Virus alerte de sécurité wwindow
Résolu
marechalCAMBRONNE
Messages postés
11
Statut
Membre
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Hey salut à tous
Problème majeur: j'ai un nouveau fond d'écran me disant que mon ordi est infecté, j,ai des popups constant me demandant de partir mon anti virus (c'est probablement un virus aussi lol) et malgré toute mes tentatives, je n'arrive pas à m'en débarasser: alors Hijackthis!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:34:13, on 2008-08-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\lphc942j0e1a3.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\MILE~1\LOCALS~1\Temp\setup1018.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\DOCUME~1\MILE~1\LOCALS~1\Temp\21A.tmp
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Émile\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [lphc942j0e1a3] C:\WINDOWS\system32\lphc942j0e1a3.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Somefox] C:\DOCUME~1\MILE~1\LOCALS~1\Temp\setup1018.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
Problème majeur: j'ai un nouveau fond d'écran me disant que mon ordi est infecté, j,ai des popups constant me demandant de partir mon anti virus (c'est probablement un virus aussi lol) et malgré toute mes tentatives, je n'arrive pas à m'en débarasser: alors Hijackthis!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:34:13, on 2008-08-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\lphc942j0e1a3.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\MILE~1\LOCALS~1\Temp\setup1018.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\DOCUME~1\MILE~1\LOCALS~1\Temp\21A.tmp
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Émile\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [lphc942j0e1a3] C:\WINDOWS\system32\lphc942j0e1a3.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Somefox] C:\DOCUME~1\MILE~1\LOCALS~1\Temp\setup1018.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
A voir également:
- Virus alerte de sécurité wwindow
- Question de sécurité - Guide
- Votre appareil ne dispose pas des correctifs de qualité et de sécurité importants - Guide
- Comment supprimer fausse alerte virus mcafee - Accueil - Piratage
- Mode securite - Guide
- Alerte virus google - Accueil - Virus
22 réponses
slt
tu es infécté
vire AD AWARE qui est dépassé
et installe malwarebyte antimalware:
et
colle un rapport avec malwarebyte antimalware après suppression de ce qui a été trouvé:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
recolles ensuite un rapport hijackhtis et explique tes problèmes actuels
tu es infécté
vire AD AWARE qui est dépassé
et installe malwarebyte antimalware:
et
colle un rapport avec malwarebyte antimalware après suppression de ce qui a été trouvé:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
recolles ensuite un rapport hijackhtis et explique tes problèmes actuels
tu as surement attrapé un adware !
il te fait une pub pour un faux logiciel de securite , qui une fois installé infecte ton ordi !
le plus connu je crois est "Spyware secure"
il te fait une pub pour un faux logiciel de securite , qui une fois installé infecte ton ordi !
le plus connu je crois est "Spyware secure"
En fait en meme temps que je vous écrivais, mon anti spyware a trouvé le bobo, tout est reglé!
Merci quand meme!
Merci quand meme!
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Le problème vient de moi qui a comme un con voulu installer un crack pour un programme nommé Army Builder 3.1
Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1076
Windows 5.1.2600 Service Pack 2
10:56:32 2008-08-21
mbam-log-08-21-2008 (10-56-32).txt
Type de recherche: Examen rapide
Eléments examinés: 64380
Temps écoulé: 10 minute(s), 42 second(s)
Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 6
Processus mémoire infecté(s):
C:\Documents and Settings\Émile\Local Settings\Temp\21A.tmp (Rogue.Installer) -> Unloaded process successfully.
C:\WINDOWS\system32\lphc942j0e1a3.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc942j0e1a3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Somefox (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Documents and Settings\Émile\Local Settings\Temp\21A.tmp (Rogue.Installer) -> Delete on reboot.
C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphc942j0e1a3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phc942j0e1a3.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Émile\Local Settings\Temp\setup1018.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\Émile\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
Ca dit que je dois redémarrer pour effacer 2 des trucs, je redémarre donc de suite!
Version de la base de données: 1076
Windows 5.1.2600 Service Pack 2
10:56:32 2008-08-21
mbam-log-08-21-2008 (10-56-32).txt
Type de recherche: Examen rapide
Eléments examinés: 64380
Temps écoulé: 10 minute(s), 42 second(s)
Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 6
Processus mémoire infecté(s):
C:\Documents and Settings\Émile\Local Settings\Temp\21A.tmp (Rogue.Installer) -> Unloaded process successfully.
C:\WINDOWS\system32\lphc942j0e1a3.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc942j0e1a3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Somefox (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Documents and Settings\Émile\Local Settings\Temp\21A.tmp (Rogue.Installer) -> Delete on reboot.
C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphc942j0e1a3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phc942j0e1a3.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Émile\Local Settings\Temp\setup1018.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\Émile\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
Ca dit que je dois redémarrer pour effacer 2 des trucs, je redémarre donc de suite!
il faut faire un exement complet et pas un rapide ! recommence
si tu as des cracks vire les car je me demande si il y pas aussi du bagle
après avoir refais malwarebyte:
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
si tu as des cracks vire les car je me demande si il y pas aussi du bagle
après avoir refais malwarebyte:
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:58:30, on 2008-08-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Émile\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {500BCA15-57A7-4eaf-8143-8C619470B13D} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [lphc942j0e1a3] C:\WINDOWS\system32\lphc942j0e1a3.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Somefox] C:\DOCUME~1\MILE~1\LOCALS~1\Temp\setup1018.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
Scan saved at 14:58:30, on 2008-08-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Émile\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {500BCA15-57A7-4eaf-8143-8C619470B13D} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [lphc942j0e1a3] C:\WINDOWS\system32\lphc942j0e1a3.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Somefox] C:\DOCUME~1\MILE~1\LOCALS~1\Temp\setup1018.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
analyse ces fichiers sur virus total et colle le rapport: https://www.virustotal.com/gui/
C:\WINDOWS\system32\ntvdm.exe
_________________
télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\WINDOWS\system32\lphc942j0e1a3.exe
C:\DOCUME~1\MILE~1\LOCALS~1\Temp\setup1018.exe
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
C:\WINDOWS\system32\ntvdm.exe
_________________
télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\WINDOWS\system32\lphc942j0e1a3.exe
C:\DOCUME~1\MILE~1\LOCALS~1\Temp\setup1018.exe
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.8.21.0 2008.08.21 -
AntiVir 7.8.1.23 2008.08.21 -
Authentium 5.1.0.4 2008.08.21 -
Avast 4.8.1195.0 2008.08.21 -
AVG 8.0.0.161 2008.08.21 -
BitDefender 7.2 2008.08.21 -
CAT-QuickHeal 9.50 2008.08.21 -
ClamAV 0.93.1 2008.08.21 -
DrWeb 4.44.0.09170 2008.08.21 -
eSafe 7.0.17.0 2008.08.21 -
eTrust-Vet 31.6.6039 2008.08.21 -
Ewido 4.0 2008.08.21 -
F-Prot 4.4.4.56 2008.08.21 -
F-Secure 7.60.13501.0 2008.08.21 -
Fortinet 3.14.0.0 2008.08.21 -
GData 2.0.7306.1023 2008.08.20 -
Ikarus T3.1.1.34.0 2008.08.21 -
K7AntiVirus 7.10.423 2008.08.21 -
Kaspersky 7.0.0.125 2008.08.21 -
McAfee 5366 2008.08.21 -
Microsoft 1.3807 2008.08.21 -
NOD32v2 3376 2008.08.21 -
Norman 5.80.02 2008.08.21 -
Panda 9.0.0.4 2008.08.21 -
PCTools 4.4.2.0 2008.08.21 -
Prevx1 V2 2008.08.21 -
Rising 20.58.32.00 2008.08.21 -
Sophos 4.32.0 2008.08.21 -
Sunbelt 3.1.1564.1 2008.08.21 -
Symantec 10 2008.08.21 -
TheHacker 6.3.0.6.057 2008.08.21 -
TrendMicro 8.700.0.1004 2008.08.21 -
VBA32 3.12.8.4 2008.08.21 -
ViRobot 2008.8.21.1344 2008.08.21 -
VirusBuster 4.5.11.0 2008.08.21 -
Webwasher-Gateway 6.6.2 2008.08.21 -
Information additionnelle
File size: 420864 bytes
MD5...: 5827b14b4e84da4144d8215883e05177
SHA1..: aad2d896697e1eaea75d3c75c8f9e3728d2a29e0
SHA256: dc1464ab506ca7b52c84b0372b9347eeea7916daa3cb7f8f26621ae942b7f00f
SHA512: 8d06c481b04a6942c41aa60a016b85892f467e8400895b7865093e185763b5cd
c96e4fd4a34fe93e966d24aa4203e2d3e40f880d44cf3379d7819cc3961cc647
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0xf00f34c
timedatestamp.....: 0x41107d3e (Wed Aug 04 06:07:58 2004)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5fa0e 0x5fc00 6.75 d95b838d49a097eb6b99ae0290480c9e
.data 0x61000 0x4310c 0x4c00 4.97 a827b082d3f2db6239a5e512489e10d4
.rsrc 0xa5000 0x1f68 0x2000 3.57 2bcfe0f6740197328f5fdb2a99f7394d
( 5 imports )
> KERNEL32.dll: GetVersionExA, HeapAlloc, ExitProcess, GetProcAddress, GetModuleHandleA, WriteFile, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetLastError, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetStartupInfoA, HeapDestroy, HeapCreate, VirtualFree, HeapFree, VirtualAlloc, GetCommandLineA, GetSystemTimeAsFileTime, RtlUnwind, InterlockedExchange, VirtualQuery, LoadLibraryA, GetACP, GetOEMCP, GetCPInfo, LCMapStringA, MultiByteToWideChar, LCMapStringW, ReadFile, FlushFileBuffers, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, VirtualProtect, GetSystemInfo, SetFilePointer, CloseHandle, SetStdHandle, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, HeapReAlloc, TerminateProcess, GetConsoleKeyboardLayoutNameA, SetVDMCurrentDirectories, GetCurrentProcessId, GetCurrentThreadId, QueryPerformanceCounter, GetTickCount, DebugBreak, GetLocalTime, Sleep, WaitForSingleObjectEx, ExitThread, SetEvent, InitializeCriticalSection, CreateEventA, SetThreadPriority, CreateThread, RaiseException, FormatMessageA, FindClose, CreateFileA, FindFirstFileA, GetFileSize, SetLastError, SetPriorityClass, GetPriorityClass, GetSystemDirectoryA, TlsAlloc, GetSystemDefaultLangID, IsBadCodePtr, WaitForSingleObject, TlsSetValue, TlsGetValue, PulseEvent, ResumeThread, DuplicateHandle, GetCurrentThread, LeaveCriticalSection, EnterCriticalSection, ClearCommError, GetOverlappedResult, SetCommState, DeleteCriticalSection, WaitForMultipleObjects, SetCommTimeouts, GetCommTimeouts, SetupComm, GetCommState, EscapeCommFunction, ClearCommBreak, SetCommBreak, OutputDebugStringA, GetConsoleDisplayMode, GetThreadContext, GlobalMemoryStatus, SetCurrentDirectoryA, SetEnvironmentVariableA, SetConsoleTitleA, GetConsoleTitleA, ReadConsoleOutputA, SetConsoleCursorPosition, GetConsoleCursorInfo, GetConsoleOutputCP, GetConsoleScreenBufferInfo, SetConsoleCursorInfo, WriteConsoleOutputA, SetConsoleWindowInfo, SetConsoleScreenBufferSize, SetConsoleMode, GetConsoleMode, Beep, SetConsoleActiveScreenBuffer, FillConsoleOutputAttribute, FillConsoleOutputCharacterA, GetConsoleFontSize, GetCurrentConsoleFont, WriteConsoleA, CreateConsoleScreenBuffer, DeviceIoControl, ReleaseMutex, SetConsoleCtrlHandler, CreateMutexA, _lclose, _lread, _llseek, _lopen, GetSystemWindowsDirectoryA, GetFileAttributesA, GetWindowsDirectoryA, SuspendThread, FreeLibrary, IsDebuggerPresent, LocalFree, LocalAlloc, CreateSemaphoreA, ReleaseSemaphore, ResetEvent, lstrcmpiA, FileTimeToDosDateTime, FileTimeToLocalFileTime, QueryDosDeviceW, GetShortPathNameW, IsDBCSLeadByte, GetFileAttributesW, DefineDosDeviceW, FindNextFileW, FindFirstFileW, GetDriveTypeA, CreateDirectoryW, RemoveDirectoryW, MoveFileW, LocalFileTimeToFileTime, GetDriveTypeW, GetFileTime, SetFileTime, SystemTimeToFileTime, GetSystemTime, SetEndOfFile, CreateFileW, DeleteFileW, GetFileInformationByHandle, GetEnvironmentVariableA, GetCompressedFileSizeW, SetFileAttributesW, SetLocalTime, SetErrorMode, SetVolumeLabelA, UnlockFile, LockFile, CreateDirectoryA, GetShortPathNameA, DeleteFileA, GetTempPathA, TerminateThread, GetTempFileNameA, SearchPathA, GetConsoleCP, GetBinaryTypeA, GetExitCodeProcess, CreateProcessA, SearchPathW, GetTempFileNameW, ExpandEnvironmentStringsA, MoveFileExW, GetDiskFreeSpaceW, GetVolumeInformationW, GetComputerNameW, VirtualUnlock, GetNextVDMCommand, ExitVDM, SetConsoleDisplayMode, SetConsoleKeyShortcuts, GetConsoleHardwareState, SetConsoleHardwareState, RegisterConsoleVDM, SetConsolePalette, ConsoleMenuControl, ShowConsoleCursor, VDMConsoleOperation, WriteConsoleInputVDMW, ReadConsoleInputExW, GetConsoleInputWaitHandle, SetLastConsoleEventActive, InvalidateConsoleDIBits, GetProcessHeap
> ntdll.dll: NtClose, NtEnumerateValueKey, NtOpenKey, RtlInitUnicodeString, RtlUnicodeStringToAnsiString, NtQueryInformationProcess, RtlTimeToTimeFields, RtlTimeFieldsToTime, NtAlertThread, NtQueryPerformanceCounter, RtlExtendedLargeIntegerDivide, NtWaitForMultipleObjects, RtlExtendedIntegerMultiply, RtlLeaveCriticalSection, RtlEnterCriticalSection, NtTerminateProcess, RtlInitializeCriticalSection, NtVdmControl, RtlUnicodeStringToOemString, RtlAnsiStringToUnicodeString, RtlInitString, RtlOemStringToUnicodeString, RtlFreeUnicodeString, NtRaiseHardError, RtlInitAnsiString, RtlNtStatusToDosError, NtAllocateVirtualMemory, NtCreateFile, NtDeviceIoControlFile, RtlFillMemoryUlong, NtOpenFile, NtQueryInformationFile, NtFsControlFile, NtWaitForSingleObject, NtMapViewOfSection, NtUnmapViewOfSection, NtCreateSection, NtQueryValueKey, NtFreeVirtualMemory, RtlOemToUnicodeN, NtGetContextThread, NtQueryInformationThread, NtDuplicateObject, NtSetContextThread, DbgPrint, DbgPrompt, NtSetInformationFile, _strcmpi, RtlEqualUnicodeString, NtQuerySymbolicLinkObject, NtOpenSymbolicLinkObject, RtlAppendUnicodeToString, RtlFreeAnsiString, NtQueryObject, NtQueryVolumeInformationFile, RtlFreeHeap, NtQueryDirectoryFile, RtlCompareUnicodeString, RtlUpcaseUnicodeStringToCountedOemString, RtlIsNameLegalDOS8Dot3, RtlIsDosDeviceName_U, RtlAllocateHeap, RtlCreateUnicodeString, RtlDosPathNameToNtPathName_U, RtlUnicodeStringToCountedOemString, RtlUpcaseUnicodeChar, RtlGetFullPathName_U, RtlDetermineDosPathNameType_U, RtlReAllocateHeap, RtlAppendUnicodeStringToString, RtlGenerate8dot3Name, NtQueryFullAttributesFile, RtlDestroyEnvironment, RtlSetEnvironmentVariable, RtlCreateEnvironment, RtlxUnicodeStringToOemSize, NlsMbOemCodePageTag, RtlReleasePebLock, RtlAcquirePebLock, RtlFreeOemString, RtlSetCurrentDirectory_U, NtQuerySystemInformation, NtQueryVirtualMemory, RtlCharToInteger
> ADVAPI32.dll: RegOpenKeyExA, RegQueryInfoKeyA, RegCloseKey, RegQueryValueExA, RegEnumValueA
> GDI32.dll: SetPaletteEntries, SelectPalette, RemoveFontResourceW, CreatePalette
> USER32.dll: wsprintfA, GetKeyboardType, CharToOemBuffA, OemToCharA, CharUpperBuffW, MapVirtualKeyA, LoadStringA, LoadStringW, GetWindowThreadProcessId, SendMessageA, ShowWindow, SetWindowPos, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, GetDesktopWindow, GetUserObjectInformationA, GetThreadDesktop, SetWindowLongA, SetWindowTextA, LoadIconA, EndDialog, SendDlgItemMessageA, GetWindowLongA, DialogBoxParamA, SetForegroundWindow, DefWindowProcA, EnumWindows, ShowStartGlass, FindWindowA, GetForegroundWindow, MessageBeep, SetCursorPos, GetCursorPos, ClipCursor, DeleteMenu, AppendMenuW, ModifyMenuW, GetClipCursor, GetKeyState, PostMessageA, wvsprintfA, VkKeyScanW
( 162 exports )
BlockWOWIdle, CurrentMonitorTeb, DBGNotifyDebugged, DBGNotifyNewTask, DBGNotifyRemoteThreadAddress, DispatchInterrupts, Dos_Flag_Addr, DpmiSetIncrementalAlloc, ExpLdt, FlatAddress, GetDOSAppName, GetWOWShortCutInfo, IsCdRomFile, MGetVdmPointer, RegisterWOWIdle, ResumeTimerThread, SelectorLimit, SetShadowDescriptorEntries, Sim32pGetVDMPointer, SoftPcEoi, SuspendTimerThread, VDDAllocMem, VDDAllocateDosHandle, VDDAssociateNtHandle, VDDDeInstallIOHook, VDDDeInstallMemoryHook, VDDDeInstallUserHook, VDDExcludeMem, VDDFreeMem, VDDIncludeMem, VDDInstallIOHook, VDDInstallMemoryHook, VDDInstallUserHook, VDDQueryDMA, VDDReleaseDosHandle, VDDReleaseIrqLine, VDDRequestDMA, VDDReserveIrqLine, VDDRetrieveNtHandle, VDDSetDMA, VDDSimulate16, VDDTerminateVDM, VdmDbgAttach, VdmGetParametersInfoError, VdmMapFlat, VdmParametersInfo, VdmTraceEvent, WOWSysErrorBox, WaitIfIdle, call_ica_hw_interrupt, cmdCheckTemp, cmdCheckTempInit, cpu_createthread, demClientErrorEx, demFileDelete, demFileFindFirst, demFileFindNext, demGetCurrentDirectoryLCDS, demGetFileTimeByHandle_WOW, demGetPhysicalDriveType, demIsShortPathName, demLFNCleanup, demLFNGetCurrentDirectory, demSetCurrentDirectoryGetDrive, demSetCurrentDirectoryLCDS, demWOWLFNAllocateSearchHandle, demWOWLFNCloseSearchHandle, demWOWLFNEntry, demWOWLFNGetSearchHandle, demWOWLFNInit, fSeparateWow, getAF, getAH, getAL, getAX, getBH, getBL, getBP, getBX, getCF, getCH, getCL, getCS, getCX, getDF, getDH, getDI, getDL, getDS, getDX, getEAX, getEBP, getEBX, getECX, getEDI, getEDX, getEFLAGS, getEIP, getES, getESI, getESP, getFS, getGS, getIF, getIP, getIntelRegistersPointer, getMSW, getOF, getPF, getSF, getSI, getSP, getSS, getZF, host_CreateThread, host_ExitThread, host_com_close, host_direct_access_error, host_simulate, pDeviceChain, setAF, setAH, setAL, setAX, setBH, setBL, setBP, setBX, setCF, setCH, setCL, setCS, setCX, setDF, setDH, setDI, setDL, setDS, setDX, setEAX, setEBP, setEBX, setECX, setEDI, setEDX, setEFLAGS, setEIP, setES, setESI, setESP, setFS, setGS, setIF, setIP, setMSW, setOF, setPF, setSF, setSI, setSP, setSS, setZF
File/Folder not found.
File/Folder C:\WINDOWS\system32\lphc942j0e1a3.exe not found.
File/Folder C:\DOCUME~1\MILE~1\LOCALS~1\Temp\setup1018.exe not found.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08212008_153223
AhnLab-V3 2008.8.21.0 2008.08.21 -
AntiVir 7.8.1.23 2008.08.21 -
Authentium 5.1.0.4 2008.08.21 -
Avast 4.8.1195.0 2008.08.21 -
AVG 8.0.0.161 2008.08.21 -
BitDefender 7.2 2008.08.21 -
CAT-QuickHeal 9.50 2008.08.21 -
ClamAV 0.93.1 2008.08.21 -
DrWeb 4.44.0.09170 2008.08.21 -
eSafe 7.0.17.0 2008.08.21 -
eTrust-Vet 31.6.6039 2008.08.21 -
Ewido 4.0 2008.08.21 -
F-Prot 4.4.4.56 2008.08.21 -
F-Secure 7.60.13501.0 2008.08.21 -
Fortinet 3.14.0.0 2008.08.21 -
GData 2.0.7306.1023 2008.08.20 -
Ikarus T3.1.1.34.0 2008.08.21 -
K7AntiVirus 7.10.423 2008.08.21 -
Kaspersky 7.0.0.125 2008.08.21 -
McAfee 5366 2008.08.21 -
Microsoft 1.3807 2008.08.21 -
NOD32v2 3376 2008.08.21 -
Norman 5.80.02 2008.08.21 -
Panda 9.0.0.4 2008.08.21 -
PCTools 4.4.2.0 2008.08.21 -
Prevx1 V2 2008.08.21 -
Rising 20.58.32.00 2008.08.21 -
Sophos 4.32.0 2008.08.21 -
Sunbelt 3.1.1564.1 2008.08.21 -
Symantec 10 2008.08.21 -
TheHacker 6.3.0.6.057 2008.08.21 -
TrendMicro 8.700.0.1004 2008.08.21 -
VBA32 3.12.8.4 2008.08.21 -
ViRobot 2008.8.21.1344 2008.08.21 -
VirusBuster 4.5.11.0 2008.08.21 -
Webwasher-Gateway 6.6.2 2008.08.21 -
Information additionnelle
File size: 420864 bytes
MD5...: 5827b14b4e84da4144d8215883e05177
SHA1..: aad2d896697e1eaea75d3c75c8f9e3728d2a29e0
SHA256: dc1464ab506ca7b52c84b0372b9347eeea7916daa3cb7f8f26621ae942b7f00f
SHA512: 8d06c481b04a6942c41aa60a016b85892f467e8400895b7865093e185763b5cd
c96e4fd4a34fe93e966d24aa4203e2d3e40f880d44cf3379d7819cc3961cc647
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0xf00f34c
timedatestamp.....: 0x41107d3e (Wed Aug 04 06:07:58 2004)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5fa0e 0x5fc00 6.75 d95b838d49a097eb6b99ae0290480c9e
.data 0x61000 0x4310c 0x4c00 4.97 a827b082d3f2db6239a5e512489e10d4
.rsrc 0xa5000 0x1f68 0x2000 3.57 2bcfe0f6740197328f5fdb2a99f7394d
( 5 imports )
> KERNEL32.dll: GetVersionExA, HeapAlloc, ExitProcess, GetProcAddress, GetModuleHandleA, WriteFile, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetLastError, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetStartupInfoA, HeapDestroy, HeapCreate, VirtualFree, HeapFree, VirtualAlloc, GetCommandLineA, GetSystemTimeAsFileTime, RtlUnwind, InterlockedExchange, VirtualQuery, LoadLibraryA, GetACP, GetOEMCP, GetCPInfo, LCMapStringA, MultiByteToWideChar, LCMapStringW, ReadFile, FlushFileBuffers, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, VirtualProtect, GetSystemInfo, SetFilePointer, CloseHandle, SetStdHandle, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, HeapReAlloc, TerminateProcess, GetConsoleKeyboardLayoutNameA, SetVDMCurrentDirectories, GetCurrentProcessId, GetCurrentThreadId, QueryPerformanceCounter, GetTickCount, DebugBreak, GetLocalTime, Sleep, WaitForSingleObjectEx, ExitThread, SetEvent, InitializeCriticalSection, CreateEventA, SetThreadPriority, CreateThread, RaiseException, FormatMessageA, FindClose, CreateFileA, FindFirstFileA, GetFileSize, SetLastError, SetPriorityClass, GetPriorityClass, GetSystemDirectoryA, TlsAlloc, GetSystemDefaultLangID, IsBadCodePtr, WaitForSingleObject, TlsSetValue, TlsGetValue, PulseEvent, ResumeThread, DuplicateHandle, GetCurrentThread, LeaveCriticalSection, EnterCriticalSection, ClearCommError, GetOverlappedResult, SetCommState, DeleteCriticalSection, WaitForMultipleObjects, SetCommTimeouts, GetCommTimeouts, SetupComm, GetCommState, EscapeCommFunction, ClearCommBreak, SetCommBreak, OutputDebugStringA, GetConsoleDisplayMode, GetThreadContext, GlobalMemoryStatus, SetCurrentDirectoryA, SetEnvironmentVariableA, SetConsoleTitleA, GetConsoleTitleA, ReadConsoleOutputA, SetConsoleCursorPosition, GetConsoleCursorInfo, GetConsoleOutputCP, GetConsoleScreenBufferInfo, SetConsoleCursorInfo, WriteConsoleOutputA, SetConsoleWindowInfo, SetConsoleScreenBufferSize, SetConsoleMode, GetConsoleMode, Beep, SetConsoleActiveScreenBuffer, FillConsoleOutputAttribute, FillConsoleOutputCharacterA, GetConsoleFontSize, GetCurrentConsoleFont, WriteConsoleA, CreateConsoleScreenBuffer, DeviceIoControl, ReleaseMutex, SetConsoleCtrlHandler, CreateMutexA, _lclose, _lread, _llseek, _lopen, GetSystemWindowsDirectoryA, GetFileAttributesA, GetWindowsDirectoryA, SuspendThread, FreeLibrary, IsDebuggerPresent, LocalFree, LocalAlloc, CreateSemaphoreA, ReleaseSemaphore, ResetEvent, lstrcmpiA, FileTimeToDosDateTime, FileTimeToLocalFileTime, QueryDosDeviceW, GetShortPathNameW, IsDBCSLeadByte, GetFileAttributesW, DefineDosDeviceW, FindNextFileW, FindFirstFileW, GetDriveTypeA, CreateDirectoryW, RemoveDirectoryW, MoveFileW, LocalFileTimeToFileTime, GetDriveTypeW, GetFileTime, SetFileTime, SystemTimeToFileTime, GetSystemTime, SetEndOfFile, CreateFileW, DeleteFileW, GetFileInformationByHandle, GetEnvironmentVariableA, GetCompressedFileSizeW, SetFileAttributesW, SetLocalTime, SetErrorMode, SetVolumeLabelA, UnlockFile, LockFile, CreateDirectoryA, GetShortPathNameA, DeleteFileA, GetTempPathA, TerminateThread, GetTempFileNameA, SearchPathA, GetConsoleCP, GetBinaryTypeA, GetExitCodeProcess, CreateProcessA, SearchPathW, GetTempFileNameW, ExpandEnvironmentStringsA, MoveFileExW, GetDiskFreeSpaceW, GetVolumeInformationW, GetComputerNameW, VirtualUnlock, GetNextVDMCommand, ExitVDM, SetConsoleDisplayMode, SetConsoleKeyShortcuts, GetConsoleHardwareState, SetConsoleHardwareState, RegisterConsoleVDM, SetConsolePalette, ConsoleMenuControl, ShowConsoleCursor, VDMConsoleOperation, WriteConsoleInputVDMW, ReadConsoleInputExW, GetConsoleInputWaitHandle, SetLastConsoleEventActive, InvalidateConsoleDIBits, GetProcessHeap
> ntdll.dll: NtClose, NtEnumerateValueKey, NtOpenKey, RtlInitUnicodeString, RtlUnicodeStringToAnsiString, NtQueryInformationProcess, RtlTimeToTimeFields, RtlTimeFieldsToTime, NtAlertThread, NtQueryPerformanceCounter, RtlExtendedLargeIntegerDivide, NtWaitForMultipleObjects, RtlExtendedIntegerMultiply, RtlLeaveCriticalSection, RtlEnterCriticalSection, NtTerminateProcess, RtlInitializeCriticalSection, NtVdmControl, RtlUnicodeStringToOemString, RtlAnsiStringToUnicodeString, RtlInitString, RtlOemStringToUnicodeString, RtlFreeUnicodeString, NtRaiseHardError, RtlInitAnsiString, RtlNtStatusToDosError, NtAllocateVirtualMemory, NtCreateFile, NtDeviceIoControlFile, RtlFillMemoryUlong, NtOpenFile, NtQueryInformationFile, NtFsControlFile, NtWaitForSingleObject, NtMapViewOfSection, NtUnmapViewOfSection, NtCreateSection, NtQueryValueKey, NtFreeVirtualMemory, RtlOemToUnicodeN, NtGetContextThread, NtQueryInformationThread, NtDuplicateObject, NtSetContextThread, DbgPrint, DbgPrompt, NtSetInformationFile, _strcmpi, RtlEqualUnicodeString, NtQuerySymbolicLinkObject, NtOpenSymbolicLinkObject, RtlAppendUnicodeToString, RtlFreeAnsiString, NtQueryObject, NtQueryVolumeInformationFile, RtlFreeHeap, NtQueryDirectoryFile, RtlCompareUnicodeString, RtlUpcaseUnicodeStringToCountedOemString, RtlIsNameLegalDOS8Dot3, RtlIsDosDeviceName_U, RtlAllocateHeap, RtlCreateUnicodeString, RtlDosPathNameToNtPathName_U, RtlUnicodeStringToCountedOemString, RtlUpcaseUnicodeChar, RtlGetFullPathName_U, RtlDetermineDosPathNameType_U, RtlReAllocateHeap, RtlAppendUnicodeStringToString, RtlGenerate8dot3Name, NtQueryFullAttributesFile, RtlDestroyEnvironment, RtlSetEnvironmentVariable, RtlCreateEnvironment, RtlxUnicodeStringToOemSize, NlsMbOemCodePageTag, RtlReleasePebLock, RtlAcquirePebLock, RtlFreeOemString, RtlSetCurrentDirectory_U, NtQuerySystemInformation, NtQueryVirtualMemory, RtlCharToInteger
> ADVAPI32.dll: RegOpenKeyExA, RegQueryInfoKeyA, RegCloseKey, RegQueryValueExA, RegEnumValueA
> GDI32.dll: SetPaletteEntries, SelectPalette, RemoveFontResourceW, CreatePalette
> USER32.dll: wsprintfA, GetKeyboardType, CharToOemBuffA, OemToCharA, CharUpperBuffW, MapVirtualKeyA, LoadStringA, LoadStringW, GetWindowThreadProcessId, SendMessageA, ShowWindow, SetWindowPos, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, GetDesktopWindow, GetUserObjectInformationA, GetThreadDesktop, SetWindowLongA, SetWindowTextA, LoadIconA, EndDialog, SendDlgItemMessageA, GetWindowLongA, DialogBoxParamA, SetForegroundWindow, DefWindowProcA, EnumWindows, ShowStartGlass, FindWindowA, GetForegroundWindow, MessageBeep, SetCursorPos, GetCursorPos, ClipCursor, DeleteMenu, AppendMenuW, ModifyMenuW, GetClipCursor, GetKeyState, PostMessageA, wvsprintfA, VkKeyScanW
( 162 exports )
BlockWOWIdle, CurrentMonitorTeb, DBGNotifyDebugged, DBGNotifyNewTask, DBGNotifyRemoteThreadAddress, DispatchInterrupts, Dos_Flag_Addr, DpmiSetIncrementalAlloc, ExpLdt, FlatAddress, GetDOSAppName, GetWOWShortCutInfo, IsCdRomFile, MGetVdmPointer, RegisterWOWIdle, ResumeTimerThread, SelectorLimit, SetShadowDescriptorEntries, Sim32pGetVDMPointer, SoftPcEoi, SuspendTimerThread, VDDAllocMem, VDDAllocateDosHandle, VDDAssociateNtHandle, VDDDeInstallIOHook, VDDDeInstallMemoryHook, VDDDeInstallUserHook, VDDExcludeMem, VDDFreeMem, VDDIncludeMem, VDDInstallIOHook, VDDInstallMemoryHook, VDDInstallUserHook, VDDQueryDMA, VDDReleaseDosHandle, VDDReleaseIrqLine, VDDRequestDMA, VDDReserveIrqLine, VDDRetrieveNtHandle, VDDSetDMA, VDDSimulate16, VDDTerminateVDM, VdmDbgAttach, VdmGetParametersInfoError, VdmMapFlat, VdmParametersInfo, VdmTraceEvent, WOWSysErrorBox, WaitIfIdle, call_ica_hw_interrupt, cmdCheckTemp, cmdCheckTempInit, cpu_createthread, demClientErrorEx, demFileDelete, demFileFindFirst, demFileFindNext, demGetCurrentDirectoryLCDS, demGetFileTimeByHandle_WOW, demGetPhysicalDriveType, demIsShortPathName, demLFNCleanup, demLFNGetCurrentDirectory, demSetCurrentDirectoryGetDrive, demSetCurrentDirectoryLCDS, demWOWLFNAllocateSearchHandle, demWOWLFNCloseSearchHandle, demWOWLFNEntry, demWOWLFNGetSearchHandle, demWOWLFNInit, fSeparateWow, getAF, getAH, getAL, getAX, getBH, getBL, getBP, getBX, getCF, getCH, getCL, getCS, getCX, getDF, getDH, getDI, getDL, getDS, getDX, getEAX, getEBP, getEBX, getECX, getEDI, getEDX, getEFLAGS, getEIP, getES, getESI, getESP, getFS, getGS, getIF, getIP, getIntelRegistersPointer, getMSW, getOF, getPF, getSF, getSI, getSP, getSS, getZF, host_CreateThread, host_ExitThread, host_com_close, host_direct_access_error, host_simulate, pDeviceChain, setAF, setAH, setAL, setAX, setBH, setBL, setBP, setBX, setCF, setCH, setCL, setCS, setCX, setDF, setDH, setDI, setDL, setDS, setDX, setEAX, setEBP, setEBX, setECX, setEDI, setEDX, setEFLAGS, setEIP, setES, setESI, setESP, setFS, setGS, setIF, setIP, setMSW, setOF, setPF, setSF, setSI, setSP, setSS, setZF
File/Folder not found.
File/Folder C:\WINDOWS\system32\lphc942j0e1a3.exe not found.
File/Folder C:\DOCUME~1\MILE~1\LOCALS~1\Temp\setup1018.exe not found.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08212008_153223
relance hijackhtis, fais DO A SYSTEM SCAN ONLY Et fix ces lignes (fix cheked)
O2 - BHO: (no name) - {500BCA15-57A7-4eaf-8143-8C619470B13D} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [lphc942j0e1a3] C:\WINDOWS\system32\lphc942j0e1a3.exe
O4 - HKCU\..\Run: [Somefox] C:\DOCUME~1\MILE~1\LOCALS~1\Temp\setup1018.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
è_______________________
encore des problèmes???
O2 - BHO: (no name) - {500BCA15-57A7-4eaf-8143-8C619470B13D} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [lphc942j0e1a3] C:\WINDOWS\system32\lphc942j0e1a3.exe
O4 - HKCU\..\Run: [Somefox] C:\DOCUME~1\MILE~1\LOCALS~1\Temp\setup1018.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
è_______________________
encore des problèmes???
