 23:48:07, on 15/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\SYSTEM32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
E:\WINDOWS\system32\IoctlSvc.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\UTSCSI.EXE
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\WgaTray.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
E:\Program Files\Winamp\winampa.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\AGRSMMSG.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
E:\Program Files\BearShare\BearShare.exe
E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
E:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\program files\topthemesxp\txp.exe
E:\Program Files\Babylon\Babylon-Pro\Babylon.exe
E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
D:\Program Files\eMule\emule.exe
E:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
E:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
E:\Program Files\Fritivi\fritivi_recorder.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Trend Micro\HijackThis\monjack.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
E:\Program Files\Thomson\SpeedTouch USB\stdialup.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.net-studio.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.speedbit.com/FinishInstall.asp?V=8.0.3.9&MDD=A&EDB=&ASU=A
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - E:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - E:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - E:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - E:\ExploreExtPDF.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - E:\Program Files\Windows Live\Contrôle parental\fssbho.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {706A12C8-039C-4BC0-8A92-04C1A6373066} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - E:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: (no name) - {F3AEF888-A3E2-44EB-BD85-F0C85BA7673F} - (no file)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - E:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - E:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - E:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - E:\ExploreExtPDF.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - E:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [fssui] "E:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SweetIM] E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [BearShare] "E:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [TXP] e:\program files\topthemesxp\txp.exe
O4 - HKLM\..\Run: [Babylon Client] E:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SweetIM] E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] ~"E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [] E:\WINDOWS\system32\drivers\projet aquilas
O4 - HKCU\..\Run: [eMuleAutoStart] D:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: $«$r.lnk = ?
O4 - Startup: +¦{ÔM_«Þ.lnk = ?
O4 - Startup: ampli_op1.php.lnk = ?
O4 - Startup: AVANT PROPOS.lnk = ?
O4 - Startup: BLANCHESSERIE.lnk = ?
O4 - Startup: courier medel.lnk = ?
O4 - Startup: desktop.lnk = ?
O4 - Startup: DOC 2.lnk = ?
O4 - Startup: EQUATIONS D'ACTIVATIO ET DE DESACTIVATION.lnk = ?
O4 - Startup: MEMBRES DU BUREAU IPJ 2008-2009.lnk = ?
O4 - Startup: projet aquilas.lnk = ?
O4 - Startup: RocketDock.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TICHET.lnk = ?
O4 - Startup: TransBar.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Fritivi Recorder.lnk = E:\Program Files\Fritivi\fritivi_recorder.exe
O8 - Extra context menu item: &Windows Live Search - res://E:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://E:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - E:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: E:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O20 - Winlogon Notify: hgGabBtU - hgGabBtU.dll (file missing)
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - E:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Usbest Service Zero (UTSCSI) - USBest - E:\WINDOWS\system32\UTSCSI.EXE
Pas terrible le patch lol
fesons autrement :
Télécharges RavAntivirus d'Evosla sur ton bureau :
http://ww25.evosla.com/compteur.php?soft=rav_antivirus
Déconectes toi et fermes toutes tes applications en cours .
!!IMPORTANT : Si tu as une clé USB, disque dur externe, etc, branches-les à ton PC (sans les ouvrir) avant de lancer ce FIX !!
--->Fais un clic droit sur le fichier .ZIP : "Extraire tout" --> sur le Bureau
Puis doucle-cliques sur RAV.exe afin de lancer l'outil.
Une fois RAV ANTIVIRUS lancé, laisse-le faire : il scanne automatiquement tout les lecteurs (disques dur et amovibles)
---> Si il détecte une infection : un rapport s'établira, sinon le soft affichera (rapidement) ce-ci "Votre Ordinateur est sain" .
Enfin ,tu retires tes disques amovibles et redémarres PC .
Puis postes le rapport si il y a infection ...
Postes aussi un nouvel hijackthis stp ...
A demain cette fois ^^
fesons autrement :
Télécharges RavAntivirus d'Evosla sur ton bureau :
http://ww25.evosla.com/compteur.php?soft=rav_antivirus
Déconectes toi et fermes toutes tes applications en cours .
!!IMPORTANT : Si tu as une clé USB, disque dur externe, etc, branches-les à ton PC (sans les ouvrir) avant de lancer ce FIX !!
--->Fais un clic droit sur le fichier .ZIP : "Extraire tout" --> sur le Bureau
Puis doucle-cliques sur RAV.exe afin de lancer l'outil.
Une fois RAV ANTIVIRUS lancé, laisse-le faire : il scanne automatiquement tout les lecteurs (disques dur et amovibles)
---> Si il détecte une infection : un rapport s'établira, sinon le soft affichera (rapidement) ce-ci "Votre Ordinateur est sain" .
Enfin ,tu retires tes disques amovibles et redémarres PC .
Puis postes le rapport si il y a infection ...
Postes aussi un nouvel hijackthis stp ...
A demain cette fois ^^
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:16:01, on 16/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\SYSTEM32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
E:\WINDOWS\system32\IoctlSvc.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\UTSCSI.EXE
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\WgaTray.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
E:\Program Files\Winamp\winampa.exe
E:\Program Files\Windows Live\Contrôle parental\fssui.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\AGRSMMSG.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
E:\Program Files\BearShare\BearShare.exe
E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
E:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\program files\topthemesxp\txp.exe
E:\Program Files\Babylon\Babylon-Pro\Babylon.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
D:\Program Files\eMule\emule.exe
E:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
E:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
E:\Program Files\Fritivi\fritivi_recorder.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
E:\Program Files\Netscape\Navigator 9\navigator.exe
E:\Program Files\Windows Live\Messenger\usnsvc.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Trend Micro\HijackThis\monjack.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.net-studio.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.speedbit.com/FinishInstall.asp?V=8.0.3.9&MDD=A&EDB=&ASU=A
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - E:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - E:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - E:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - E:\ExploreExtPDF.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - E:\Program Files\Windows Live\Contrôle parental\fssbho.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {706A12C8-039C-4BC0-8A92-04C1A6373066} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - E:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: (no name) - {F3AEF888-A3E2-44EB-BD85-F0C85BA7673F} - (no file)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - E:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - E:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - E:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - E:\ExploreExtPDF.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - E:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [fssui] "E:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SweetIM] E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [BearShare] "E:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [TXP] e:\program files\topthemesxp\txp.exe
O4 - HKLM\..\Run: [Babylon Client] E:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SweetIM] E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] ~"E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [] E:\WINDOWS\system32\drivers\projet aquilas
O4 - HKCU\..\Run: [eMuleAutoStart] D:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: $«$r.lnk = ?
O4 - Startup: +¦{ÔM_«Þ.lnk = ?
O4 - Startup: ampli_op1.php.lnk = ?
O4 - Startup: AVANT PROPOS.lnk = ?
O4 - Startup: BLANCHESSERIE.lnk = ?
O4 - Startup: courier medel.lnk = ?
O4 - Startup: desktop.lnk = ?
O4 - Startup: DOC 2.lnk = ?
O4 - Startup: EQUATIONS D'ACTIVATIO ET DE DESACTIVATION.lnk = ?
O4 - Startup: MEMBRES DU BUREAU IPJ 2008-2009.lnk = ?
O4 - Startup: projet aquilas.lnk = ?
O4 - Startup: RocketDock.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TICHET.lnk = ?
O4 - Startup: TransBar.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Fritivi Recorder.lnk = E:\Program Files\Fritivi\fritivi_recorder.exe
O8 - Extra context menu item: &Windows Live Search - res://E:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://E:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC7595AF-AFD5-40F5-94D8-409AA617B579}: NameServer = 213.136.96.2 213.136.96.37
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - E:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: E:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O20 - Winlogon Notify: hgGabBtU - hgGabBtU.dll (file missing)
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - E:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Usbest Service Zero (UTSCSI) - USBest - E:\WINDOWS\system32\UTSCSI.EXE
Scan saved at 19:16:01, on 16/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\SYSTEM32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
E:\WINDOWS\system32\IoctlSvc.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\UTSCSI.EXE
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\WgaTray.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
E:\Program Files\Winamp\winampa.exe
E:\Program Files\Windows Live\Contrôle parental\fssui.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\AGRSMMSG.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
E:\Program Files\BearShare\BearShare.exe
E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
E:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\program files\topthemesxp\txp.exe
E:\Program Files\Babylon\Babylon-Pro\Babylon.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
D:\Program Files\eMule\emule.exe
E:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
E:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
E:\Program Files\Fritivi\fritivi_recorder.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
E:\Program Files\Netscape\Navigator 9\navigator.exe
E:\Program Files\Windows Live\Messenger\usnsvc.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Trend Micro\HijackThis\monjack.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.net-studio.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.speedbit.com/FinishInstall.asp?V=8.0.3.9&MDD=A&EDB=&ASU=A
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - E:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - E:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - E:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - E:\ExploreExtPDF.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - E:\Program Files\Windows Live\Contrôle parental\fssbho.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {706A12C8-039C-4BC0-8A92-04C1A6373066} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - E:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: (no name) - {F3AEF888-A3E2-44EB-BD85-F0C85BA7673F} - (no file)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - E:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - E:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - E:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - E:\ExploreExtPDF.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - E:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [fssui] "E:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SweetIM] E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [BearShare] "E:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [TXP] e:\program files\topthemesxp\txp.exe
O4 - HKLM\..\Run: [Babylon Client] E:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SweetIM] E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] ~"E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [] E:\WINDOWS\system32\drivers\projet aquilas
O4 - HKCU\..\Run: [eMuleAutoStart] D:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: $«$r.lnk = ?
O4 - Startup: +¦{ÔM_«Þ.lnk = ?
O4 - Startup: ampli_op1.php.lnk = ?
O4 - Startup: AVANT PROPOS.lnk = ?
O4 - Startup: BLANCHESSERIE.lnk = ?
O4 - Startup: courier medel.lnk = ?
O4 - Startup: desktop.lnk = ?
O4 - Startup: DOC 2.lnk = ?
O4 - Startup: EQUATIONS D'ACTIVATIO ET DE DESACTIVATION.lnk = ?
O4 - Startup: MEMBRES DU BUREAU IPJ 2008-2009.lnk = ?
O4 - Startup: projet aquilas.lnk = ?
O4 - Startup: RocketDock.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TICHET.lnk = ?
O4 - Startup: TransBar.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Fritivi Recorder.lnk = E:\Program Files\Fritivi\fritivi_recorder.exe
O8 - Extra context menu item: &Windows Live Search - res://E:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://E:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC7595AF-AFD5-40F5-94D8-409AA617B579}: NameServer = 213.136.96.2 213.136.96.37
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - E:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: E:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O20 - Winlogon Notify: hgGabBtU - hgGabBtU.dll (file missing)
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - E:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Usbest Service Zero (UTSCSI) - USBest - E:\WINDOWS\system32\UTSCSI.EXE
Et oui toujours là ... ^^
1- on va faire parvenir la bestiol chez des spécialistes ( tu as un variante mal connu du virus )
Rends toi sur ce site :
http://secubox.gateweb.org/mad.php
Dans la venêtre " Veuillez sélectionner votre fichier " , copies/colle exactement ce qui suit :
E:\WINDOWS\system32\drivers\projet aquilas
Et dans la fenêtre " Veuillez indiquer ci-dessous le message destiné à notre équipe " tu copies/colles ce-ci :
Une nouvelle variante de Ralia Ondiga ?
Une fois ce-ci fais ,
2- Rends toi sur ce site :
https://www.virustotal.com/gui/
Copies ce qui suit et colles le dans l'espace pour la recherche :
E:\WINDOWS\system32\drivers\projet aquilas
Cliques sur Send File.
Un rapport va s'élaborer ligne à ligne.
Attends bien la fin ... Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copies le dans ta prochaine réponse ...
( Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant )
Fais de même pour :
E:\Program Files\Fritivi\fritivi_recorder.exe
---> postes moi donc ces 2 rapports ( en précisant bien au début de chacuns à quel fichier ils correspondent ) et attends la suite ...
1- on va faire parvenir la bestiol chez des spécialistes ( tu as un variante mal connu du virus )
Rends toi sur ce site :
http://secubox.gateweb.org/mad.php
Dans la venêtre " Veuillez sélectionner votre fichier " , copies/colle exactement ce qui suit :
E:\WINDOWS\system32\drivers\projet aquilas
Et dans la fenêtre " Veuillez indiquer ci-dessous le message destiné à notre équipe " tu copies/colles ce-ci :
Une nouvelle variante de Ralia Ondiga ?
Une fois ce-ci fais ,
2- Rends toi sur ce site :
https://www.virustotal.com/gui/
Copies ce qui suit et colles le dans l'espace pour la recherche :
E:\WINDOWS\system32\drivers\projet aquilas
Cliques sur Send File.
Un rapport va s'élaborer ligne à ligne.
Attends bien la fin ... Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copies le dans ta prochaine réponse ...
( Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant )
Fais de même pour :
E:\Program Files\Fritivi\fritivi_recorder.exe
---> postes moi donc ces 2 rapports ( en précisant bien au début de chacuns à quel fichier ils correspondent ) et attends la suite ...
File fritivi_recorder.exe received on 07.17.2008 15:43:59 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/33 (0%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
AhnLab-V3 2008.7.17.0 2008.07.17 -
AntiVir 7.8.0.68 2008.07.17 -
Authentium 5.1.0.4 2008.07.16 -
Avast 4.8.1195.0 2008.07.17 -
AVG 8.0.0.130 2008.07.17 -
BitDefender 7.2 2008.07.17 -
CAT-QuickHeal 9.50 2008.07.16 -
ClamAV 0.93.1 2008.07.17 -
DrWeb 4.44.0.09170 2008.07.17 -
eSafe 7.0.17.0 2008.07.17 -
eTrust-Vet 31.6.5962 2008.07.17 -
Ewido 4.0 2008.07.17 -
F-Prot 4.4.4.56 2008.07.16 -
F-Secure 7.60.13501.0 2008.07.17 -
Fortinet 3.14.0.0 2008.07.17 -
GData 2.0.7306.1023 2008.07.17 -
Ikarus T3.1.1.34.0 2008.07.17 -
Kaspersky 7.0.0.125 2008.07.17 -
McAfee 5340 2008.07.16 -
Microsoft 1.3704 2008.07.17 -
NOD32v2 3276 2008.07.17 -
Norman 5.80.02 2008.07.16 -
Panda 9.0.0.4 2008.07.16 -
Prevx1 V2 2008.07.17 -
Rising 20.53.32.00 2008.07.17 -
Sophos 4.31.0 2008.07.17 -
Sunbelt 3.1.1536.1 2008.07.17 -
Symantec 10 2008.07.17 -
TheHacker 6.2.96.381 2008.07.16 -
TrendMicro 8.700.0.1004 2008.07.17 -
VBA32 3.12.8.0 2008.07.17 -
VirusBuster 4.5.11.0 2008.07.16 -
Webwasher-Gateway 6.6.2 2008.07.17 -
Additional information
File size: 1255936 bytes
MD5...: 9f818d74e2e9869b8f3d23f51055f247
SHA1..: 7647d69d26de5873aefc0e43a5e7908c9d117d40
SHA256: e1e85df88bb1fe87951261e0e964e6a7cab5b6795bfc6f1fc44924c37664ec57
SHA512: 1f6ea9f421013fdd989efbaf7ca1f89b37e5a1dd3dcabd532114efc4ebedd5ba
896418536fd481b277a5bd9efc3e061813d364fe1b91d13667aa39468b124ec7
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x4d01a8
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)
( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0xcf300 0xcf400 6.53 8622e4709f0af7c8815199e372670621
DATA 0xd1000 0x3120 0x3200 5.02 e97b6ec8fcfa82b02e0b06404cd8380f
BSS 0xd5000 0x1ded 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0xd7000 0x2b88 0x2c00 5.02 87b9373f435d95b5a3e410deab1cfda3
.tls 0xda000 0x10 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0xdb000 0x18 0x200 0.20 7b00eb98e642fbbf88d1dfaa1e0a40ed
.reloc 0xdc000 0xe284 0xe400 6.63 4ec386d399b2d5e9ffa43145b9870333
.rsrc 0xeb000 0x4ee00 0x4ee00 5.56 c82361011e21b958362e2292acbb4b52
( 19 imports )
> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, ExitThread, CreateThread, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle
> user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA
> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
> oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen
> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges
> kernel32.dll: lstrcpyA, WritePrivateProfileStringA, WriteFile, WaitForSingleObject, VirtualQuery, VirtualAlloc, UnmapViewOfFile, TerminateProcess, Sleep, SizeofResource, SetWaitableTimer, SetThreadLocale, SetSystemPowerState, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, ReleaseSemaphore, ReadFile, QueryPerformanceFrequency, QueryPerformanceCounter, OpenSemaphoreA, MultiByteToWideChar, MulDiv, MoveFileA, MapViewOfFile, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalSize, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetUserDefaultLCID, GetTimeZoneInformation, GetTickCount, GetThreadLocale, GetTempPathA, GetSystemInfo, GetStringTypeExA, GetStdHandle, GetProcessTimes, GetProcAddress, GetPrivateProfileStringA, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFileSize, GetFileAttributesA, GetExitCodeThread, GetDiskFreeSpaceExA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCurrentProcess, GetComputerNameA, GetCPInfo, GetACP, FreeResource, InterlockedExchange, FreeLibrary, FormatMessageA, FindResourceA, FindNextFileA, FindNextChangeNotification, FindFirstFileA, FindFirstChangeNotificationA, FindCloseChangeNotification, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, DeleteFileA, DeleteCriticalSection, CreateWaitableTimerA, CreateThread, CreateSemaphoreA, CreateProcessA, CreateFileMappingA, CreateFileA, CreateEventA, CreateDirectoryA, CompareStringA, CloseHandle, CancelWaitableTimer
> version.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
> gdi32.dll: UnrealizeObject, StretchBlt, SetWindowOrgEx, SetWindowExtEx, SetWinMetaFileBits, SetViewportOrgEx, SetViewportExtEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetMapMode, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SelectClipRgn, SaveDC, RoundRect, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, PolyPolyline, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, LPtoDP, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileDescriptionA, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipRgn, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExtTextOutA, ExtCreatePen, ExcludeClipRect, Ellipse, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreateRectRgn, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateEnhMetaFileA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, CloseEnhMetaFile, BitBlt
> user32.dll: WindowFromPoint, WinHelpA, WaitMessage, ValidateRect, UpdateWindow, UnregisterClassA, UnionRect, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetMenuItemInfoA, SetMenu, SetKeyboardState, SetForegroundWindow, SetFocus, SetCursor, SetClipboardData, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindowEx, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OpenClipboard, OffsetRect, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, IsCharAlphaNumericA, IsCharAlphaA, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessageTime, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDoubleClickTime, GetDlgItem, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCaretPos, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, ExitWindowsEx, EqualRect, EnumWindows, EnumThreadWindows, EnumClipboardFormats, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreateWindowExA, CreatePopupMenu, CreateMenu, CreateIcon, CloseClipboard, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, AdjustWindowRectEx, ActivateKeyboardLayout
> kernel32.dll: Sleep
> oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayRedim, SafeArrayCreate, VariantChangeTypeEx, VariantCopyInd, VariantCopy, VariantClear, VariantInit
> ole32.dll: CreateStreamOnHGlobal, IsAccelerator, OleDraw, OleSetMenuDescriptor, CoTaskMemFree, ProgIDFromCLSID, StringFromCLSID, CoCreateInstance, CoGetClassObject, CoUninitialize, CoInitialize, IsEqualGUID
> oleaut32.dll: GetErrorInfo, GetActiveObject, SysFreeString
> comctl32.dll: ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommonControls
> shell32.dll: Shell_NotifyIconA, ShellExecuteA
> shell32.dll: SHGetPathFromIDListA, SHGetMalloc, SHGetDesktopFolder, SHBrowseForFolderA
> comdlg32.dll: GetOpenFileNameA
> kernel32.dll: MulDiv
( 0 exports )
c'est le deuxième fichier(fritivi)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/33 (0%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
AhnLab-V3 2008.7.17.0 2008.07.17 -
AntiVir 7.8.0.68 2008.07.17 -
Authentium 5.1.0.4 2008.07.16 -
Avast 4.8.1195.0 2008.07.17 -
AVG 8.0.0.130 2008.07.17 -
BitDefender 7.2 2008.07.17 -
CAT-QuickHeal 9.50 2008.07.16 -
ClamAV 0.93.1 2008.07.17 -
DrWeb 4.44.0.09170 2008.07.17 -
eSafe 7.0.17.0 2008.07.17 -
eTrust-Vet 31.6.5962 2008.07.17 -
Ewido 4.0 2008.07.17 -
F-Prot 4.4.4.56 2008.07.16 -
F-Secure 7.60.13501.0 2008.07.17 -
Fortinet 3.14.0.0 2008.07.17 -
GData 2.0.7306.1023 2008.07.17 -
Ikarus T3.1.1.34.0 2008.07.17 -
Kaspersky 7.0.0.125 2008.07.17 -
McAfee 5340 2008.07.16 -
Microsoft 1.3704 2008.07.17 -
NOD32v2 3276 2008.07.17 -
Norman 5.80.02 2008.07.16 -
Panda 9.0.0.4 2008.07.16 -
Prevx1 V2 2008.07.17 -
Rising 20.53.32.00 2008.07.17 -
Sophos 4.31.0 2008.07.17 -
Sunbelt 3.1.1536.1 2008.07.17 -
Symantec 10 2008.07.17 -
TheHacker 6.2.96.381 2008.07.16 -
TrendMicro 8.700.0.1004 2008.07.17 -
VBA32 3.12.8.0 2008.07.17 -
VirusBuster 4.5.11.0 2008.07.16 -
Webwasher-Gateway 6.6.2 2008.07.17 -
Additional information
File size: 1255936 bytes
MD5...: 9f818d74e2e9869b8f3d23f51055f247
SHA1..: 7647d69d26de5873aefc0e43a5e7908c9d117d40
SHA256: e1e85df88bb1fe87951261e0e964e6a7cab5b6795bfc6f1fc44924c37664ec57
SHA512: 1f6ea9f421013fdd989efbaf7ca1f89b37e5a1dd3dcabd532114efc4ebedd5ba
896418536fd481b277a5bd9efc3e061813d364fe1b91d13667aa39468b124ec7
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x4d01a8
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)
( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0xcf300 0xcf400 6.53 8622e4709f0af7c8815199e372670621
DATA 0xd1000 0x3120 0x3200 5.02 e97b6ec8fcfa82b02e0b06404cd8380f
BSS 0xd5000 0x1ded 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0xd7000 0x2b88 0x2c00 5.02 87b9373f435d95b5a3e410deab1cfda3
.tls 0xda000 0x10 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0xdb000 0x18 0x200 0.20 7b00eb98e642fbbf88d1dfaa1e0a40ed
.reloc 0xdc000 0xe284 0xe400 6.63 4ec386d399b2d5e9ffa43145b9870333
.rsrc 0xeb000 0x4ee00 0x4ee00 5.56 c82361011e21b958362e2292acbb4b52
( 19 imports )
> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, ExitThread, CreateThread, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle
> user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA
> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
> oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen
> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges
> kernel32.dll: lstrcpyA, WritePrivateProfileStringA, WriteFile, WaitForSingleObject, VirtualQuery, VirtualAlloc, UnmapViewOfFile, TerminateProcess, Sleep, SizeofResource, SetWaitableTimer, SetThreadLocale, SetSystemPowerState, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, ReleaseSemaphore, ReadFile, QueryPerformanceFrequency, QueryPerformanceCounter, OpenSemaphoreA, MultiByteToWideChar, MulDiv, MoveFileA, MapViewOfFile, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalSize, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetUserDefaultLCID, GetTimeZoneInformation, GetTickCount, GetThreadLocale, GetTempPathA, GetSystemInfo, GetStringTypeExA, GetStdHandle, GetProcessTimes, GetProcAddress, GetPrivateProfileStringA, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFileSize, GetFileAttributesA, GetExitCodeThread, GetDiskFreeSpaceExA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCurrentProcess, GetComputerNameA, GetCPInfo, GetACP, FreeResource, InterlockedExchange, FreeLibrary, FormatMessageA, FindResourceA, FindNextFileA, FindNextChangeNotification, FindFirstFileA, FindFirstChangeNotificationA, FindCloseChangeNotification, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, DeleteFileA, DeleteCriticalSection, CreateWaitableTimerA, CreateThread, CreateSemaphoreA, CreateProcessA, CreateFileMappingA, CreateFileA, CreateEventA, CreateDirectoryA, CompareStringA, CloseHandle, CancelWaitableTimer
> version.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
> gdi32.dll: UnrealizeObject, StretchBlt, SetWindowOrgEx, SetWindowExtEx, SetWinMetaFileBits, SetViewportOrgEx, SetViewportExtEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetMapMode, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SelectClipRgn, SaveDC, RoundRect, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, PolyPolyline, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, LPtoDP, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileDescriptionA, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipRgn, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExtTextOutA, ExtCreatePen, ExcludeClipRect, Ellipse, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreateRectRgn, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateEnhMetaFileA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, CloseEnhMetaFile, BitBlt
> user32.dll: WindowFromPoint, WinHelpA, WaitMessage, ValidateRect, UpdateWindow, UnregisterClassA, UnionRect, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetMenuItemInfoA, SetMenu, SetKeyboardState, SetForegroundWindow, SetFocus, SetCursor, SetClipboardData, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindowEx, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OpenClipboard, OffsetRect, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, IsCharAlphaNumericA, IsCharAlphaA, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessageTime, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDoubleClickTime, GetDlgItem, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCaretPos, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, ExitWindowsEx, EqualRect, EnumWindows, EnumThreadWindows, EnumClipboardFormats, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreateWindowExA, CreatePopupMenu, CreateMenu, CreateIcon, CloseClipboard, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, AdjustWindowRectEx, ActivateKeyboardLayout
> kernel32.dll: Sleep
> oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayRedim, SafeArrayCreate, VariantChangeTypeEx, VariantCopyInd, VariantCopy, VariantClear, VariantInit
> ole32.dll: CreateStreamOnHGlobal, IsAccelerator, OleDraw, OleSetMenuDescriptor, CoTaskMemFree, ProgIDFromCLSID, StringFromCLSID, CoCreateInstance, CoGetClassObject, CoUninitialize, CoInitialize, IsEqualGUID
> oleaut32.dll: GetErrorInfo, GetActiveObject, SysFreeString
> comctl32.dll: ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommonControls
> shell32.dll: Shell_NotifyIconA, ShellExecuteA
> shell32.dll: SHGetPathFromIDListA, SHGetMalloc, SHGetDesktopFolder, SHBrowseForFolderA
> comdlg32.dll: GetOpenFileNameA
> kernel32.dll: MulDiv
( 0 exports )
c'est le deuxième fichier(fritivi)
Je m'en doutais un peu ... Rien la dessus :-/
passons à autre chose :
Télécharge OAD ( par !aur3n7) : http://sosvirus.changelog.fr/OAD.exe
----> Enregistre le sur ton bureau .
Double clique sur l'icone OAD pour le lancer
- nom du fichier à rechercher --->tape ou fais un copier coller de : projet aquilas
- Type de recherche : sélectionne l'option 6 puis valide ["entrée"]
OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ait terminé.
Le rapport de recherche s'affichera automatiquement à l’écran dès qu'il aura terminé.
Note : suivant la taille des disques durs cette recherche peut prendre plusieurs minutes. Sois patient ...
- Sauvegardes ce rapport sur ton Bureau et fais un copier / coller de celui-c dans ton prochain post.
passons à autre chose :
Télécharge OAD ( par !aur3n7) : http://sosvirus.changelog.fr/OAD.exe
----> Enregistre le sur ton bureau .
Double clique sur l'icone OAD pour le lancer
- nom du fichier à rechercher --->tape ou fais un copier coller de : projet aquilas
- Type de recherche : sélectionne l'option 6 puis valide ["entrée"]
OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ait terminé.
Le rapport de recherche s'affichera automatiquement à l’écran dès qu'il aura terminé.
Note : suivant la taille des disques durs cette recherche peut prendre plusieurs minutes. Sois patient ...
- Sauvegardes ce rapport sur ton Bureau et fais un copier / coller de celui-c dans ton prochain post.
salut.excuse de ne pas l'avoir fait hier j'avais un probleme de serveur.voici le rapport
18/07/2008 ---- 14:18:08,79
----------------------------------
§§§§§§ [projet aquilas ] §§§§§§
----------------------------------
[X] Registre
-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete
********************
[Registre]
********************
Aucune entrée détectée
*******************
[Fichier]
*******************
*********************
[Même date]
*********************
Aucun fichier créé à la même date détecté
Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------
18/07/2008 ---- 14:18:08,79
----------------------------------
§§§§§§ [projet aquilas ] §§§§§§
----------------------------------
[X] Registre
-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete
********************
[Registre]
********************
Aucune entrée détectée
*******************
[Fichier]
*******************
*********************
[Même date]
*********************
Aucun fichier créé à la même date détecté
Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------
Bon cela n'a rien donner ... :-( ...
On va s'occuper du reste et on verra cela après :
Télécharges ToolBar S&D ( de Eric_71 ) :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
( Tuto : https://sites.google.com/site/toolbarsd/aideenimages )
!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!
* double-cliques sur l'.exe pour lancer l'installe et laisses toi guider ...
* Une fois fait, cliques sur le raccourci créé sur ton bureau pour lancer l'outil .
* Choisis l'option 1 ( "recherche") et tapes "entrée" .
* Une fois le scan finit , un rapport va apparaître, copie/colles l'intégralité
de son contenu dans ta prochaine réponse ...
( le rapport est en outre sauvegardé ici -> C:\TB.txt )
On va s'occuper du reste et on verra cela après :
Télécharges ToolBar S&D ( de Eric_71 ) :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
( Tuto : https://sites.google.com/site/toolbarsd/aideenimages )
!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!
* double-cliques sur l'.exe pour lancer l'installe et laisses toi guider ...
* Une fois fait, cliques sur le raccourci créé sur ton bureau pour lancer l'outil .
* Choisis l'option 1 ( "recherche") et tapes "entrée" .
* Une fois le scan finit , un rapport va apparaître, copie/colles l'intégralité
de son contenu dans ta prochaine réponse ...
( le rapport est en outre sauvegardé ici -> C:\TB.txt )
-----------\\ ToolBar S&D 1.0.5 XP/Vista
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : manlan 1 ] [ "E:\Toolbar SD" ] [ Selection : 1 ]
[ 18/07/2008 | 17:27:09,12 ] [ PC : MANLAN ]
[ MAJ : 16-07-2008 | 1:40 ]
-----------\\ Recherche de Fichiers / Dossiers ...
E:\Program Files\AskSBar
E:\Program Files\AskSBar\bar
E:\Program Files\AskSBar\SrchAstt
E:\Program Files\AskTBar
E:\Program Files\AskTBar\bar
E:\Program Files\AskTBar\PopSwatr
E:\Program Files\Crawler
E:\Program Files\Crawler\Download
E:\Program Files\Crawler\Toolbar
E:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Crawler Toolbar
\...\{635abd67-4fe9-1b23-4f01-e679fa7484c1} - (ytoolbar)
-----------\\ Extensions
(manlan 1) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(manlan 1) - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} => mybabylon
(manlan 1) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="E:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://fr.yahoo.com/"
-----------\\ Fin du rapport a 17:28:16,50
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : manlan 1 ] [ "E:\Toolbar SD" ] [ Selection : 1 ]
[ 18/07/2008 | 17:27:09,12 ] [ PC : MANLAN ]
[ MAJ : 16-07-2008 | 1:40 ]
-----------\\ Recherche de Fichiers / Dossiers ...
E:\Program Files\AskSBar
E:\Program Files\AskSBar\bar
E:\Program Files\AskSBar\SrchAstt
E:\Program Files\AskTBar
E:\Program Files\AskTBar\bar
E:\Program Files\AskTBar\PopSwatr
E:\Program Files\Crawler
E:\Program Files\Crawler\Download
E:\Program Files\Crawler\Toolbar
E:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Crawler Toolbar
\...\{635abd67-4fe9-1b23-4f01-e679fa7484c1} - (ytoolbar)
-----------\\ Extensions
(manlan 1) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(manlan 1) - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} => mybabylon
(manlan 1) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="E:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://fr.yahoo.com/"
-----------\\ Fin du rapport a 17:28:16,50
Nettoyage avec ToolBar S&D :
!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!
Relances Toolbar-S&D en double-cliquant sur le raccourci.
-->Tapes sur l'option 2 ( "nettoyage" ) puis tapes sur "Entrée".
Note : ne touches à rien lors de la suppression !
Un rapport sera généré à la fin du processus : postes son contenu dans ta prochaine réponse
accompagné d'un nouveau rapport hijackthis pour analyse ...
( PS : Si ton Bureau ne réapparait pas, appuies simultanément sur "Ctrl+Alt+Supp"r pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tapes explorer puis valides ... )
!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!
Relances Toolbar-S&D en double-cliquant sur le raccourci.
-->Tapes sur l'option 2 ( "nettoyage" ) puis tapes sur "Entrée".
Note : ne touches à rien lors de la suppression !
Un rapport sera généré à la fin du processus : postes son contenu dans ta prochaine réponse
accompagné d'un nouveau rapport hijackthis pour analyse ...
( PS : Si ton Bureau ne réapparait pas, appuies simultanément sur "Ctrl+Alt+Supp"r pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tapes explorer puis valides ... )
rapport de toolbar s&d
-----------\\ ToolBar S&D 1.0.5 XP/Vista
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : manlan 1 ] [ "E:\Toolbar SD" ] [ Selection : 2 ]
[ 18/07/2008 | 17:46:23,78 ] [ PC : MANLAN ]
[ MAJ : 16-07-2008 | 1:40 ]
-----------\\ SUPPRESSION
Supprime! - E:\Program Files\AskSBar\bar
Supprime! - E:\Program Files\AskSBar\SrchAstt
Supprime! - E:\Program Files\AskTBar\bar
Supprime! - E:\Program Files\AskTBar\PopSwatr
Supprime! - E:\Program Files\Crawler\Download
Supprime! - E:\Program Files\Crawler\Toolbar
Supprime! - E:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Crawler Toolbar
Supprime! - E:\Program Files\AskSBar
Supprime! - E:\Program Files\AskTBar
Supprime! - E:\Program Files\Crawler
Supprime! - E:\DOCUME~1\MANLAN~1\APPLIC~1\Mozilla\Firefox\Profiles\JVALPF~1.DEF\EXTENS~1\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ Extensions
(manlan 1) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(manlan 1) - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} => mybabylon
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="E:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://fr.yahoo.com/"
-----------\\ Fin du rapport a 17:47:40,31
-----------\\ ToolBar S&D 1.0.5 XP/Vista
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : manlan 1 ] [ "E:\Toolbar SD" ] [ Selection : 2 ]
[ 18/07/2008 | 17:46:23,78 ] [ PC : MANLAN ]
[ MAJ : 16-07-2008 | 1:40 ]
-----------\\ SUPPRESSION
Supprime! - E:\Program Files\AskSBar\bar
Supprime! - E:\Program Files\AskSBar\SrchAstt
Supprime! - E:\Program Files\AskTBar\bar
Supprime! - E:\Program Files\AskTBar\PopSwatr
Supprime! - E:\Program Files\Crawler\Download
Supprime! - E:\Program Files\Crawler\Toolbar
Supprime! - E:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Crawler Toolbar
Supprime! - E:\Program Files\AskSBar
Supprime! - E:\Program Files\AskTBar
Supprime! - E:\Program Files\Crawler
Supprime! - E:\DOCUME~1\MANLAN~1\APPLIC~1\Mozilla\Firefox\Profiles\JVALPF~1.DEF\EXTENS~1\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ Extensions
(manlan 1) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(manlan 1) - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} => mybabylon
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="E:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://fr.yahoo.com/"
-----------\\ Fin du rapport a 17:47:40,31
rapport de l'analyse de hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:50:10, on 18/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\SYSTEM32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
E:\WINDOWS\system32\IoctlSvc.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\UTSCSI.EXE
E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
E:\Program Files\Winamp\winampa.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\AGRSMMSG.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
E:\Program Files\BearShare\BearShare.exe
E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
E:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\program files\topthemesxp\txp.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\WINDOWS\system32\WgaTray.exe
E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
E:\Program Files\Fritivi\fritivi_recorder.exe
E:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
E:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
E:\Program Files\Windows Live\Messenger\usnsvc.exe
E:\Program Files\Netscape\Navigator 9\navigator.exe
E:\Program Files\Thomson\SpeedTouch USB\stdialup.exe
E:\WINDOWS\explorer.exe
E:\WINDOWS\system32\NOTEPAD.EXE
E:\Program Files\Trend Micro\HijackThis\monjack.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.net-studio.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.speedbit.com/FinishInstall.asp?V=8.0.3.9&MDD=A&EDB=&ASU=A
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - E:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
R3 - URLSearchHook: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - E:\ExploreExtPDF.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - E:\Program Files\Windows Live\Contrôle parental\fssbho.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {706A12C8-039C-4BC0-8A92-04C1A6373066} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {F3AEF888-A3E2-44EB-BD85-F0C85BA7673F} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - E:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - E:\ExploreExtPDF.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - E:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [fssui] "E:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SweetIM] E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [BearShare] "E:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [TXP] e:\program files\topthemesxp\txp.exe
O4 - HKLM\..\Run: [Babylon Client] E:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SweetIM] E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] ~"E:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [] E:\WINDOWS\system32\drivers\projet aquilas
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: $«$r.lnk = ?
O4 - Startup: +¦{ÔM_«Þ.lnk = ?
O4 - Startup: ampli_op1.php.lnk = ?
O4 - Startup: AVANT PROPOS.lnk = ?
O4 - Startup: BLANCHESSERIE.lnk = ?
O4 - Startup: courier medel.lnk = ?
O4 - Startup: desktop.lnk = ?
O4 - Startup: DOC 2.lnk = ?
O4 - Startup: EQUATIONS D'ACTIVATIO ET DE DESACTIVATION.lnk = ?
O4 - Startup: MEMBRES DU BUREAU IPJ 2008-2009.lnk = ?
O4 - Startup: projet aquilas.lnk = ?
O4 - Startup: RocketDock.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TICHET.lnk = ?
O4 - Startup: TransBar.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Fritivi Recorder.lnk = E:\Program Files\Fritivi\fritivi_recorder.exe
O8 - Extra context menu item: &Windows Live Search - res://E:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://E:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC7595AF-AFD5-40F5-94D8-409AA617B579}: NameServer = 213.136.96.2 213.136.96.37
O20 - AppInit_DLLs: E:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O20 - Winlogon Notify: hgGabBtU - hgGabBtU.dll (file missing)
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - E:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Usbest Service Zero (UTSCSI) - USBest - E:\WINDOWS\system32\UTSCSI.EXE
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:50:10, on 18/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\SYSTEM32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
E:\WINDOWS\system32\IoctlSvc.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\UTSCSI.EXE
E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
E:\Program Files\Winamp\winampa.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\AGRSMMSG.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
E:\Program Files\BearShare\BearShare.exe
E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
E:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\program files\topthemesxp\txp.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\WINDOWS\system32\WgaTray.exe
E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
E:\Program Files\Fritivi\fritivi_recorder.exe
E:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
E:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
E:\Program Files\Windows Live\Messenger\usnsvc.exe
E:\Program Files\Netscape\Navigator 9\navigator.exe
E:\Program Files\Thomson\SpeedTouch USB\stdialup.exe
E:\WINDOWS\explorer.exe
E:\WINDOWS\system32\NOTEPAD.EXE
E:\Program Files\Trend Micro\HijackThis\monjack.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.net-studio.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.speedbit.com/FinishInstall.asp?V=8.0.3.9&MDD=A&EDB=&ASU=A
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - E:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
R3 - URLSearchHook: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - E:\ExploreExtPDF.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - E:\Program Files\Windows Live\Contrôle parental\fssbho.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {706A12C8-039C-4BC0-8A92-04C1A6373066} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {F3AEF888-A3E2-44EB-BD85-F0C85BA7673F} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - E:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - E:\ExploreExtPDF.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - E:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [fssui] "E:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SweetIM] E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [BearShare] "E:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [TXP] e:\program files\topthemesxp\txp.exe
O4 - HKLM\..\Run: [Babylon Client] E:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SweetIM] E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] ~"E:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [] E:\WINDOWS\system32\drivers\projet aquilas
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: $«$r.lnk = ?
O4 - Startup: +¦{ÔM_«Þ.lnk = ?
O4 - Startup: ampli_op1.php.lnk = ?
O4 - Startup: AVANT PROPOS.lnk = ?
O4 - Startup: BLANCHESSERIE.lnk = ?
O4 - Startup: courier medel.lnk = ?
O4 - Startup: desktop.lnk = ?
O4 - Startup: DOC 2.lnk = ?
O4 - Startup: EQUATIONS D'ACTIVATIO ET DE DESACTIVATION.lnk = ?
O4 - Startup: MEMBRES DU BUREAU IPJ 2008-2009.lnk = ?
O4 - Startup: projet aquilas.lnk = ?
O4 - Startup: RocketDock.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TICHET.lnk = ?
O4 - Startup: TransBar.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Fritivi Recorder.lnk = E:\Program Files\Fritivi\fritivi_recorder.exe
O8 - Extra context menu item: &Windows Live Search - res://E:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://E:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC7595AF-AFD5-40F5-94D8-409AA617B579}: NameServer = 213.136.96.2 213.136.96.37
O20 - AppInit_DLLs: E:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O20 - Winlogon Notify: hgGabBtU - hgGabBtU.dll (file missing)
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - E:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Usbest Service Zero (UTSCSI) - USBest - E:\WINDOWS\system32\UTSCSI.EXE
Peux tu refaire ce-ci :
Nettoyage avec ToolBar S&D en mode sans échec :
Redémarrer l'ordinateur en mode sans échec .
Comment aller en Mode sans échec
1) Redémarre ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur (si besoin ... )
( ps : n'oublies pas , en mode sans échec , pas de connexion ! Donc copies ou imprimes bien les info ci-dessous ...)
Relances Toolbar-S&D en double-cliquant sur le raccourci.
-->Tapes sur l'option 2 ( "nettoyage" ) puis tapes sur "Entrée".
Note : ne touches à rien lors de la suppression !
Un rapport sera généré à la fin du processus : Sauvegardes le de façon à le retrouvé
Redémarres ton PC ( retoure mode normale )
Poste le rapport sauvegardé accompagné d'un nouveau rapport hijackthis pour analyse ...
Nettoyage avec ToolBar S&D en mode sans échec :
Redémarrer l'ordinateur en mode sans échec .
Comment aller en Mode sans échec
1) Redémarre ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur (si besoin ... )
( ps : n'oublies pas , en mode sans échec , pas de connexion ! Donc copies ou imprimes bien les info ci-dessous ...)
Relances Toolbar-S&D en double-cliquant sur le raccourci.
-->Tapes sur l'option 2 ( "nettoyage" ) puis tapes sur "Entrée".
Note : ne touches à rien lors de la suppression !
Un rapport sera généré à la fin du processus : Sauvegardes le de façon à le retrouvé
Redémarres ton PC ( retoure mode normale )
Poste le rapport sauvegardé accompagné d'un nouveau rapport hijackthis pour analyse ...
rapport hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:08:16, on 19/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\SYSTEM32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
E:\WINDOWS\system32\IoctlSvc.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\UTSCSI.EXE
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\WgaTray.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
E:\Program Files\Winamp\winampa.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\AGRSMMSG.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
E:\Program Files\BearShare\BearShare.exe
E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
E:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\program files\topthemesxp\txp.exe
E:\Program Files\Babylon\Babylon-Pro\Babylon.exe
E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
E:\Program Files\Fritivi\fritivi_recorder.exe
E:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
E:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
E:\Program Files\Trend Micro\HijackThis\monjack.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.net-studio.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.speedbit.com/FinishInstall.asp?V=8.0.3.9&MDD=A&EDB=&ASU=A
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - E:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
R3 - URLSearchHook: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - E:\ExploreExtPDF.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - E:\Program Files\Windows Live\Contrôle parental\fssbho.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {706A12C8-039C-4BC0-8A92-04C1A6373066} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {F3AEF888-A3E2-44EB-BD85-F0C85BA7673F} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - E:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - E:\ExploreExtPDF.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - E:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [fssui] "E:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SweetIM] E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [BearShare] "E:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [TXP] e:\program files\topthemesxp\txp.exe
O4 - HKLM\..\Run: [Babylon Client] E:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SweetIM] E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] ~"E:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [] E:\WINDOWS\system32\drivers\projet aquilas
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: $«$r.lnk = ?
O4 - Startup: +¦{ÔM_«Þ.lnk = ?
O4 - Startup: ampli_op1.php.lnk = ?
O4 - Startup: AVANT PROPOS.lnk = ?
O4 - Startup: BLANCHESSERIE.lnk = ?
O4 - Startup: courier medel.lnk = ?
O4 - Startup: desktop.lnk = ?
O4 - Startup: DOC 2.lnk = ?
O4 - Startup: EQUATIONS D'ACTIVATIO ET DE DESACTIVATION.lnk = ?
O4 - Startup: MEMBRES DU BUREAU IPJ 2008-2009.lnk = ?
O4 - Startup: projet aquilas.lnk = ?
O4 - Startup: RocketDock.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TICHET.lnk = ?
O4 - Startup: TransBar.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Fritivi Recorder.lnk = E:\Program Files\Fritivi\fritivi_recorder.exe
O8 - Extra context menu item: &Windows Live Search - res://E:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://E:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - AppInit_DLLs: E:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O20 - Winlogon Notify: hgGabBtU - hgGabBtU.dll (file missing)
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - E:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Usbest Service Zero (UTSCSI) - USBest - E:\WINDOWS\system32\UTSCSI.EXE
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:08:16, on 19/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\SYSTEM32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
E:\WINDOWS\system32\IoctlSvc.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\UTSCSI.EXE
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\WgaTray.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
E:\Program Files\Winamp\winampa.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\AGRSMMSG.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
E:\Program Files\BearShare\BearShare.exe
E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
E:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\program files\topthemesxp\txp.exe
E:\Program Files\Babylon\Babylon-Pro\Babylon.exe
E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
E:\Program Files\Fritivi\fritivi_recorder.exe
E:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
E:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
E:\Program Files\Trend Micro\HijackThis\monjack.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.net-studio.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.speedbit.com/FinishInstall.asp?V=8.0.3.9&MDD=A&EDB=&ASU=A
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - E:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
R3 - URLSearchHook: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - E:\ExploreExtPDF.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - E:\Program Files\Windows Live\Contrôle parental\fssbho.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {706A12C8-039C-4BC0-8A92-04C1A6373066} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {F3AEF888-A3E2-44EB-BD85-F0C85BA7673F} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - E:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - E:\ExploreExtPDF.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - E:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [fssui] "E:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SweetIM] E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [BearShare] "E:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [TXP] e:\program files\topthemesxp\txp.exe
O4 - HKLM\..\Run: [Babylon Client] E:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SweetIM] E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] ~"E:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [] E:\WINDOWS\system32\drivers\projet aquilas
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: $«$r.lnk = ?
O4 - Startup: +¦{ÔM_«Þ.lnk = ?
O4 - Startup: ampli_op1.php.lnk = ?
O4 - Startup: AVANT PROPOS.lnk = ?
O4 - Startup: BLANCHESSERIE.lnk = ?
O4 - Startup: courier medel.lnk = ?
O4 - Startup: desktop.lnk = ?
O4 - Startup: DOC 2.lnk = ?
O4 - Startup: EQUATIONS D'ACTIVATIO ET DE DESACTIVATION.lnk = ?
O4 - Startup: MEMBRES DU BUREAU IPJ 2008-2009.lnk = ?
O4 - Startup: projet aquilas.lnk = ?
O4 - Startup: RocketDock.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TICHET.lnk = ?
O4 - Startup: TransBar.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Fritivi Recorder.lnk = E:\Program Files\Fritivi\fritivi_recorder.exe
O8 - Extra context menu item: &Windows Live Search - res://E:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://E:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - AppInit_DLLs: E:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O20 - Winlogon Notify: hgGabBtU - hgGabBtU.dll (file missing)
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - E:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Usbest Service Zero (UTSCSI) - USBest - E:\WINDOWS\system32\UTSCSI.EXE
rapport toolbar s&d
-----------\\ ToolBar S&D 1.0.5 XP/Vista
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : manlan 1 ] [ "E:\Toolbar SD" ] [ Selection : 2 ]
[ 19/07/2008 | 20:00:32,76 ] [ PC : MANLAN ]
[ MAJ : 16-07-2008 | 1:40 ]
-----------\\ SUPPRESSION
Supprime! - E:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ Extensions
(manlan 1) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(manlan 1) - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} => mybabylon
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="E:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://fr.yahoo.com/"
-----------\\ Fin du rapport a 20:02:22,78
-----------\\ ToolBar S&D 1.0.5 XP/Vista
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : manlan 1 ] [ "E:\Toolbar SD" ] [ Selection : 2 ]
[ 19/07/2008 | 20:00:32,76 ] [ PC : MANLAN ]
[ MAJ : 16-07-2008 | 1:40 ]
-----------\\ SUPPRESSION
Supprime! - E:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ Extensions
(manlan 1) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(manlan 1) - {34ea1c70-42cc-42c5-aa29-ec58b95a343e} => mybabylon
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="E:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://fr.yahoo.com/"
-----------\\ Fin du rapport a 20:02:22,78
bien ... fais ce qui suit maintenant pour voir :
Télécharges VirtumundoBegone sur ton bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
!! Ce déconnecter et fermer toute ces applications le temps de la manipe !!
Double cliquer sur VirtumundoBeGone.exe et suivre les instructions.
Une fois terminé, redémarrer le PC, le rapport VBG.TXT sera crée sur le bureau .
(Si un message Ecran bleu "Erreur fatale" apparaît, pas d’inquiétude car c'est normal et attendu).
Postes le rapport VBG accompagné d'un nouveau rapport Hijackthis pour analyse ...
Télécharges VirtumundoBegone sur ton bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
!! Ce déconnecter et fermer toute ces applications le temps de la manipe !!
Double cliquer sur VirtumundoBeGone.exe et suivre les instructions.
Une fois terminé, redémarrer le PC, le rapport VBG.TXT sera crée sur le bureau .
(Si un message Ecran bleu "Erreur fatale" apparaît, pas d’inquiétude car c'est normal et attendu).
Postes le rapport VBG accompagné d'un nouveau rapport Hijackthis pour analyse ...
rapport VBG
[07/20/2008, 21:46:40] - VirtumundoBeGone v1.5 ( "E:\Documents and Settings\manlan 1\Bureau\VirtumundoBeGone.exe" )
[07/20/2008, 21:46:54] - Detected System Information:
[07/20/2008, 21:46:54] - Windows Version: 5.1.2600, Service Pack 2
[07/20/2008, 21:46:54] - Current Username: manlan 1 (Admin)
[07/20/2008, 21:46:54] - Windows is in NORMAL mode.
[07/20/2008, 21:46:54] - Searching for Browser Helper Objects:
[07/20/2008, 21:46:54] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
[07/20/2008, 21:46:54] - BHO 2: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} (Adobe PDF Link Helper)
[07/20/2008, 21:46:54] - BHO 3: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} ()
[07/20/2008, 21:46:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/20/2008, 21:46:54] - No filename found. Continuing.
[07/20/2008, 21:46:54] - BHO 4: {259F616C-A300-44F5-B04A-ED001A26C85C} (SolidConverter PDF)
[07/20/2008, 21:46:54] - BHO 5: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} (Windows Live OneCare Family Safety Browser Helper Class)
[07/20/2008, 21:46:54] - BHO 6: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} (IEVkbdBHO Class)
[07/20/2008, 21:46:54] - BHO 7: {706A12C8-039C-4BC0-8A92-04C1A6373066} ()
[07/20/2008, 21:46:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/20/2008, 21:46:54] - No filename found. Continuing.
[07/20/2008, 21:46:54] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/20/2008, 21:46:54] - BHO 9: {7c5c0f58-e061-457d-9033-77307f5ed00c} (TorrentMan Toolbar)
[07/20/2008, 21:46:54] - BHO 10: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/20/2008, 21:46:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/20/2008, 21:46:54] - No filename found. Continuing.
[07/20/2008, 21:46:54] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[07/20/2008, 21:46:54] - BHO 12: {a6e4a4eb-d169-4e99-8988-250fcbafe767} (isoHunt Toolbar)
[07/20/2008, 21:46:54] - BHO 13: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[07/20/2008, 21:46:54] - BHO 14: {F3AEF888-A3E2-44EB-BD85-F0C85BA7673F} ()
[07/20/2008, 21:46:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/20/2008, 21:46:54] - No filename found. Continuing.
[07/20/2008, 21:46:54] - Finished Searching Browser Helper Objects
[07/20/2008, 21:46:54] - Finishing up...
[07/20/2008, 21:46:54] - Nothing found! Exiting...
[07/20/2008, 21:46:40] - VirtumundoBeGone v1.5 ( "E:\Documents and Settings\manlan 1\Bureau\VirtumundoBeGone.exe" )
[07/20/2008, 21:46:54] - Detected System Information:
[07/20/2008, 21:46:54] - Windows Version: 5.1.2600, Service Pack 2
[07/20/2008, 21:46:54] - Current Username: manlan 1 (Admin)
[07/20/2008, 21:46:54] - Windows is in NORMAL mode.
[07/20/2008, 21:46:54] - Searching for Browser Helper Objects:
[07/20/2008, 21:46:54] - BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} (&Yahoo! Toolbar Helper)
[07/20/2008, 21:46:54] - BHO 2: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} (Adobe PDF Link Helper)
[07/20/2008, 21:46:54] - BHO 3: {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} ()
[07/20/2008, 21:46:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/20/2008, 21:46:54] - No filename found. Continuing.
[07/20/2008, 21:46:54] - BHO 4: {259F616C-A300-44F5-B04A-ED001A26C85C} (SolidConverter PDF)
[07/20/2008, 21:46:54] - BHO 5: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} (Windows Live OneCare Family Safety Browser Helper Class)
[07/20/2008, 21:46:54] - BHO 6: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} (IEVkbdBHO Class)
[07/20/2008, 21:46:54] - BHO 7: {706A12C8-039C-4BC0-8A92-04C1A6373066} ()
[07/20/2008, 21:46:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/20/2008, 21:46:54] - No filename found. Continuing.
[07/20/2008, 21:46:54] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[07/20/2008, 21:46:54] - BHO 9: {7c5c0f58-e061-457d-9033-77307f5ed00c} (TorrentMan Toolbar)
[07/20/2008, 21:46:54] - BHO 10: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[07/20/2008, 21:46:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/20/2008, 21:46:54] - No filename found. Continuing.
[07/20/2008, 21:46:54] - BHO 11: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[07/20/2008, 21:46:54] - BHO 12: {a6e4a4eb-d169-4e99-8988-250fcbafe767} (isoHunt Toolbar)
[07/20/2008, 21:46:54] - BHO 13: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[07/20/2008, 21:46:54] - BHO 14: {F3AEF888-A3E2-44EB-BD85-F0C85BA7673F} ()
[07/20/2008, 21:46:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[07/20/2008, 21:46:54] - No filename found. Continuing.
[07/20/2008, 21:46:54] - Finished Searching Browser Helper Objects
[07/20/2008, 21:46:54] - Finishing up...
[07/20/2008, 21:46:54] - Nothing found! Exiting...
rapport hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:50:44, on 20/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\SYSTEM32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
E:\WINDOWS\system32\IoctlSvc.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\UTSCSI.EXE
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\WgaTray.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
E:\Program Files\Winamp\winampa.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\AGRSMMSG.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
E:\Program Files\BearShare\BearShare.exe
E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
E:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\program files\topthemesxp\txp.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
E:\Program Files\Fritivi\fritivi_recorder.exe
E:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
E:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
E:\Program Files\Trend Micro\HijackThis\monjack.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.net-studio.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.speedbit.com/FinishInstall.asp?V=8.0.3.9&MDD=A&EDB=&ASU=A
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - E:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
R3 - URLSearchHook: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - E:\ExploreExtPDF.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - E:\Program Files\Windows Live\Contrôle parental\fssbho.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {706A12C8-039C-4BC0-8A92-04C1A6373066} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {F3AEF888-A3E2-44EB-BD85-F0C85BA7673F} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - E:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - E:\ExploreExtPDF.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - E:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [fssui] "E:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SweetIM] E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [BearShare] "E:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [TXP] e:\program files\topthemesxp\txp.exe
O4 - HKLM\..\Run: [Babylon Client] E:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SweetIM] E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] ~"E:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [] E:\WINDOWS\system32\drivers\projet aquilas
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: $«$r.lnk = ?
O4 - Startup: +¦{ÔM_«Þ.lnk = ?
O4 - Startup: ampli_op1.php.lnk = ?
O4 - Startup: AVANT PROPOS.lnk = ?
O4 - Startup: BLANCHESSERIE.lnk = ?
O4 - Startup: courier medel.lnk = ?
O4 - Startup: desktop.lnk = ?
O4 - Startup: DOC 2.lnk = ?
O4 - Startup: EQUATIONS D'ACTIVATIO ET DE DESACTIVATION.lnk = ?
O4 - Startup: MEMBRES DU BUREAU IPJ 2008-2009.lnk = ?
O4 - Startup: projet aquilas.lnk = ?
O4 - Startup: RocketDock.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TICHET.lnk = ?
O4 - Startup: TransBar.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Fritivi Recorder.lnk = E:\Program Files\Fritivi\fritivi_recorder.exe
O8 - Extra context menu item: &Windows Live Search - res://E:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://E:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - AppInit_DLLs: E:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O20 - Winlogon Notify: hgGabBtU - hgGabBtU.dll (file missing)
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - E:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Usbest Service Zero (UTSCSI) - USBest - E:\WINDOWS\system32\UTSCSI.EXE
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:50:44, on 20/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\SYSTEM32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
E:\WINDOWS\system32\IoctlSvc.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\UTSCSI.EXE
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\WgaTray.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
E:\Program Files\Winamp\winampa.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\AGRSMMSG.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
E:\Program Files\BearShare\BearShare.exe
E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
E:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\program files\topthemesxp\txp.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
E:\Program Files\Fritivi\fritivi_recorder.exe
E:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
E:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
E:\Program Files\Trend Micro\HijackThis\monjack.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.net-studio.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.speedbit.com/FinishInstall.asp?V=8.0.3.9&MDD=A&EDB=&ASU=A
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - E:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
R3 - URLSearchHook: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - E:\ExploreExtPDF.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - E:\Program Files\Windows Live\Contrôle parental\fssbho.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {706A12C8-039C-4BC0-8A92-04C1A6373066} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {F3AEF888-A3E2-44EB-BD85-F0C85BA7673F} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - E:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - E:\ExploreExtPDF.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - E:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [fssui] "E:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SweetIM] E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [BearShare] "E:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [TXP] e:\program files\topthemesxp\txp.exe
O4 - HKLM\..\Run: [Babylon Client] E:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SweetIM] E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] ~"E:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [] E:\WINDOWS\system32\drivers\projet aquilas
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: $«$r.lnk = ?
O4 - Startup: +¦{ÔM_«Þ.lnk = ?
O4 - Startup: ampli_op1.php.lnk = ?
O4 - Startup: AVANT PROPOS.lnk = ?
O4 - Startup: BLANCHESSERIE.lnk = ?
O4 - Startup: courier medel.lnk = ?
O4 - Startup: desktop.lnk = ?
O4 - Startup: DOC 2.lnk = ?
O4 - Startup: EQUATIONS D'ACTIVATIO ET DE DESACTIVATION.lnk = ?
O4 - Startup: MEMBRES DU BUREAU IPJ 2008-2009.lnk = ?
O4 - Startup: projet aquilas.lnk = ?
O4 - Startup: RocketDock.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TICHET.lnk = ?
O4 - Startup: TransBar.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Fritivi Recorder.lnk = E:\Program Files\Fritivi\fritivi_recorder.exe
O8 - Extra context menu item: &Windows Live Search - res://E:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://E:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - AppInit_DLLs: E:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O20 - Winlogon Notify: hgGabBtU - hgGabBtU.dll (file missing)
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - E:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Usbest Service Zero (UTSCSI) - USBest - E:\WINDOWS\system32\UTSCSI.EXE
Salut .
Bon ...continuons :
Télécharges MalwareByte's :
ici ftp://ftp.commentcamarche.com/download/mbam-setup.exe
ou ici : http://www.malwarebytes.org/mbam.php
Installes le ( choisis bien "francais" ; ne modifies pas les paramètres d'installe ) et mets le à jour .
Potasses le tuto pour te familiariser avec le prg : https://forum.pcastuces.com/sujet.asp?f=31&s=3
( cela dis, il est très simple d'utilisation ).
Impératif : redémarres en mode sans échec :
Comment aller en Mode sans échec
1) Redémarres ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur (si besoin ... )
(attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreurs ...)
Lances Malwarebyte's .
Fais un scan dit "complet" ( sélectionnes bien tout tes disks avant le scan ) et supprimes tout ce qu'il peut trouver :
--->une fois le scan terminé , click sur "résultat" : puis vérifies que tous les objets infectés soient validés, puis click sur " suppression " .
Redémarres ton PC ( mode normal ).
Postes le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes) accompagné d'un nouvel hijackthis ( fait en mode normal ) ...
Bon ...continuons :
Télécharges MalwareByte's :
ici ftp://ftp.commentcamarche.com/download/mbam-setup.exe
ou ici : http://www.malwarebytes.org/mbam.php
Installes le ( choisis bien "francais" ; ne modifies pas les paramètres d'installe ) et mets le à jour .
Potasses le tuto pour te familiariser avec le prg : https://forum.pcastuces.com/sujet.asp?f=31&s=3
( cela dis, il est très simple d'utilisation ).
Impératif : redémarres en mode sans échec :
Comment aller en Mode sans échec
1) Redémarres ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur (si besoin ... )
(attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreurs ...)
Lances Malwarebyte's .
Fais un scan dit "complet" ( sélectionnes bien tout tes disks avant le scan ) et supprimes tout ce qu'il peut trouver :
--->une fois le scan terminé , click sur "résultat" : puis vérifies que tous les objets infectés soient validés, puis click sur " suppression " .
Redémarres ton PC ( mode normal ).
Postes le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes) accompagné d'un nouvel hijackthis ( fait en mode normal ) ...
salut voici le rapport malwarebytes
Malwarebytes' Anti-Malware 1.21
Version de la base de données: 971
Windows 5.1.2600 Service Pack 2
06:10:23 21/07/2008
mbam-log-7-21-2008 (06-10-23).txt
Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 192795
Temps écoulé: 3 hour(s), 44 minute(s), 2 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 11
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 19
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f3aef888-a3e2-44eb-bd85-f0c85ba7673f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f3aef888-a3e2-44eb-bd85-f0c85ba7673f} (Trojan.Vundo) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
E:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.
E:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
D:\System Volume Information\_restore{65361C1D-046D-4FFF-9769-DDDEB922702E}\RP196\A0290461.exe (Adware.BHO) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{65361C1D-046D-4FFF-9769-DDDEB922702E}\RP208\A0327112.exe (Adware.BHO) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{65361C1D-046D-4FFF-9769-DDDEB922702E}\RP210\A0334138.exe (Adware.BHO) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{65361C1D-046D-4FFF-9769-DDDEB922702E}\RP213\A0338594.exe (Adware.BHO) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{65361C1D-046D-4FFF-9769-DDDEB922702E}\RP218\A0362073.exe (Adware.BHO) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{65361C1D-046D-4FFF-9769-DDDEB922702E}\RP224\A0365366.exe (Adware.BHO) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{65361C1D-046D-4FFF-9769-DDDEB922702E}\RP225\A0365420.exe (Adware.BHO) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{65361C1D-046D-4FFF-9769-DDDEB922702E}\RP226\A0367448.exe (Adware.BHO) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{65361C1D-046D-4FFF-9769-DDDEB922702E}\RP228\A0369518.exe (Adware.BHO) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{65361C1D-046D-4FFF-9769-DDDEB922702E}\RP231\A0371779.exe (Adware.BHO) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{65361C1D-046D-4FFF-9769-DDDEB922702E}\RP232\A0372014.exe (Adware.BHO) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\k11351623776.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> Quarantined and deleted successfully.
D:\WINDOWS\Temp\aupd.exe (Adware.Agent) -> Quarantined and deleted successfully.
E:\Documents and Settings\manlan 1\Bureau\OAD.exe (Adware.Agent) -> Quarantined and deleted successfully.
E:\WINDOWS\BMa3c94f3a.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\BMa3c94f3a.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\Documents and Settings\manlan 1\Application Data\urlredir.cfg (Adware.RightOnAds) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.21
Version de la base de données: 971
Windows 5.1.2600 Service Pack 2
06:10:23 21/07/2008
mbam-log-7-21-2008 (06-10-23).txt
Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 192795
Temps écoulé: 3 hour(s), 44 minute(s), 2 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 11
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 19
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f3aef888-a3e2-44eb-bd85-f0c85ba7673f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f3aef888-a3e2-44eb-bd85-f0c85ba7673f} (Trojan.Vundo) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
E:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.
E:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
D:\System Volume Information\_restore{65361C1D-046D-4FFF-9769-DDDEB922702E}\RP196\A0290461.exe (Adware.BHO) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{65361C1D-046D-4FFF-9769-DDDEB922702E}\RP208\A0327112.exe (Adware.BHO) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{65361C1D-046D-4FFF-9769-DDDEB922702E}\RP210\A0334138.exe (Adware.BHO) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{65361C1D-046D-4FFF-9769-DDDEB922702E}\RP213\A0338594.exe (Adware.BHO) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{65361C1D-046D-4FFF-9769-DDDEB922702E}\RP218\A0362073.exe (Adware.BHO) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{65361C1D-046D-4FFF-9769-DDDEB922702E}\RP224\A0365366.exe (Adware.BHO) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{65361C1D-046D-4FFF-9769-DDDEB922702E}\RP225\A0365420.exe (Adware.BHO) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{65361C1D-046D-4FFF-9769-DDDEB922702E}\RP226\A0367448.exe (Adware.BHO) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{65361C1D-046D-4FFF-9769-DDDEB922702E}\RP228\A0369518.exe (Adware.BHO) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{65361C1D-046D-4FFF-9769-DDDEB922702E}\RP231\A0371779.exe (Adware.BHO) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{65361C1D-046D-4FFF-9769-DDDEB922702E}\RP232\A0372014.exe (Adware.BHO) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\k11351623776.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> Quarantined and deleted successfully.
D:\WINDOWS\Temp\aupd.exe (Adware.Agent) -> Quarantined and deleted successfully.
E:\Documents and Settings\manlan 1\Bureau\OAD.exe (Adware.Agent) -> Quarantined and deleted successfully.
E:\WINDOWS\BMa3c94f3a.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\BMa3c94f3a.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\Documents and Settings\manlan 1\Application Data\urlredir.cfg (Adware.RightOnAds) -> Quarantined and deleted successfully.
rapport hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:04:33, on 21/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\SYSTEM32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
E:\WINDOWS\system32\IoctlSvc.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\UTSCSI.EXE
E:\WINDOWS\system32\WgaTray.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
E:\Program Files\Winamp\winampa.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\AGRSMMSG.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
E:\Program Files\BearShare\BearShare.exe
E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
E:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\program files\topthemesxp\txp.exe
E:\Program Files\Babylon\Babylon-Pro\Babylon.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
E:\Program Files\Fritivi\fritivi_recorder.exe
E:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
E:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
E:\Program Files\Windows Live\Messenger\usnsvc.exe
E:\Program Files\Trend Micro\HijackThis\monjack.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.net-studio.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.speedbit.com/FinishInstall.asp?V=8.0.3.9&MDD=A&EDB=&ASU=A
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - E:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
R3 - URLSearchHook: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - E:\ExploreExtPDF.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - E:\Program Files\Windows Live\Contrôle parental\fssbho.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {706A12C8-039C-4BC0-8A92-04C1A6373066} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - E:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - E:\ExploreExtPDF.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - E:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [fssui] "E:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SweetIM] E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [BearShare] "E:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [TXP] e:\program files\topthemesxp\txp.exe
O4 - HKLM\..\Run: [Babylon Client] E:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SweetIM] E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] ~"E:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [] E:\WINDOWS\system32\drivers\projet aquilas
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: $«$r.lnk = ?
O4 - Startup: +¦{ÔM_«Þ.lnk = ?
O4 - Startup: ampli_op1.php.lnk = ?
O4 - Startup: AVANT PROPOS.lnk = ?
O4 - Startup: BLANCHESSERIE.lnk = ?
O4 - Startup: courier medel.lnk = ?
O4 - Startup: desktop.lnk = ?
O4 - Startup: DOC 2.lnk = ?
O4 - Startup: EQUATIONS D'ACTIVATIO ET DE DESACTIVATION.lnk = ?
O4 - Startup: MEMBRES DU BUREAU IPJ 2008-2009.lnk = ?
O4 - Startup: projet aquilas.lnk = ?
O4 - Startup: RocketDock.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TICHET.lnk = ?
O4 - Startup: TransBar.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Fritivi Recorder.lnk = E:\Program Files\Fritivi\fritivi_recorder.exe
O8 - Extra context menu item: &Windows Live Search - res://E:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://E:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - AppInit_DLLs: E:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O20 - Winlogon Notify: hgGabBtU - hgGabBtU.dll (file missing)
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - E:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Usbest Service Zero (UTSCSI) - USBest - E:\WINDOWS\system32\UTSCSI.EXE
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:04:33, on 21/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\SYSTEM32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
E:\WINDOWS\system32\IoctlSvc.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\UTSCSI.EXE
E:\WINDOWS\system32\WgaTray.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
E:\Program Files\Winamp\winampa.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\AGRSMMSG.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
E:\Program Files\BearShare\BearShare.exe
E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
E:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\program files\topthemesxp\txp.exe
E:\Program Files\Babylon\Babylon-Pro\Babylon.exe
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
E:\Program Files\Fritivi\fritivi_recorder.exe
E:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
E:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
E:\Program Files\Windows Live\Messenger\usnsvc.exe
E:\Program Files\Trend Micro\HijackThis\monjack.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.net-studio.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.speedbit.com/FinishInstall.asp?V=8.0.3.9&MDD=A&EDB=&ASU=A
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - E:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
R3 - URLSearchHook: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - E:\ExploreExtPDF.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - E:\Program Files\Windows Live\Contrôle parental\fssbho.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {706A12C8-039C-4BC0-8A92-04C1A6373066} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - E:\Program Files\isoHunt\tbisoH.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - E:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - E:\ExploreExtPDF.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - E:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - E:\Program Files\TorrentMan\tbTorr.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [fssui] "E:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SweetIM] E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [BearShare] "E:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [TXP] e:\program files\topthemesxp\txp.exe
O4 - HKLM\..\Run: [Babylon Client] E:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SweetIM] E:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] ~"E:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [] E:\WINDOWS\system32\drivers\projet aquilas
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: $«$r.lnk = ?
O4 - Startup: +¦{ÔM_«Þ.lnk = ?
O4 - Startup: ampli_op1.php.lnk = ?
O4 - Startup: AVANT PROPOS.lnk = ?
O4 - Startup: BLANCHESSERIE.lnk = ?
O4 - Startup: courier medel.lnk = ?
O4 - Startup: desktop.lnk = ?
O4 - Startup: DOC 2.lnk = ?
O4 - Startup: EQUATIONS D'ACTIVATIO ET DE DESACTIVATION.lnk = ?
O4 - Startup: MEMBRES DU BUREAU IPJ 2008-2009.lnk = ?
O4 - Startup: projet aquilas.lnk = ?
O4 - Startup: RocketDock.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TICHET.lnk = ?
O4 - Startup: TransBar.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = E:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Fritivi Recorder.lnk = E:\Program Files\Fritivi\fritivi_recorder.exe
O8 - Extra context menu item: &Windows Live Search - res://E:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://E:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - AppInit_DLLs: E:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O20 - Winlogon Notify: hgGabBtU - hgGabBtU.dll (file missing)
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - E:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Usbest Service Zero (UTSCSI) - USBest - E:\WINDOWS\system32\UTSCSI.EXE
bien ... Malwarebytes a fait du ménage ...
on poursuit :
Cliques sur "démarrer"-->tous les programmes--> accessoires, puis bloc-note
Dès qu'il s'ouvre, copie/colle le texte en gras ci-dessous dans le bloc note :
dir "E:\WINDOWS\system32\drivers\*" /a > files.txt
notepad files.txt
Cliques sur "fichiers"-->"enregistrer sous", choisis de mettre dans type: "tous les fichiers"
Nom de fichier : abcde.bat et enregistres le où tu le retrouvera facilement ( sur ton bureau par exemple )
Doubles clique sur abcde.bat : un rapport va s'ouvrir-> enregistres le ...
postes son contenu dans ta prochaine réponse et attends la suite ...
on poursuit :
Cliques sur "démarrer"-->tous les programmes--> accessoires, puis bloc-note
Dès qu'il s'ouvre, copie/colle le texte en gras ci-dessous dans le bloc note :
dir "E:\WINDOWS\system32\drivers\*" /a > files.txt
notepad files.txt
Cliques sur "fichiers"-->"enregistrer sous", choisis de mettre dans type: "tous les fichiers"
Nom de fichier : abcde.bat et enregistres le où tu le retrouvera facilement ( sur ton bureau par exemple )
Doubles clique sur abcde.bat : un rapport va s'ouvrir-> enregistres le ...
postes son contenu dans ta prochaine réponse et attends la suite ...
Le volume dans le lecteur E s'appelle pertorio
Le num‚ro de s‚rie du volume est A0FA-7C09
R‚pertoire de E:\WINDOWS\system32\drivers
20/07/2008 22:31 <REP> .
20/07/2008 22:31 <REP> ..
19/08/2004 15:51 188ÿ672 acpi.sys
28/09/2001 12:00 12ÿ032 acpiec.sys
15/02/2006 00:22 142ÿ464 aec.sys
20/06/2008 10:44 138ÿ368 afd.sys
29/06/2004 09:07 1ÿ268ÿ204 AGRSM.sys
08/12/2003 11:53 3ÿ968 alcacr.sys
08/12/2003 11:53 53ÿ600 alcan5wn.sys
08/12/2003 11:53 70ÿ688 alcaudsl.sys
08/12/2003 11:53 5ÿ280 alcawh.sys
24/01/2008 16:36 4ÿ127ÿ488 alcxwdm.sys
19/08/2004 16:20 41ÿ216 amdk6.sys
19/08/2004 16:20 41ÿ600 amdk7.sys
19/08/2004 16:20 60ÿ800 arp1394.sys
03/08/2004 23:05 14ÿ336 asyncmac.sys
03/08/2004 22:59 95ÿ360 atapi.sys
03/08/2004 22:58 59ÿ904 atmarpc.sys
28/09/2001 12:00 31ÿ360 atmepvc.sys
03/08/2004 22:58 55ÿ936 atmlane.sys
28/09/2001 12:00 352ÿ256 atmuni.sys
17/08/2001 21:59 3ÿ072 audstub.sys
28/09/2001 12:00 4ÿ224 beep.sys
03/08/2004 22:59 71ÿ552 bridge.sys
14/06/2008 17:59 272ÿ768 bthport.sys
28/09/2001 12:00 13ÿ952 cbidf2k.sys
28/09/2001 12:00 18ÿ688 cdaudio.sys
03/08/2004 23:14 63ÿ744 cdfs.sys
07/03/2007 23:51 9ÿ336 cdr4_xp.sys
07/03/2007 23:51 9ÿ464 cdralw2k.sys
03/08/2004 22:59 49ÿ536 cdrom.sys
28/09/2001 12:00 262ÿ528 cinemst2.sys
03/08/2004 23:14 49ÿ664 classpnp.sys
28/09/2001 12:00 11ÿ776 cpqdap01.sys
19/08/2004 16:20 40ÿ704 crusoe.sys
17/03/2008 13:06 <REP> disdn
03/08/2004 22:59 36ÿ352 disk.sys
03/08/2004 22:59 14ÿ208 diskdump.sys
19/08/2004 16:01 800ÿ256 dmboot.sys
19/08/2004 16:01 154ÿ496 dmio.sys
28/09/2001 12:00 5ÿ888 dmload.sys
03/08/2004 23:07 52ÿ864 DMusic.sys
03/08/2004 23:08 60ÿ288 drmk.sys
03/08/2004 23:07 2ÿ944 drmkaud.sys
28/09/2001 12:00 10ÿ496 dxapi.sys
03/08/2004 23:00 71ÿ040 dxg.sys
28/09/2001 12:00 3ÿ328 dxgthk.sys
15/06/2008 14:19 <REP> etc
03/08/2004 23:14 143ÿ360 fastfat.sys
03/08/2004 22:59 27ÿ392 fdc.sys
21/07/2008 15:53 6ÿ067ÿ744 fidbox.dat
21/07/2008 15:53 49ÿ532 fidbox.idx
21/07/2008 15:53 671ÿ776 fidbox2.dat
21/07/2008 15:53 4ÿ424 fidbox2.idx
28/09/2001 12:00 35ÿ072 fips.sys
03/08/2004 22:59 20ÿ480 flpydisk.sys
21/08/2006 09:14 128ÿ896 fltmgr.sys
17/10/2007 13:53 43ÿ816 fssfltr.sys
28/09/2001 12:00 12ÿ416 fsvga.sys
28/09/2001 12:00 7ÿ936 fs_rec.sys
28/09/2001 12:00 126ÿ080 ftdisk.sys
28/09/2001 12:00 3ÿ440ÿ660 gm.dls
28/09/2001 12:00 646 gmreadme.txt
03/08/2004 23:08 36ÿ224 hidclass.sys
03/08/2004 23:08 24ÿ960 hidparse.sys
17/03/2006 00:33 262ÿ784 http.sys
19/08/2004 15:56 54ÿ400 i8042prt.sys
18/02/2008 16:21 11ÿ304 imagedrv.sys
18/02/2008 16:21 132ÿ904 imagesrv.sys
03/08/2004 23:00 41ÿ856 imapi.sys
19/08/2004 15:59 5ÿ504 intelide.sys
19/08/2004 15:59 40ÿ320 intelppm.sys
03/08/2004 23:00 29ÿ056 ip6fw.sys
28/09/2001 12:00 32ÿ896 ipfltdrv.sys
03/08/2004 23:04 20ÿ992 ipinip.sys
29/09/2004 22:28 134ÿ912 ipnat.sys
03/08/2004 23:14 74ÿ752 ipsec.sys
03/08/2004 23:00 11ÿ264 irenum.sys
28/09/2001 12:00 36ÿ224 isapnp.sys
19/08/2004 16:00 25ÿ216 kbdclass.sys
16/04/2008 14:23 112ÿ144 kl1.sys
29/01/2008 18:29 32ÿ784 klbg.sys
07/07/2008 10:18 88ÿ774 klick.dat
17/07/2008 12:57 187ÿ920 klif.sys
25/03/2008 20:07 24ÿ592 klim5.sys
07/07/2008 10:18 96ÿ966 klin.dat
25/04/2008 18:21 26ÿ964 klopp.dat
14/06/2006 08:47 172ÿ416 kmixer.sys
03/08/2004 23:15 140ÿ928 ks.sys
03/08/2004 22:59 92ÿ032 ksecdd.sys
18/07/2008 19:15 17ÿ144 mbam.sys
18/07/2008 19:15 36ÿ472 mbamswissarmy.sys
28/09/2001 12:00 7ÿ680 mcd.sys
19/08/2004 16:20 63ÿ744 mf.sys
28/09/2001 12:00 4ÿ224 mnmdd.sys
19/08/2004 16:20 30ÿ336 modem.sys
19/08/2004 16:20 23ÿ680 mouclass.sys
03/08/2004 22:58 42ÿ240 mountmgr.sys
06/07/2007 10:05 72ÿ960 mqac.sys
18/12/2007 09:51 179ÿ584 mrxdav.sys
05/05/2006 09:41 453ÿ120 mrxsmb.sys
03/08/2004 23:00 19ÿ072 msfs.sys
03/08/2004 23:04 35ÿ072 msgpc.sys
03/08/2004 22:58 7ÿ552 MSKSSRV.sys
03/08/2004 22:58 5ÿ376 MSPCLOCK.sys
03/08/2004 22:58 4ÿ992 MSPQM.sys
19/08/2004 16:20 15ÿ488 mssmbios.sys
03/08/2004 23:15 107ÿ904 mup.sys
03/08/2004 23:14 182ÿ912 ndis.sys
28/09/2001 12:00 9ÿ600 ndistapi.sys
19/08/2004 16:20 12ÿ928 ndisuio.sys
03/08/2004 23:14 91ÿ776 ndiswan.sys
28/09/2001 12:00 38ÿ016 ndproxy.sys
03/08/2004 23:03 34ÿ560 netbios.sys
03/08/2004 23:14 162ÿ816 netbt.sys
02/06/2008 01:30 1ÿ990 net_m32.inf
19/08/2004 16:20 61ÿ824 nic1394.sys
28/09/2001 12:00 12ÿ032 nikedrv.sys
03/08/2004 22:59 40ÿ320 nmnt.sys
22/02/2007 10:15 137ÿ216 nmwcd.sys
22/02/2007 10:15 8ÿ320 nmwcdc.sys
22/02/2007 10:15 12ÿ288 nmwcdcj.sys
22/02/2007 10:15 12ÿ288 nmwcdcm.sys
03/08/2004 23:00 30ÿ848 npfs.sys
09/02/2007 11:10 574ÿ464 ntfs.sys
28/09/2001 12:00 2ÿ944 null.sys
28/09/2001 12:00 12ÿ416 nwlnkflt.sys
28/09/2001 12:00 32ÿ512 nwlnkfwd.sys
03/08/2004 23:03 88ÿ448 nwlnkipx.sys
28/09/2001 12:00 63ÿ232 nwlnknb.sys
28/09/2001 12:00 55ÿ936 nwlnkspx.sys
13/10/2006 10:23 163ÿ584 nwrdr.sys
28/09/2001 12:00 3ÿ456 oprghdlr.sys
19/08/2004 16:20 46ÿ720 p3.sys
19/08/2004 16:20 80ÿ384 parport.sys
28/09/2001 12:00 18ÿ688 partmgr.sys
28/09/2001 12:00 6ÿ912 parvdm.sys
19/08/2004 15:52 68ÿ608 pci.sys
28/09/2001 12:00 3ÿ328 pciide.sys
03/08/2004 22:59 25ÿ088 pciidex.sys
19/08/2004 15:52 120ÿ320 pcmcia.sys
03/08/2004 23:15 145ÿ792 portcls.sys
19/08/2004 16:20 39ÿ552 processr.sys
03/08/2004 23:04 69ÿ120 psched.sys
28/09/2001 12:00 17ÿ792 ptilink.sys
07/03/2007 23:51 43ÿ528 PxHelp20.sys
28/09/2001 12:00 8ÿ832 rasacd.sys
03/08/2004 23:14 51ÿ328 rasl2tp.sys
03/08/2004 23:05 41ÿ472 raspppoe.sys
03/08/2004 23:14 48ÿ384 raspptp.sys
28/09/2001 12:00 16ÿ512 raspti.sys
28/09/2001 12:00 34ÿ432 rawwan.sys
05/05/2006 09:47 174ÿ592 rdbss.sys
28/09/2001 12:00 4ÿ224 rdpcdd.sys
03/08/2004 23:01 196ÿ864 rdpdr.sys
10/06/2005 04:11 139ÿ528 rdpwd.sys
19/08/2004 15:54 58ÿ496 redbook.sys
28/09/2001 12:00 12ÿ032 rio8drv.sys
28/09/2001 12:00 12ÿ032 riodrv.sys
08/05/2008 12:28 202ÿ752 rmcast.sys
03/08/2004 23:04 30ÿ080 rndismp.sys
28/09/2001 12:00 5ÿ888 rootmdm.sys
03/08/2004 22:31 20ÿ992 RTL8139.sys
03/08/2004 22:59 96ÿ256 scsiport.sys
03/08/2004 23:07 67ÿ584 sdbus.sys
13/11/2007 10:25 20ÿ480 secdrv.sys
03/08/2004 22:59 15ÿ488 serenum.sys
19/08/2004 15:56 66ÿ560 serial.sys
03/08/2004 22:59 11ÿ136 sffdisk.sys
03/08/2004 22:59 10ÿ240 sffp_sd.sys
03/08/2004 22:59 11ÿ392 sfloppy.sys
28/09/2001 12:00 14ÿ592 smclib.sys
19/08/2004 16:20 25ÿ472 sonydcam.sys
14/06/2006 08:47 6ÿ400 splitter.sys
19/08/2004 16:04 73ÿ600 sr.sys
14/08/2006 10:34 332ÿ928 srv.sys
03/08/2004 23:08 48ÿ640 stream.sys
19/08/2004 16:20 4ÿ352 swenum.sys
17/08/2001 22:00 54ÿ272 swmidi.sys
03/08/2004 23:15 60ÿ800 sysaudio.sys
03/08/2004 23:00 14ÿ976 tape.sys
20/06/2008 10:45 360ÿ320 tcpip.sys
20/06/2008 09:52 225ÿ920 tcpip6.sys
03/08/2004 23:07 18ÿ560 tdi.sys
19/08/2004 16:10 12ÿ040 tdpipe.sys
19/08/2004 16:10 21ÿ896 tdtcp.sys
19/08/2004 16:10 40ÿ840 termdd.sys
28/09/2001 12:00 51ÿ712 tosdvd.sys
28/09/2001 12:00 21ÿ376 tsbvcap.sys
19/08/2004 16:20 12ÿ416 tunmp.sys
03/08/2004 23:00 66ÿ176 udfs.sys
26/03/2008 17:24 <REP> UMDF
23/04/2007 10:32 364ÿ160 update.sys
03/08/2004 23:04 12ÿ672 usb8023.sys
28/09/2001 12:00 23ÿ808 usbcamd.sys
28/09/2001 12:00 23ÿ936 usbcamd2.sys
28/09/2001 12:00 4ÿ736 usbd.sys
03/08/2004 23:08 26ÿ624 usbehci.sys
03/08/2004 23:08 57ÿ600 usbhub.sys
19/08/2004 16:20 16ÿ000 usbintel.sys
03/08/2004 23:08 142ÿ976 usbport.sys
03/08/2004 23:08 26ÿ496 usbstor.sys
03/08/2004 23:08 20ÿ480 usbuhci.sys
28/09/2001 12:00 58ÿ112 vdmindvd.sys
03/08/2004 23:07 20ÿ992 vga.sys
03/08/2004 23:07 79ÿ744 videoprt.sys
19/08/2004 15:59 53ÿ376 volsnap.sys
03/08/2004 23:04 34ÿ560 wanarp.sys
19/08/2004 16:00 32ÿ128 wceusbsh.sys
14/06/2006 09:00 82ÿ944 wdmaud.sys
28/09/2001 12:00 4ÿ352 wmilib.sys
15/06/2008 14:20 0 wnmsav.dat
18/10/2006 20:00 38ÿ528 wpdusb.sys
28/09/2001 12:00 12ÿ032 ws2ifsl.sys
15/09/2006 22:29 76ÿ544 WudfPf.sys
15/09/2006 22:30 82ÿ688 WudfRd.sys
211 fichier(s) 29ÿ367ÿ568 octets
5 R‚p(s) 1ÿ282ÿ134ÿ016 octets libres
Le num‚ro de s‚rie du volume est A0FA-7C09
R‚pertoire de E:\WINDOWS\system32\drivers
20/07/2008 22:31 <REP> .
20/07/2008 22:31 <REP> ..
19/08/2004 15:51 188ÿ672 acpi.sys
28/09/2001 12:00 12ÿ032 acpiec.sys
15/02/2006 00:22 142ÿ464 aec.sys
20/06/2008 10:44 138ÿ368 afd.sys
29/06/2004 09:07 1ÿ268ÿ204 AGRSM.sys
08/12/2003 11:53 3ÿ968 alcacr.sys
08/12/2003 11:53 53ÿ600 alcan5wn.sys
08/12/2003 11:53 70ÿ688 alcaudsl.sys
08/12/2003 11:53 5ÿ280 alcawh.sys
24/01/2008 16:36 4ÿ127ÿ488 alcxwdm.sys
19/08/2004 16:20 41ÿ216 amdk6.sys
19/08/2004 16:20 41ÿ600 amdk7.sys
19/08/2004 16:20 60ÿ800 arp1394.sys
03/08/2004 23:05 14ÿ336 asyncmac.sys
03/08/2004 22:59 95ÿ360 atapi.sys
03/08/2004 22:58 59ÿ904 atmarpc.sys
28/09/2001 12:00 31ÿ360 atmepvc.sys
03/08/2004 22:58 55ÿ936 atmlane.sys
28/09/2001 12:00 352ÿ256 atmuni.sys
17/08/2001 21:59 3ÿ072 audstub.sys
28/09/2001 12:00 4ÿ224 beep.sys
03/08/2004 22:59 71ÿ552 bridge.sys
14/06/2008 17:59 272ÿ768 bthport.sys
28/09/2001 12:00 13ÿ952 cbidf2k.sys
28/09/2001 12:00 18ÿ688 cdaudio.sys
03/08/2004 23:14 63ÿ744 cdfs.sys
07/03/2007 23:51 9ÿ336 cdr4_xp.sys
07/03/2007 23:51 9ÿ464 cdralw2k.sys
03/08/2004 22:59 49ÿ536 cdrom.sys
28/09/2001 12:00 262ÿ528 cinemst2.sys
03/08/2004 23:14 49ÿ664 classpnp.sys
28/09/2001 12:00 11ÿ776 cpqdap01.sys
19/08/2004 16:20 40ÿ704 crusoe.sys
17/03/2008 13:06 <REP> disdn
03/08/2004 22:59 36ÿ352 disk.sys
03/08/2004 22:59 14ÿ208 diskdump.sys
19/08/2004 16:01 800ÿ256 dmboot.sys
19/08/2004 16:01 154ÿ496 dmio.sys
28/09/2001 12:00 5ÿ888 dmload.sys
03/08/2004 23:07 52ÿ864 DMusic.sys
03/08/2004 23:08 60ÿ288 drmk.sys
03/08/2004 23:07 2ÿ944 drmkaud.sys
28/09/2001 12:00 10ÿ496 dxapi.sys
03/08/2004 23:00 71ÿ040 dxg.sys
28/09/2001 12:00 3ÿ328 dxgthk.sys
15/06/2008 14:19 <REP> etc
03/08/2004 23:14 143ÿ360 fastfat.sys
03/08/2004 22:59 27ÿ392 fdc.sys
21/07/2008 15:53 6ÿ067ÿ744 fidbox.dat
21/07/2008 15:53 49ÿ532 fidbox.idx
21/07/2008 15:53 671ÿ776 fidbox2.dat
21/07/2008 15:53 4ÿ424 fidbox2.idx
28/09/2001 12:00 35ÿ072 fips.sys
03/08/2004 22:59 20ÿ480 flpydisk.sys
21/08/2006 09:14 128ÿ896 fltmgr.sys
17/10/2007 13:53 43ÿ816 fssfltr.sys
28/09/2001 12:00 12ÿ416 fsvga.sys
28/09/2001 12:00 7ÿ936 fs_rec.sys
28/09/2001 12:00 126ÿ080 ftdisk.sys
28/09/2001 12:00 3ÿ440ÿ660 gm.dls
28/09/2001 12:00 646 gmreadme.txt
03/08/2004 23:08 36ÿ224 hidclass.sys
03/08/2004 23:08 24ÿ960 hidparse.sys
17/03/2006 00:33 262ÿ784 http.sys
19/08/2004 15:56 54ÿ400 i8042prt.sys
18/02/2008 16:21 11ÿ304 imagedrv.sys
18/02/2008 16:21 132ÿ904 imagesrv.sys
03/08/2004 23:00 41ÿ856 imapi.sys
19/08/2004 15:59 5ÿ504 intelide.sys
19/08/2004 15:59 40ÿ320 intelppm.sys
03/08/2004 23:00 29ÿ056 ip6fw.sys
28/09/2001 12:00 32ÿ896 ipfltdrv.sys
03/08/2004 23:04 20ÿ992 ipinip.sys
29/09/2004 22:28 134ÿ912 ipnat.sys
03/08/2004 23:14 74ÿ752 ipsec.sys
03/08/2004 23:00 11ÿ264 irenum.sys
28/09/2001 12:00 36ÿ224 isapnp.sys
19/08/2004 16:00 25ÿ216 kbdclass.sys
16/04/2008 14:23 112ÿ144 kl1.sys
29/01/2008 18:29 32ÿ784 klbg.sys
07/07/2008 10:18 88ÿ774 klick.dat
17/07/2008 12:57 187ÿ920 klif.sys
25/03/2008 20:07 24ÿ592 klim5.sys
07/07/2008 10:18 96ÿ966 klin.dat
25/04/2008 18:21 26ÿ964 klopp.dat
14/06/2006 08:47 172ÿ416 kmixer.sys
03/08/2004 23:15 140ÿ928 ks.sys
03/08/2004 22:59 92ÿ032 ksecdd.sys
18/07/2008 19:15 17ÿ144 mbam.sys
18/07/2008 19:15 36ÿ472 mbamswissarmy.sys
28/09/2001 12:00 7ÿ680 mcd.sys
19/08/2004 16:20 63ÿ744 mf.sys
28/09/2001 12:00 4ÿ224 mnmdd.sys
19/08/2004 16:20 30ÿ336 modem.sys
19/08/2004 16:20 23ÿ680 mouclass.sys
03/08/2004 22:58 42ÿ240 mountmgr.sys
06/07/2007 10:05 72ÿ960 mqac.sys
18/12/2007 09:51 179ÿ584 mrxdav.sys
05/05/2006 09:41 453ÿ120 mrxsmb.sys
03/08/2004 23:00 19ÿ072 msfs.sys
03/08/2004 23:04 35ÿ072 msgpc.sys
03/08/2004 22:58 7ÿ552 MSKSSRV.sys
03/08/2004 22:58 5ÿ376 MSPCLOCK.sys
03/08/2004 22:58 4ÿ992 MSPQM.sys
19/08/2004 16:20 15ÿ488 mssmbios.sys
03/08/2004 23:15 107ÿ904 mup.sys
03/08/2004 23:14 182ÿ912 ndis.sys
28/09/2001 12:00 9ÿ600 ndistapi.sys
19/08/2004 16:20 12ÿ928 ndisuio.sys
03/08/2004 23:14 91ÿ776 ndiswan.sys
28/09/2001 12:00 38ÿ016 ndproxy.sys
03/08/2004 23:03 34ÿ560 netbios.sys
03/08/2004 23:14 162ÿ816 netbt.sys
02/06/2008 01:30 1ÿ990 net_m32.inf
19/08/2004 16:20 61ÿ824 nic1394.sys
28/09/2001 12:00 12ÿ032 nikedrv.sys
03/08/2004 22:59 40ÿ320 nmnt.sys
22/02/2007 10:15 137ÿ216 nmwcd.sys
22/02/2007 10:15 8ÿ320 nmwcdc.sys
22/02/2007 10:15 12ÿ288 nmwcdcj.sys
22/02/2007 10:15 12ÿ288 nmwcdcm.sys
03/08/2004 23:00 30ÿ848 npfs.sys
09/02/2007 11:10 574ÿ464 ntfs.sys
28/09/2001 12:00 2ÿ944 null.sys
28/09/2001 12:00 12ÿ416 nwlnkflt.sys
28/09/2001 12:00 32ÿ512 nwlnkfwd.sys
03/08/2004 23:03 88ÿ448 nwlnkipx.sys
28/09/2001 12:00 63ÿ232 nwlnknb.sys
28/09/2001 12:00 55ÿ936 nwlnkspx.sys
13/10/2006 10:23 163ÿ584 nwrdr.sys
28/09/2001 12:00 3ÿ456 oprghdlr.sys
19/08/2004 16:20 46ÿ720 p3.sys
19/08/2004 16:20 80ÿ384 parport.sys
28/09/2001 12:00 18ÿ688 partmgr.sys
28/09/2001 12:00 6ÿ912 parvdm.sys
19/08/2004 15:52 68ÿ608 pci.sys
28/09/2001 12:00 3ÿ328 pciide.sys
03/08/2004 22:59 25ÿ088 pciidex.sys
19/08/2004 15:52 120ÿ320 pcmcia.sys
03/08/2004 23:15 145ÿ792 portcls.sys
19/08/2004 16:20 39ÿ552 processr.sys
03/08/2004 23:04 69ÿ120 psched.sys
28/09/2001 12:00 17ÿ792 ptilink.sys
07/03/2007 23:51 43ÿ528 PxHelp20.sys
28/09/2001 12:00 8ÿ832 rasacd.sys
03/08/2004 23:14 51ÿ328 rasl2tp.sys
03/08/2004 23:05 41ÿ472 raspppoe.sys
03/08/2004 23:14 48ÿ384 raspptp.sys
28/09/2001 12:00 16ÿ512 raspti.sys
28/09/2001 12:00 34ÿ432 rawwan.sys
05/05/2006 09:47 174ÿ592 rdbss.sys
28/09/2001 12:00 4ÿ224 rdpcdd.sys
03/08/2004 23:01 196ÿ864 rdpdr.sys
10/06/2005 04:11 139ÿ528 rdpwd.sys
19/08/2004 15:54 58ÿ496 redbook.sys
28/09/2001 12:00 12ÿ032 rio8drv.sys
28/09/2001 12:00 12ÿ032 riodrv.sys
08/05/2008 12:28 202ÿ752 rmcast.sys
03/08/2004 23:04 30ÿ080 rndismp.sys
28/09/2001 12:00 5ÿ888 rootmdm.sys
03/08/2004 22:31 20ÿ992 RTL8139.sys
03/08/2004 22:59 96ÿ256 scsiport.sys
03/08/2004 23:07 67ÿ584 sdbus.sys
13/11/2007 10:25 20ÿ480 secdrv.sys
03/08/2004 22:59 15ÿ488 serenum.sys
19/08/2004 15:56 66ÿ560 serial.sys
03/08/2004 22:59 11ÿ136 sffdisk.sys
03/08/2004 22:59 10ÿ240 sffp_sd.sys
03/08/2004 22:59 11ÿ392 sfloppy.sys
28/09/2001 12:00 14ÿ592 smclib.sys
19/08/2004 16:20 25ÿ472 sonydcam.sys
14/06/2006 08:47 6ÿ400 splitter.sys
19/08/2004 16:04 73ÿ600 sr.sys
14/08/2006 10:34 332ÿ928 srv.sys
03/08/2004 23:08 48ÿ640 stream.sys
19/08/2004 16:20 4ÿ352 swenum.sys
17/08/2001 22:00 54ÿ272 swmidi.sys
03/08/2004 23:15 60ÿ800 sysaudio.sys
03/08/2004 23:00 14ÿ976 tape.sys
20/06/2008 10:45 360ÿ320 tcpip.sys
20/06/2008 09:52 225ÿ920 tcpip6.sys
03/08/2004 23:07 18ÿ560 tdi.sys
19/08/2004 16:10 12ÿ040 tdpipe.sys
19/08/2004 16:10 21ÿ896 tdtcp.sys
19/08/2004 16:10 40ÿ840 termdd.sys
28/09/2001 12:00 51ÿ712 tosdvd.sys
28/09/2001 12:00 21ÿ376 tsbvcap.sys
19/08/2004 16:20 12ÿ416 tunmp.sys
03/08/2004 23:00 66ÿ176 udfs.sys
26/03/2008 17:24 <REP> UMDF
23/04/2007 10:32 364ÿ160 update.sys
03/08/2004 23:04 12ÿ672 usb8023.sys
28/09/2001 12:00 23ÿ808 usbcamd.sys
28/09/2001 12:00 23ÿ936 usbcamd2.sys
28/09/2001 12:00 4ÿ736 usbd.sys
03/08/2004 23:08 26ÿ624 usbehci.sys
03/08/2004 23:08 57ÿ600 usbhub.sys
19/08/2004 16:20 16ÿ000 usbintel.sys
03/08/2004 23:08 142ÿ976 usbport.sys
03/08/2004 23:08 26ÿ496 usbstor.sys
03/08/2004 23:08 20ÿ480 usbuhci.sys
28/09/2001 12:00 58ÿ112 vdmindvd.sys
03/08/2004 23:07 20ÿ992 vga.sys
03/08/2004 23:07 79ÿ744 videoprt.sys
19/08/2004 15:59 53ÿ376 volsnap.sys
03/08/2004 23:04 34ÿ560 wanarp.sys
19/08/2004 16:00 32ÿ128 wceusbsh.sys
14/06/2006 09:00 82ÿ944 wdmaud.sys
28/09/2001 12:00 4ÿ352 wmilib.sys
15/06/2008 14:20 0 wnmsav.dat
18/10/2006 20:00 38ÿ528 wpdusb.sys
28/09/2001 12:00 12ÿ032 ws2ifsl.sys
15/09/2006 22:29 76ÿ544 WudfPf.sys
15/09/2006 22:30 82ÿ688 WudfRd.sys
211 fichier(s) 29ÿ367ÿ568 octets
5 R‚p(s) 1ÿ282ÿ134ÿ016 octets libres
