Fenêtres intempestives (désolé encore)
Résolu/Fermé
Yuchiang
Messages postés
36
Date d'inscription
dimanche 1 juin 2008
Statut
Membre
Dernière intervention
10 juillet 2009
-
31 juil. 2008 à 18:18
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 1 août 2008 à 02:23
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 1 août 2008 à 02:23
A voir également:
- Fenêtres intempestives (désolé encore)
- Afficher toutes les fenetres ouvertes windows - Guide
- Désolé, vous avez dépassé votre quota d'éléments partagés. ✓ - Forum Cloud
- Désolé... il semble que cette page soit endommagée word ✓ - Forum Word
- Iptv desole cette video ne peut etre lue - Forum Téléphones & tablettes Android
- Restaurer les fenetres chrome - Guide
33 réponses
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
31 juil. 2008 à 18:29
31 juil. 2008 à 18:29
salut,
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
post un new rapport hijack this egalement ;)
@+
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
post un new rapport hijack this egalement ;)
@+
Yuchiang
Messages postés
36
Date d'inscription
dimanche 1 juin 2008
Statut
Membre
Dernière intervention
10 juillet 2009
31 juil. 2008 à 19:07
31 juil. 2008 à 19:07
Oki doki C'est terminé il y a eu par contre un souci lors du scan windows a redémarré d'un coup et il y a eu un écran en fond bleu marqué windows has been dammaged et c'est passé trop vite pour pouvoir lire le reste enfin voile rapport combofix:
ComboFix 08-07-30.02 - Yann 2008-07-31 18:46:09.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2184 [GMT 2:00]
Endroit: C:\Users\Yann\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Users\Yann\AppData\Roaming\Microsoft\dtsc
C:\Users\Yann\AppData\Roaming\Microsoft\dtsc\15626.exe
C:\Users\Yann\AppData\Roaming\Microsoft\dtsc\s
C:\Windows\system32\efcDVnNH.dll
C:\Windows\system32\fcccbbxU.dll
C:\Windows\system32\packet.dll
C:\Windows\system32\pmnnLBut.dll
C:\Windows\system32\rqRJApqo.dll
C:\Windows\system32\tuvWmJbB.dll
----- BITS: Possible sites infectés -----
https://www.hugedomains.com/domain_profile.cfm?d=theinstalls&e=com
.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-28 to 2008-07-31 ))))))))))))))))))))))))))))))))))))
.
2008-07-31 18:05 . 2008-07-31 18:05 <REP> d-------- C:\Program Files\Trend Micro
2008-07-31 18:04 . 2008-07-31 18:04 <REP> d-------- C:\Users\Yann\AppData\Roaming\Grisoft
2008-07-31 18:03 . 2008-07-31 18:03 <REP> d-------- C:\Users\All Users\Grisoft
2008-07-31 18:03 . 2008-07-31 18:03 <REP> d-------- C:\ProgramData\Grisoft
2008-07-31 18:03 . 2007-05-30 14:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-07-31 11:11 . 2008-07-31 11:12 <REP> d-------- C:\Users\All Users\Lavasoft
2008-07-31 11:11 . 2008-07-31 11:12 <REP> d-------- C:\ProgramData\Lavasoft
2008-07-31 11:11 . 2008-07-31 11:11 <REP> d-------- C:\Program Files\Lavasoft
2008-07-31 11:10 . 2008-07-31 11:10 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-31 10:39 . 2008-07-31 10:39 130,208 -r------- C:\Windows\bwUnin-8.1.1.87-8876480SL.exe
2008-07-30 19:59 . 2008-07-30 19:59 611,064 --a------ C:\Windows\System32\drivers\sptd.sys
2008-07-30 19:59 . 2008-07-30 19:59 142,904 --a------ C:\Windows\System32\drivers\sptddrv1.sys
2008-07-30 17:13 . 2008-07-30 17:31 <REP> d-------- C:\Users\Yann\AppData\Roaming\Ulead Systems
2008-07-30 16:03 . 2008-07-30 16:03 <REP> d-------- C:\Program Files\Common Files\InterVideo
2008-07-30 16:02 . 2008-07-30 16:02 <REP> d-------- C:\Users\All Users\InterVideo
2008-07-30 16:02 . 2008-07-30 16:02 <REP> d-------- C:\ProgramData\InterVideo
2008-07-30 16:02 . 2007-03-06 11:58 210,456 --a------ C:\Windows\System32\IVIresizeW7.dll
2008-07-30 16:02 . 2007-03-06 11:58 206,360 --a------ C:\Windows\System32\IVIresizeA6.dll
2008-07-30 16:02 . 2007-03-06 11:58 198,168 --a------ C:\Windows\System32\IVIresizeP6.dll
2008-07-30 16:02 . 2007-03-06 11:58 198,168 --a------ C:\Windows\System32\IVIresizeM6.dll
2008-07-30 16:02 . 2007-03-06 11:58 194,072 --a------ C:\Windows\System32\IVIresizePX.dll
2008-07-30 16:02 . 2007-03-06 11:58 26,136 --a------ C:\Windows\System32\IVIresize.dll
2008-07-30 15:57 . 2008-07-30 15:57 <REP> d-------- C:\Program Files\Windows Media Components
2008-07-30 15:54 . 2008-07-30 17:12 <REP> d-------- C:\Users\All Users\Ulead Systems
2008-07-30 15:54 . 2008-07-30 17:12 <REP> d-------- C:\ProgramData\Ulead Systems
2008-07-30 15:54 . 2008-07-30 15:54 <REP> d-------- C:\Program Files\Ulead Systems
2008-07-30 15:54 . 2008-07-30 15:57 <REP> d-------- C:\Program Files\Common Files\Ulead Systems
2008-07-30 11:19 . 2008-07-30 11:20 <REP> d-------- C:\Users\Yann\AppData\Roaming\.ABC
2008-07-30 09:46 . 2008-07-30 09:46 <REP> d-------- C:\Program Files\iPod
2008-07-30 09:45 . 2008-07-30 09:45 <REP> d-------- C:\Program Files\QuickTime
2008-07-29 23:24 . 2008-06-30 10:52 1,425,408 --a------ C:\Users\Yann\cpuz.exe
2008-07-29 23:06 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-29 23:06 . 2008-06-26 03:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-29 23:06 . 2008-06-26 05:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-07-09 08:08 . 2008-04-26 10:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-07-09 08:08 . 2008-04-26 10:25 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-07-09 08:08 . 2008-04-26 10:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-07-09 08:08 . 2008-04-12 05:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll
2008-07-09 08:08 . 2008-05-10 05:35 564,736 --a------ C:\Windows\System32\emdmgmt.dll
2008-07-09 08:08 . 2008-04-05 03:21 72,192 --a------ C:\Windows\System32\drivers\pacer.sys
2008-07-09 08:08 . 2008-04-05 05:34 15,360 --a------ C:\Windows\System32\pacerprf.dll
2008-07-09 08:07 . 2008-05-08 23:59 430,080 --a------ C:\Windows\System32\vbscript.dll
2008-07-09 08:07 . 2008-05-08 23:59 180,224 --a------ C:\Windows\System32\scrobj.dll
2008-07-09 08:07 . 2008-05-08 23:59 172,032 --a------ C:\Windows\System32\scrrun.dll
2008-07-09 08:07 . 2008-05-08 23:59 155,648 --a------ C:\Windows\System32\wscript.exe
2008-07-09 08:07 . 2008-05-08 23:58 135,168 --a------ C:\Windows\System32\wshom.ocx
2008-07-09 08:07 . 2008-05-08 23:58 135,168 --a------ C:\Windows\System32\cscript.exe
2008-07-09 08:07 . 2008-05-08 23:59 90,112 --a------ C:\Windows\System32\wshext.dll
2008-07-04 02:23 . 2008-07-04 02:23 <REP> d-------- C:\Users\Yann\AppData\Roaming\AVS4YOU
2008-07-04 02:23 . 2008-07-04 02:23 <REP> d-------- C:\Users\All Users\AVS4YOU
2008-07-04 02:23 . 2008-07-04 02:23 <REP> d-------- C:\ProgramData\AVS4YOU
2008-07-04 02:22 . 2008-07-04 02:56 <REP> d-------- C:\Program Files\Common Files\AVSMedia
2008-07-04 02:21 . 2007-02-27 19:36 974,848 --a------ C:\Windows\System32\mfc70.dll
2008-07-04 02:21 . 2007-02-27 19:36 24,576 --a------ C:\Windows\System32\msxml3a.dll
2008-06-30 18:06 . 2008-06-30 18:06 <REP> d-------- C:\Program Files\Free FLV Converter
2008-06-30 18:06 . 2008-06-04 18:42 364,544 --a------ C:\Windows\System32\PropertyGrid.ocx
2008-06-30 18:06 . 2008-06-13 01:00 225,280 --a------ C:\Windows\System32\TubeFinder.exe
2008-06-30 18:06 . 2008-06-04 18:42 208,500 --a------ C:\Windows\System32\ReyXpBasics.tlb
2008-06-30 18:06 . 2008-06-04 18:42 24,576 --a------ C:\Windows\System32\ControlSubX.ocx
2008-06-30 18:06 . 2008-06-04 18:42 9,728 --a------ C:\Windows\System32\PCCLPFR.DLL
2008-06-30 17:57 . 2005-03-29 07:26 3,608,064 --a------ C:\Users\Yann\ffmpeg.exe
2008-06-25 16:14 . 2008-06-25 16:14 <REP> d-------- C:\Users\Yann\AppData\Roaming\SpeedSim
2008-06-25 16:13 . 2008-06-25 16:13 <REP> d-------- C:\Program Files\SpeedSim
2008-06-14 23:11 . 2008-04-23 06:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-14 23:11 . 2008-04-23 06:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-14 23:11 . 2008-04-23 06:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-14 23:11 . 2008-04-23 06:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-11 22:44 . 2008-06-11 22:44 <REP> d-------- C:\Program Files\Search Settings
2008-06-11 22:41 . 2008-06-11 22:42 <REP> d-------- C:\Program Files\Free Audio Pack
2008-06-11 11:33 . 2008-04-25 04:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-11 11:33 . 2008-04-26 10:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-11 11:33 . 2008-04-25 06:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-11 11:33 . 2008-05-10 03:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-10 11:31 . 2008-06-10 11:31 <REP> d-------- C:\Users\Yann\AppData\Roaming\Symantec
2008-06-03 22:50 . 2008-07-31 17:41 0 --a------ C:\Windows\System32\drivers\lvuvc.hs
2008-06-02 19:20 . 2008-03-06 21:32 23,904 --a------ C:\Windows\System32\drivers\COH_Mon.sys
2008-06-02 19:20 . 2008-03-06 21:32 10,537 --a------ C:\Windows\System32\drivers\COH_Mon.cat
2008-06-02 19:20 . 2008-03-06 21:32 706 --a------ C:\Windows\System32\drivers\COH_Mon.inf
2008-06-02 00:36 . 2008-07-09 08:00 <REP> d-------- C:\Program Files\Norton 360
2008-06-02 00:34 . 2008-06-02 08:58 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS
2008-06-02 00:31 . 2008-06-02 08:58 <REP> d-------- C:\Program Files\Symantec
2008-06-01 22:41 . 2008-06-02 00:26 <REP> d-------- C:\Users\All Users\Avira
2008-06-01 22:41 . 2008-06-02 00:26 <REP> d-------- C:\ProgramData\Avira
2008-06-01 22:30 . 2008-06-01 22:30 <REP> d-------- C:\Users\Yann\AppData\Roaming\Malwarebytes
2008-06-01 22:30 . 2008-06-01 22:30 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-06-01 22:30 . 2008-06-01 22:30 <REP> d-------- C:\ProgramData\Malwarebytes
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-31 16:46 1,310,720 --sha-w C:\Users\Invité\NTUSER.DAT
2008-07-31 16:46 1,310,720 --sha-w C:\Users\Invité\NTUSER.DAT
2008-07-31 16:42 --------- d-----w C:\Users\Yann\AppData\Roaming\DNA
2008-07-31 11:52 --------- d-----w C:\Users\Yann\AppData\Roaming\BitTorrent
2008-07-30 14:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-30 09:29 --------- d-----w C:\ProgramData\Symantec
2008-07-30 07:46 --------- d-----w C:\Program Files\iTunes
2008-07-30 00:08 --------- d-----w C:\Program Files\Java
2008-07-09 20:26 --------- d-----w C:\Program Files\Windows Mail
2008-06-22 20:00 --------- d-----w C:\Users\Yann\AppData\Roaming\SolidWorks
2008-06-04 15:49 5,632 ----a-w C:\Windows\system32\drivers\StarOpen.sys
2008-06-02 06:58 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-06-02 06:58 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-06-02 06:57 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-31 15:16 --------- d-----w C:\Users\Yann\AppData\Roaming\Uniblue
2008-05-30 18:23 --------- d-----w C:\Program Files\Google
2008-05-28 19:47 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-05-28 19:26 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll
2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll
2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll
2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll
2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2008-05-16 09:58 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-05-11 00:49 174 --sha-w C:\Program Files\desktop.ini
2008-05-11 00:00 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-11 00:00 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-10 23:43 47,560 ----a-w C:\Windows\System32\SPReview.exe
2008-05-10 23:43 152,576 ----a-w C:\Windows\System32\SPWizUI.dll
2008-05-02 00:40 84,496 ----a-w C:\Windows\System32\KemXML.dll
2008-05-02 00:40 117,264 ----a-w C:\Windows\System32\KemWnd.dll
2008-05-02 00:39 170,512 ----a-w C:\Windows\System32\kemutb.dll
2008-05-02 00:39 145,936 ----a-w C:\Windows\System32\KemUtil.dll
2008-05-02 00:38 301,656 ----a-w C:\Windows\System32\BtCoreIf.dll
2008-04-17 11:49 765,952 ----a-w C:\Windows\System32\SYNSOACC.dll
2008-04-04 22:54 118,932,952 ----a-w C:\Users\Yann\GunBound_WC_FR_FR.exe
2008-03-29 12:23 92,271,454 ----a-w C:\Users\Yann\NosTale_FR_20080319.exe
2008-01-11 16:11 1,491,592 ----a-w C:\Users\Yann\install_flash_player.exe
2007-12-19 20:21 9,195,248 ----a-w C:\Users\Yann\FW_5.10.00.5051.exe
2007-10-28 04:46 20,233,232 ----a-w C:\Users\Yann\Installation de Windows Live.exe
2007-06-24 00:11 21 ----a-w C:\Program Files\Common Files\appop.log
2003-03-24 15:41 229,635 ----a-w C:\Users\Yann\AstroSigns.exe
2000-07-27 09:50 90,072 ----a-w C:\Users\Yann\CHALD.EXE
1996-12-31 02:00 543,914 ----a-w C:\Users\Yann\MAJIC_CARD.EXE
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-07-31 10:39 91440]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
"BitTorrent DNA"="C:\Users\Yann\Program Files\DNA\btdna.exe" [2008-05-08 11:37 289088]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe" [2006-11-09 12:45 549376]
"Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-11-09 13:10 1126400]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-07 19:03 185632]
"Ai Quicker Help"="C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe" [2006-11-09 21:29 3165696]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 17:37 2178832]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"MAFWTaskbarApp"="C:\Windows\system32\MAFWTray.exe" [2007-10-24 14:37 245760]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [2008-04-16 17:56 985440]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-07-23 13:55 341232]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\Windows\KHALMNPR.Exe]
C:\Users\Yann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-04-07 00:19:48 270336]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-07-31 10:39:28 91440]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-29 23:58:06 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D5E92AFD-3FFC-4B58-B435-BCAD9FD245AD}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{F2A716C3-1318-467F-B48A-8E6520021994}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"TCP Query User{9B1E11C8-BC1E-4373-BCCF-AFFBF6FE8AE4}C:\\stubinstaller.exe"= UDP:C:\stubinstaller.exe:LimeWire swarmed installer
"UDP Query User{B7CD9289-4E80-407A-9012-46DFF62DCF73}C:\\stubinstaller.exe"= TCP:C:\stubinstaller.exe:LimeWire swarmed installer
"{3BD5799F-4416-4F3A-A3FE-D7F0CB8ECF21}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{DD6AAFB9-DC25-46E1-B189-B99F9BF611AB}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{901D655D-3F7B-4B69-969F-E771867B89F9}C:\\program files\\softnyx\\rakion\\bin\\rakion.bin"= UDP:C:\program files\softnyx\rakion\bin\rakion.bin:rakion.bin
"UDP Query User{C1F0EF05-EBE1-427E-B815-62FFBC9F8FD9}C:\\program files\\softnyx\\rakion\\bin\\rakion.bin"= TCP:C:\program files\softnyx\rakion\bin\rakion.bin:rakion.bin
"{F1FF1308-993F-4A8F-8681-6002D2AB53C8}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A252D0F7-8EA5-4B70-B3E9-D3876992D36F}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{425626AF-857F-425C-9A2F-0DF9D90A569B}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{E0A3E422-765A-487E-BDF3-207414490E85}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{AB81AD52-2C03-4666-A611-5051FBA82E11}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5059A649-85AE-406B-A8BE-964E62E2A58B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{01608F3F-B0C5-4656-BE8F-B37554DDAC9E}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{79B5A044-5BCE-425C-AC80-78BC82208842}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{17412FCF-B507-48D8-B6A1-A82693CD96F6}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{AA10F3D1-8CF9-42C0-B749-3B53279888E3}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{44DFF70C-21B2-462F-A8B1-2CB041EFF3F5}C:\\users\\yann\\program files\\dna\\btdna.exe"= UDP:C:\users\yann\program files\dna\btdna.exe:btdna.exe
"UDP Query User{C6D721C1-5622-4122-B8B8-956165B28E78}C:\\users\\yann\\program files\\dna\\btdna.exe"= TCP:C:\users\yann\program files\dna\btdna.exe:btdna.exe
"{0023739A-DD0C-4E05-9A75-F3B55C366211}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{E363D16B-879C-4B18-98D3-0D6960FEDC36}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{5C5574F1-9BFD-4643-96B9-10AA3FF3C8CF}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{9EBF96FC-8816-4C8D-A367-9E3832C85247}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{D575D67C-F507-4A86-9656-032B44D3C77B}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{89487D3C-9700-44CC-91F2-70CD8BC1A140}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080729.001\IDSvix86.sys [2008-05-13 01:25]
R2 LBeepKE;LBeepKE;C:\Windows\system32\Drivers\LBeepKE.sys [2006-06-30 00:53]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-29 08:24]
R3 MAFW;%FW.SvcDesc%;C:\Windows\system32\DRIVERS\mafw.sys [2007-10-24 14:37]
R3 RTL8187;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187.sys [2007-01-30 22:03]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-10 00:32]
R3 SynasUSB;SynasUSB;C:\Windows\system32\drivers\SynasUSB.sys [2007-10-24 11:47]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 10:51]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 22:46]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 22:46]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b301feb-9f3f-11dc-ba26-0018f3ab76d9}]
\shell\AutoRun\command - start.exe
\shell\iledefrance\command - start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7ab7dbd-cf2d-11dc-b297-0018f3ab76d9}]
\shell\AutoRun\command - F:\start.exe
\shell\iledefrance\command - F:\start.exe
*Newly Created Service* - AVG_ANTI-SPYWARE_DRIVER
*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
2008-07-31 C:\Windows\Tasks\User_Feed_Synchronization-{1A825D47-3878-444D-9972-85104337B1FB}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]
2008-07-31 C:\Windows\Tasks\User_Feed_Synchronization-{3F42194D-95F7-4276-A93A-8A05D663FA9F}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Yann\AppData\Roaming\Mozilla\Firefox\Profiles\wdo6p2mz.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - google.fr
Et le rapport hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:06, on 2008-07-31
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Windows\System32\maFwTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Users\Yann\Program Files\DNA\btdna.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ai Quicker Help] "C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe" -r
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MAFWTaskbarApp] C:\Windows\system32\MAFWTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Yann\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\Windows\System32\ati2sgag.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
ComboFix 08-07-30.02 - Yann 2008-07-31 18:46:09.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2184 [GMT 2:00]
Endroit: C:\Users\Yann\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Users\Yann\AppData\Roaming\Microsoft\dtsc
C:\Users\Yann\AppData\Roaming\Microsoft\dtsc\15626.exe
C:\Users\Yann\AppData\Roaming\Microsoft\dtsc\s
C:\Windows\system32\efcDVnNH.dll
C:\Windows\system32\fcccbbxU.dll
C:\Windows\system32\packet.dll
C:\Windows\system32\pmnnLBut.dll
C:\Windows\system32\rqRJApqo.dll
C:\Windows\system32\tuvWmJbB.dll
----- BITS: Possible sites infectés -----
https://www.hugedomains.com/domain_profile.cfm?d=theinstalls&e=com
.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-28 to 2008-07-31 ))))))))))))))))))))))))))))))))))))
.
2008-07-31 18:05 . 2008-07-31 18:05 <REP> d-------- C:\Program Files\Trend Micro
2008-07-31 18:04 . 2008-07-31 18:04 <REP> d-------- C:\Users\Yann\AppData\Roaming\Grisoft
2008-07-31 18:03 . 2008-07-31 18:03 <REP> d-------- C:\Users\All Users\Grisoft
2008-07-31 18:03 . 2008-07-31 18:03 <REP> d-------- C:\ProgramData\Grisoft
2008-07-31 18:03 . 2007-05-30 14:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-07-31 11:11 . 2008-07-31 11:12 <REP> d-------- C:\Users\All Users\Lavasoft
2008-07-31 11:11 . 2008-07-31 11:12 <REP> d-------- C:\ProgramData\Lavasoft
2008-07-31 11:11 . 2008-07-31 11:11 <REP> d-------- C:\Program Files\Lavasoft
2008-07-31 11:10 . 2008-07-31 11:10 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-31 10:39 . 2008-07-31 10:39 130,208 -r------- C:\Windows\bwUnin-8.1.1.87-8876480SL.exe
2008-07-30 19:59 . 2008-07-30 19:59 611,064 --a------ C:\Windows\System32\drivers\sptd.sys
2008-07-30 19:59 . 2008-07-30 19:59 142,904 --a------ C:\Windows\System32\drivers\sptddrv1.sys
2008-07-30 17:13 . 2008-07-30 17:31 <REP> d-------- C:\Users\Yann\AppData\Roaming\Ulead Systems
2008-07-30 16:03 . 2008-07-30 16:03 <REP> d-------- C:\Program Files\Common Files\InterVideo
2008-07-30 16:02 . 2008-07-30 16:02 <REP> d-------- C:\Users\All Users\InterVideo
2008-07-30 16:02 . 2008-07-30 16:02 <REP> d-------- C:\ProgramData\InterVideo
2008-07-30 16:02 . 2007-03-06 11:58 210,456 --a------ C:\Windows\System32\IVIresizeW7.dll
2008-07-30 16:02 . 2007-03-06 11:58 206,360 --a------ C:\Windows\System32\IVIresizeA6.dll
2008-07-30 16:02 . 2007-03-06 11:58 198,168 --a------ C:\Windows\System32\IVIresizeP6.dll
2008-07-30 16:02 . 2007-03-06 11:58 198,168 --a------ C:\Windows\System32\IVIresizeM6.dll
2008-07-30 16:02 . 2007-03-06 11:58 194,072 --a------ C:\Windows\System32\IVIresizePX.dll
2008-07-30 16:02 . 2007-03-06 11:58 26,136 --a------ C:\Windows\System32\IVIresize.dll
2008-07-30 15:57 . 2008-07-30 15:57 <REP> d-------- C:\Program Files\Windows Media Components
2008-07-30 15:54 . 2008-07-30 17:12 <REP> d-------- C:\Users\All Users\Ulead Systems
2008-07-30 15:54 . 2008-07-30 17:12 <REP> d-------- C:\ProgramData\Ulead Systems
2008-07-30 15:54 . 2008-07-30 15:54 <REP> d-------- C:\Program Files\Ulead Systems
2008-07-30 15:54 . 2008-07-30 15:57 <REP> d-------- C:\Program Files\Common Files\Ulead Systems
2008-07-30 11:19 . 2008-07-30 11:20 <REP> d-------- C:\Users\Yann\AppData\Roaming\.ABC
2008-07-30 09:46 . 2008-07-30 09:46 <REP> d-------- C:\Program Files\iPod
2008-07-30 09:45 . 2008-07-30 09:45 <REP> d-------- C:\Program Files\QuickTime
2008-07-29 23:24 . 2008-06-30 10:52 1,425,408 --a------ C:\Users\Yann\cpuz.exe
2008-07-29 23:06 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-29 23:06 . 2008-06-26 03:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-29 23:06 . 2008-06-26 05:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-07-09 08:08 . 2008-04-26 10:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-07-09 08:08 . 2008-04-26 10:25 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-07-09 08:08 . 2008-04-26 10:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-07-09 08:08 . 2008-04-12 05:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll
2008-07-09 08:08 . 2008-05-10 05:35 564,736 --a------ C:\Windows\System32\emdmgmt.dll
2008-07-09 08:08 . 2008-04-05 03:21 72,192 --a------ C:\Windows\System32\drivers\pacer.sys
2008-07-09 08:08 . 2008-04-05 05:34 15,360 --a------ C:\Windows\System32\pacerprf.dll
2008-07-09 08:07 . 2008-05-08 23:59 430,080 --a------ C:\Windows\System32\vbscript.dll
2008-07-09 08:07 . 2008-05-08 23:59 180,224 --a------ C:\Windows\System32\scrobj.dll
2008-07-09 08:07 . 2008-05-08 23:59 172,032 --a------ C:\Windows\System32\scrrun.dll
2008-07-09 08:07 . 2008-05-08 23:59 155,648 --a------ C:\Windows\System32\wscript.exe
2008-07-09 08:07 . 2008-05-08 23:58 135,168 --a------ C:\Windows\System32\wshom.ocx
2008-07-09 08:07 . 2008-05-08 23:58 135,168 --a------ C:\Windows\System32\cscript.exe
2008-07-09 08:07 . 2008-05-08 23:59 90,112 --a------ C:\Windows\System32\wshext.dll
2008-07-04 02:23 . 2008-07-04 02:23 <REP> d-------- C:\Users\Yann\AppData\Roaming\AVS4YOU
2008-07-04 02:23 . 2008-07-04 02:23 <REP> d-------- C:\Users\All Users\AVS4YOU
2008-07-04 02:23 . 2008-07-04 02:23 <REP> d-------- C:\ProgramData\AVS4YOU
2008-07-04 02:22 . 2008-07-04 02:56 <REP> d-------- C:\Program Files\Common Files\AVSMedia
2008-07-04 02:21 . 2007-02-27 19:36 974,848 --a------ C:\Windows\System32\mfc70.dll
2008-07-04 02:21 . 2007-02-27 19:36 24,576 --a------ C:\Windows\System32\msxml3a.dll
2008-06-30 18:06 . 2008-06-30 18:06 <REP> d-------- C:\Program Files\Free FLV Converter
2008-06-30 18:06 . 2008-06-04 18:42 364,544 --a------ C:\Windows\System32\PropertyGrid.ocx
2008-06-30 18:06 . 2008-06-13 01:00 225,280 --a------ C:\Windows\System32\TubeFinder.exe
2008-06-30 18:06 . 2008-06-04 18:42 208,500 --a------ C:\Windows\System32\ReyXpBasics.tlb
2008-06-30 18:06 . 2008-06-04 18:42 24,576 --a------ C:\Windows\System32\ControlSubX.ocx
2008-06-30 18:06 . 2008-06-04 18:42 9,728 --a------ C:\Windows\System32\PCCLPFR.DLL
2008-06-30 17:57 . 2005-03-29 07:26 3,608,064 --a------ C:\Users\Yann\ffmpeg.exe
2008-06-25 16:14 . 2008-06-25 16:14 <REP> d-------- C:\Users\Yann\AppData\Roaming\SpeedSim
2008-06-25 16:13 . 2008-06-25 16:13 <REP> d-------- C:\Program Files\SpeedSim
2008-06-14 23:11 . 2008-04-23 06:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-14 23:11 . 2008-04-23 06:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-14 23:11 . 2008-04-23 06:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-14 23:11 . 2008-04-23 06:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-11 22:44 . 2008-06-11 22:44 <REP> d-------- C:\Program Files\Search Settings
2008-06-11 22:41 . 2008-06-11 22:42 <REP> d-------- C:\Program Files\Free Audio Pack
2008-06-11 11:33 . 2008-04-25 04:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-11 11:33 . 2008-04-26 10:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-11 11:33 . 2008-04-25 06:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-11 11:33 . 2008-05-10 03:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-10 11:31 . 2008-06-10 11:31 <REP> d-------- C:\Users\Yann\AppData\Roaming\Symantec
2008-06-03 22:50 . 2008-07-31 17:41 0 --a------ C:\Windows\System32\drivers\lvuvc.hs
2008-06-02 19:20 . 2008-03-06 21:32 23,904 --a------ C:\Windows\System32\drivers\COH_Mon.sys
2008-06-02 19:20 . 2008-03-06 21:32 10,537 --a------ C:\Windows\System32\drivers\COH_Mon.cat
2008-06-02 19:20 . 2008-03-06 21:32 706 --a------ C:\Windows\System32\drivers\COH_Mon.inf
2008-06-02 00:36 . 2008-07-09 08:00 <REP> d-------- C:\Program Files\Norton 360
2008-06-02 00:34 . 2008-06-02 08:58 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS
2008-06-02 00:31 . 2008-06-02 08:58 <REP> d-------- C:\Program Files\Symantec
2008-06-01 22:41 . 2008-06-02 00:26 <REP> d-------- C:\Users\All Users\Avira
2008-06-01 22:41 . 2008-06-02 00:26 <REP> d-------- C:\ProgramData\Avira
2008-06-01 22:30 . 2008-06-01 22:30 <REP> d-------- C:\Users\Yann\AppData\Roaming\Malwarebytes
2008-06-01 22:30 . 2008-06-01 22:30 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-06-01 22:30 . 2008-06-01 22:30 <REP> d-------- C:\ProgramData\Malwarebytes
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-31 16:46 1,310,720 --sha-w C:\Users\Invité\NTUSER.DAT
2008-07-31 16:46 1,310,720 --sha-w C:\Users\Invité\NTUSER.DAT
2008-07-31 16:42 --------- d-----w C:\Users\Yann\AppData\Roaming\DNA
2008-07-31 11:52 --------- d-----w C:\Users\Yann\AppData\Roaming\BitTorrent
2008-07-30 14:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-30 09:29 --------- d-----w C:\ProgramData\Symantec
2008-07-30 07:46 --------- d-----w C:\Program Files\iTunes
2008-07-30 00:08 --------- d-----w C:\Program Files\Java
2008-07-09 20:26 --------- d-----w C:\Program Files\Windows Mail
2008-06-22 20:00 --------- d-----w C:\Users\Yann\AppData\Roaming\SolidWorks
2008-06-04 15:49 5,632 ----a-w C:\Windows\system32\drivers\StarOpen.sys
2008-06-02 06:58 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-06-02 06:58 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-06-02 06:57 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-31 15:16 --------- d-----w C:\Users\Yann\AppData\Roaming\Uniblue
2008-05-30 18:23 --------- d-----w C:\Program Files\Google
2008-05-28 19:47 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-05-28 19:26 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll
2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll
2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll
2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll
2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2008-05-16 09:58 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-05-11 00:49 174 --sha-w C:\Program Files\desktop.ini
2008-05-11 00:00 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-11 00:00 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-10 23:43 47,560 ----a-w C:\Windows\System32\SPReview.exe
2008-05-10 23:43 152,576 ----a-w C:\Windows\System32\SPWizUI.dll
2008-05-02 00:40 84,496 ----a-w C:\Windows\System32\KemXML.dll
2008-05-02 00:40 117,264 ----a-w C:\Windows\System32\KemWnd.dll
2008-05-02 00:39 170,512 ----a-w C:\Windows\System32\kemutb.dll
2008-05-02 00:39 145,936 ----a-w C:\Windows\System32\KemUtil.dll
2008-05-02 00:38 301,656 ----a-w C:\Windows\System32\BtCoreIf.dll
2008-04-17 11:49 765,952 ----a-w C:\Windows\System32\SYNSOACC.dll
2008-04-04 22:54 118,932,952 ----a-w C:\Users\Yann\GunBound_WC_FR_FR.exe
2008-03-29 12:23 92,271,454 ----a-w C:\Users\Yann\NosTale_FR_20080319.exe
2008-01-11 16:11 1,491,592 ----a-w C:\Users\Yann\install_flash_player.exe
2007-12-19 20:21 9,195,248 ----a-w C:\Users\Yann\FW_5.10.00.5051.exe
2007-10-28 04:46 20,233,232 ----a-w C:\Users\Yann\Installation de Windows Live.exe
2007-06-24 00:11 21 ----a-w C:\Program Files\Common Files\appop.log
2003-03-24 15:41 229,635 ----a-w C:\Users\Yann\AstroSigns.exe
2000-07-27 09:50 90,072 ----a-w C:\Users\Yann\CHALD.EXE
1996-12-31 02:00 543,914 ----a-w C:\Users\Yann\MAJIC_CARD.EXE
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-07-31 10:39 91440]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
"BitTorrent DNA"="C:\Users\Yann\Program Files\DNA\btdna.exe" [2008-05-08 11:37 289088]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe" [2006-11-09 12:45 549376]
"Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-11-09 13:10 1126400]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-07 19:03 185632]
"Ai Quicker Help"="C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe" [2006-11-09 21:29 3165696]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 17:37 2178832]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"MAFWTaskbarApp"="C:\Windows\system32\MAFWTray.exe" [2007-10-24 14:37 245760]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [2008-04-16 17:56 985440]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-07-23 13:55 341232]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 03:12 76304 C:\Windows\KHALMNPR.Exe]
C:\Users\Yann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-04-07 00:19:48 270336]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-07-31 10:39:28 91440]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-29 23:58:06 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D5E92AFD-3FFC-4B58-B435-BCAD9FD245AD}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{F2A716C3-1318-467F-B48A-8E6520021994}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"TCP Query User{9B1E11C8-BC1E-4373-BCCF-AFFBF6FE8AE4}C:\\stubinstaller.exe"= UDP:C:\stubinstaller.exe:LimeWire swarmed installer
"UDP Query User{B7CD9289-4E80-407A-9012-46DFF62DCF73}C:\\stubinstaller.exe"= TCP:C:\stubinstaller.exe:LimeWire swarmed installer
"{3BD5799F-4416-4F3A-A3FE-D7F0CB8ECF21}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{DD6AAFB9-DC25-46E1-B189-B99F9BF611AB}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{901D655D-3F7B-4B69-969F-E771867B89F9}C:\\program files\\softnyx\\rakion\\bin\\rakion.bin"= UDP:C:\program files\softnyx\rakion\bin\rakion.bin:rakion.bin
"UDP Query User{C1F0EF05-EBE1-427E-B815-62FFBC9F8FD9}C:\\program files\\softnyx\\rakion\\bin\\rakion.bin"= TCP:C:\program files\softnyx\rakion\bin\rakion.bin:rakion.bin
"{F1FF1308-993F-4A8F-8681-6002D2AB53C8}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A252D0F7-8EA5-4B70-B3E9-D3876992D36F}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{425626AF-857F-425C-9A2F-0DF9D90A569B}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{E0A3E422-765A-487E-BDF3-207414490E85}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{AB81AD52-2C03-4666-A611-5051FBA82E11}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5059A649-85AE-406B-A8BE-964E62E2A58B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{01608F3F-B0C5-4656-BE8F-B37554DDAC9E}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{79B5A044-5BCE-425C-AC80-78BC82208842}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{17412FCF-B507-48D8-B6A1-A82693CD96F6}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{AA10F3D1-8CF9-42C0-B749-3B53279888E3}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{44DFF70C-21B2-462F-A8B1-2CB041EFF3F5}C:\\users\\yann\\program files\\dna\\btdna.exe"= UDP:C:\users\yann\program files\dna\btdna.exe:btdna.exe
"UDP Query User{C6D721C1-5622-4122-B8B8-956165B28E78}C:\\users\\yann\\program files\\dna\\btdna.exe"= TCP:C:\users\yann\program files\dna\btdna.exe:btdna.exe
"{0023739A-DD0C-4E05-9A75-F3B55C366211}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{E363D16B-879C-4B18-98D3-0D6960FEDC36}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{5C5574F1-9BFD-4643-96B9-10AA3FF3C8CF}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{9EBF96FC-8816-4C8D-A367-9E3832C85247}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{D575D67C-F507-4A86-9656-032B44D3C77B}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{89487D3C-9700-44CC-91F2-70CD8BC1A140}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080729.001\IDSvix86.sys [2008-05-13 01:25]
R2 LBeepKE;LBeepKE;C:\Windows\system32\Drivers\LBeepKE.sys [2006-06-30 00:53]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-29 08:24]
R3 MAFW;%FW.SvcDesc%;C:\Windows\system32\DRIVERS\mafw.sys [2007-10-24 14:37]
R3 RTL8187;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187.sys [2007-01-30 22:03]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-10 00:32]
R3 SynasUSB;SynasUSB;C:\Windows\system32\drivers\SynasUSB.sys [2007-10-24 11:47]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 10:51]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 22:46]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 22:46]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b301feb-9f3f-11dc-ba26-0018f3ab76d9}]
\shell\AutoRun\command - start.exe
\shell\iledefrance\command - start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7ab7dbd-cf2d-11dc-b297-0018f3ab76d9}]
\shell\AutoRun\command - F:\start.exe
\shell\iledefrance\command - F:\start.exe
*Newly Created Service* - AVG_ANTI-SPYWARE_DRIVER
*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
2008-07-31 C:\Windows\Tasks\User_Feed_Synchronization-{1A825D47-3878-444D-9972-85104337B1FB}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]
2008-07-31 C:\Windows\Tasks\User_Feed_Synchronization-{3F42194D-95F7-4276-A93A-8A05D663FA9F}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Yann\AppData\Roaming\Mozilla\Firefox\Profiles\wdo6p2mz.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - google.fr
Et le rapport hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:06, on 2008-07-31
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Windows\System32\maFwTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Users\Yann\Program Files\DNA\btdna.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ai Quicker Help] "C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe" -r
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MAFWTaskbarApp] C:\Windows\system32\MAFWTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Yann\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\Windows\System32\ati2sgag.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
31 juil. 2008 à 19:14
31 juil. 2008 à 19:14
ok
je voie que tu as malwarebytes
peux tu le repasser :
ouvre le
Click sur l´onglet recherche et coche la case : "executer un examun complet".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
@+
je voie que tu as malwarebytes
peux tu le repasser :
ouvre le
Click sur l´onglet recherche et coche la case : "executer un examun complet".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
@+
Yuchiang
Messages postés
36
Date d'inscription
dimanche 1 juin 2008
Statut
Membre
Dernière intervention
10 juillet 2009
31 juil. 2008 à 22:02
31 juil. 2008 à 22:02
Me revoilà ^^ Enfin fini voilà le rapport de malware
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1012
Windows 6.0.6001 Service Pack 1
21:57:39 2008-07-31
mbam-log-7-31-2008 (21-57-39).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 179061
Temps écoulé: 2 hour(s), 29 minute(s), 16 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 6
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinAntispyware2008 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Users\Yann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinAntispyware2008 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\QooBox\Quarantine\C\Users\Yann\AppData\Roaming\Microsoft\dtsc\15626.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\efcDVnNH.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\fcccbbxU.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\pmnnLBut.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\rqRJApqo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\tuvWmJbB.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1012
Windows 6.0.6001 Service Pack 1
21:57:39 2008-07-31
mbam-log-7-31-2008 (21-57-39).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 179061
Temps écoulé: 2 hour(s), 29 minute(s), 16 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 6
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinAntispyware2008 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Users\Yann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinAntispyware2008 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\QooBox\Quarantine\C\Users\Yann\AppData\Roaming\Microsoft\dtsc\15626.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\efcDVnNH.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\fcccbbxU.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\pmnnLBut.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\rqRJApqo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\tuvWmJbB.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
31 juil. 2008 à 22:12
31 juil. 2008 à 22:12
tres bien ;)
comment ca va de ton coté ?
post un nouveau rapport hiajck this stp
@+
comment ca va de ton coté ?
post un nouveau rapport hiajck this stp
@+
Yuchiang
Messages postés
36
Date d'inscription
dimanche 1 juin 2008
Statut
Membre
Dernière intervention
10 juillet 2009
31 juil. 2008 à 22:15
31 juil. 2008 à 22:15
Bien pour moi je dois t'avouer que le problème est résolu ! plus de pubs intempestives pour l'instant je te remercie grandement voilà (j'espère ^^) le dernier rapport hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:14, on 2008-07-31
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Windows\System32\maFwTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Users\Yann\Program Files\DNA\btdna.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\conime.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ai Quicker Help] "C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe" -r
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MAFWTaskbarApp] C:\Windows\system32\MAFWTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Yann\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\Windows\System32\ati2sgag.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:14, on 2008-07-31
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Windows\System32\maFwTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Users\Yann\Program Files\DNA\btdna.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\conime.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ai Quicker Help] "C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe" -r
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MAFWTaskbarApp] C:\Windows\system32\MAFWTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Yann\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\Windows\System32\ati2sgag.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
31 juil. 2008 à 22:24
31 juil. 2008 à 22:24
y a du nouveau :(
Copie le texte ci-dessous :
Folder::
C:\Program Files\Search Settings
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
@+
Copie le texte ci-dessous :
Folder::
C:\Program Files\Search Settings
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
@+
Yuchiang
Messages postés
36
Date d'inscription
dimanche 1 juin 2008
Statut
Membre
Dernière intervention
10 juillet 2009
31 juil. 2008 à 22:58
31 juil. 2008 à 22:58
je l'ai posté 2 fois ?? si c le cas désolé ^^
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
31 juil. 2008 à 22:59
31 juil. 2008 à 22:59
moi j´en voie pas la trace ?
recommence stp
@+
recommence stp
@+
Yuchiang
Messages postés
36
Date d'inscription
dimanche 1 juin 2008
Statut
Membre
Dernière intervention
10 juillet 2009
31 juil. 2008 à 23:02
31 juil. 2008 à 23:02
c bon ?
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
31 juil. 2008 à 23:08
31 juil. 2008 à 23:08
tu as fais ca ?
Copie le texte ci-dessous :
Folder::
C:\Program Files\Search Settings
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
@+
Copie le texte ci-dessous :
Folder::
C:\Program Files\Search Settings
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
@+
Yuchiang
Messages postés
36
Date d'inscription
dimanche 1 juin 2008
Statut
Membre
Dernière intervention
10 juillet 2009
31 juil. 2008 à 23:11
31 juil. 2008 à 23:11
oui je l'ai fait je suis désolé mais je crois que ya un problème sur le forum....je vais réessayer mais bon c étrange
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
31 juil. 2008 à 23:12
31 juil. 2008 à 23:12
...
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
31 juil. 2008 à 23:12
31 juil. 2008 à 23:12
oui il a des bugs :S
post juste un hijack this si tu peux pas poster les deux ( si tu y arrives )
@+
post juste un hijack this si tu peux pas poster les deux ( si tu y arrives )
@+
Yuchiang
Messages postés
36
Date d'inscription
dimanche 1 juin 2008
Statut
Membre
Dernière intervention
10 juillet 2009
31 juil. 2008 à 23:13
31 juil. 2008 à 23:13
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:56:13, on 31/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Windows\System32\maFwTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Users\Yann\Program Files\DNA\btdna.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ai Quicker Help] "C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe" -r
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MAFWTaskbarApp] C:\Windows\system32\MAFWTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Yann\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\Windows\System32\ati2sgag.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Scan saved at 22:56:13, on 31/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Windows\System32\maFwTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Users\Yann\Program Files\DNA\btdna.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ai Quicker Help] "C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe" -r
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MAFWTaskbarApp] C:\Windows\system32\MAFWTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Yann\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\Windows\System32\ati2sgag.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Yuchiang
Messages postés
36
Date d'inscription
dimanche 1 juin 2008
Statut
Membre
Dernière intervention
10 juillet 2009
31 juil. 2008 à 23:16
31 juil. 2008 à 23:16
voilà je crois que c est bon un grand merci pour ce que tu fais pour moi !!
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
31 juil. 2008 à 23:19
31 juil. 2008 à 23:19
c´est bon ;)
a l´aide de hijack this coche et fix :
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
comment fixer :
Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)
-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
fais gaffe avec bitorent dna !
tu en es ou avec ta liscence norton ?
car il laisse vraiment a desirer celui la !
on va faire un scan en ligne ou installer un autre antivirus + par feu si tu le veux bien ?
dis moi
@+
a l´aide de hijack this coche et fix :
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
comment fixer :
Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)
-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
fais gaffe avec bitorent dna !
tu en es ou avec ta liscence norton ?
car il laisse vraiment a desirer celui la !
on va faire un scan en ligne ou installer un autre antivirus + par feu si tu le veux bien ?
dis moi
@+
Yuchiang
Messages postés
36
Date d'inscription
dimanche 1 juin 2008
Statut
Membre
Dernière intervention
10 juillet 2009
31 juil. 2008 à 23:29
31 juil. 2008 à 23:29
Ouai je sais Norton est tout pourrie j'ai déjà eu des déboirs avec lui je vais changer dès la fin de la license mais là elle est assez récente...on vient juste de la racheter donc si tu as un antivirus à me conseiller je prendrai on m'en avait conseillé un mais je sais plus le nom un avec une boite verte je crois ^^ en tout un grand merci !!
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
31 juil. 2008 à 23:38
31 juil. 2008 à 23:38
ok
bon alors garde norton...
tu peux ajouter :
spywareblaster :
http://www.brightfort.com/spywareblaster.html
c´est un resident, il suffit de le mettre a jour de temps en temps car la version gratuite ne le fait pas toute seul , une fois installé et mis a jour tu mets toutes les protections sur "enable"
tuto : https://www.malekal.com/tutorial-spywareblaster/
ca sera deja ca ;)
sinon
je t´aurais proposé du gratuit...
tu peux garder ce lien pour plus tard :)
http://www.commentcamarche.net/forum/affich 7657969 la meilleur solution gratuite#dernier > le post 3 :)
donc nous on va faire :
Fais un scan en ligne Kaspersky avec Internet Explorer :
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
-> Click sur Démarrer Online-Scanner
-> Click maintenant sur J'accepte.
-> Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
-> Patiente pendant l'installation des Mises à jour.
-> Choisis par la suite l'analyse du Poste de travail.
-> Sauvegarde puis colle le rapport généré en fin d'analyse.
bon courage, c´est long mais...
@+
bon alors garde norton...
tu peux ajouter :
spywareblaster :
http://www.brightfort.com/spywareblaster.html
c´est un resident, il suffit de le mettre a jour de temps en temps car la version gratuite ne le fait pas toute seul , une fois installé et mis a jour tu mets toutes les protections sur "enable"
tuto : https://www.malekal.com/tutorial-spywareblaster/
ca sera deja ca ;)
sinon
je t´aurais proposé du gratuit...
tu peux garder ce lien pour plus tard :)
http://www.commentcamarche.net/forum/affich 7657969 la meilleur solution gratuite#dernier > le post 3 :)
donc nous on va faire :
Fais un scan en ligne Kaspersky avec Internet Explorer :
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
-> Click sur Démarrer Online-Scanner
-> Click maintenant sur J'accepte.
-> Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
-> Patiente pendant l'installation des Mises à jour.
-> Choisis par la suite l'analyse du Poste de travail.
-> Sauvegarde puis colle le rapport généré en fin d'analyse.
bon courage, c´est long mais...
@+
Yuchiang
Messages postés
36
Date d'inscription
dimanche 1 juin 2008
Statut
Membre
Dernière intervention
10 juillet 2009
31 juil. 2008 à 23:44
31 juil. 2008 à 23:44
Bah merci beaucoup et un anti virus shareware à me recommander quand ce norton sera mort ?
